Filtering DHCP Requests so that ICS DHCPD don't get them

Scenario:
Mobile System with two nic's,
firewall and NAT serving DHCP and some services to internal network
Getting external IP with dhcp client.

Issue:
dhcpd replies "DHCPNAK" to external interface

Config:
ICS dhcpd requires all available nic subnets to be configured, but when
a range does not have any options, the server sends a DHCPNAK, which is
bad when I hook this system up on network which already have dhcp
servers serving that range..
I have tried various things with IP tables blocking udp 67/68, but I
can not seem to find a way to allow my system to be a dhcp client on
the outside network while blocking traffic or not responding at all as
a dhcp server on that side...

Anyone solved this before?
My tests are a bit bozarre as it looks like when I drop all udp 67/68
packets are still reaching dhcpd..

(E-Mail Removed) wrote:
> Scenario:
> Mobile System with two nic's,
> firewall and NAT serving DHCP and some services to internal network
> Getting external IP with dhcp client.
>
> Issue:
> dhcpd replies "DHCPNAK" to external interface
>
> Config:
> ICS dhcpd requires all available nic subnets to be configured, but when
> a range does not have any options, the server sends a DHCPNAK, which is
> bad when I hook this system up on network which already have dhcp
> servers serving that range..
> I have tried various things with IP tables blocking udp 67/68, but I
> can not seem to find a way to allow my system to be a dhcp client on
> the outside network while blocking traffic or not responding at all as
> a dhcp server on that side...
>
> Anyone solved this before?
> My tests are a bit bozarre as it looks like when I drop all udp 67/68
> packets are still reaching dhcpd..
>

Tell the daemon at start which interfaces to handle, so
thet it does not attemp to handle the external network
interface.

For details, see the daemon documentation.

My dhcpd3 is started:

/usr/sbin/dhcpd3 -q eth1

--

Tauno Voipio
tauno voipio (at) iki fi

> > Scenario:
> > Mobile System with two nic's,
> > firewall and NAT serving DHCP and some services to internal network
> > Getting external IP with dhcp client.
> >
> > Issue:
> > dhcpd replies "DHCPNAK" to external interface
> >
> > Config:
> > ICS dhcpd requires all available nic subnets to be configured, but when
> > a range does not have any options, the server sends a DHCPNAK, which is
> > bad when I hook this system up on network which already have dhcp
> > servers serving that range..
> > I have tried various things with IP tables blocking udp 67/68, but I
> > can not seem to find a way to allow my system to be a dhcp client on
> > the outside network while blocking traffic or not responding at all as
> > a dhcp server on that side...
> >
> > Anyone solved this before?
> > My tests are a bit bozarre as it looks like when I drop all udp 67/68
> > packets are still reaching dhcpd..
>
> Tell the daemon at start which interfaces to handle, so
> thet it does not attemp to handle the external network
> interface.
>
> /usr/sbin/dhcpd3 -q eth1

Actually, that doesn't help, it looks like dhcpd looks at all local
configured if's anyway and requires an emptry config...

But I think I got it solved so it don't reply at all to those
inqueries, a bit of my own rtfm fault here; some of the global options
in the default (debian) config needed to be moved to inside the active
scope, after doing that dhcpd logs that it didnt have any address to
give out and simply ignbores it (instead of sending a NAK like
before)..