Filtering DHCP Requests so that ICS DHCPD don't get them

Discussion in 'Linux Networking' started by stokkeland, Jun 30, 2006.

  1. stokkeland

    stokkeland Guest

    Scenario:
    Mobile System with two nic's,
    firewall and NAT serving DHCP and some services to internal network
    Getting external IP with dhcp client.

    Issue:
    dhcpd replies "DHCPNAK" to external interface

    Config:
    ICS dhcpd requires all available nic subnets to be configured, but when
    a range does not have any options, the server sends a DHCPNAK, which is
    bad when I hook this system up on network which already have dhcp
    servers serving that range..
    I have tried various things with IP tables blocking udp 67/68, but I
    can not seem to find a way to allow my system to be a dhcp client on
    the outside network while blocking traffic or not responding at all as
    a dhcp server on that side...

    Anyone solved this before?
    My tests are a bit bozarre as it looks like when I drop all udp 67/68
    packets are still reaching dhcpd..
     
    stokkeland, Jun 30, 2006
    #1
    1. Advertisements

  2. stokkeland

    Tauno Voipio Guest

    Tell the daemon at start which interfaces to handle, so
    thet it does not attemp to handle the external network
    interface.

    For details, see the daemon documentation.

    My dhcpd3 is started:

    /usr/sbin/dhcpd3 -q eth1
     
    Tauno Voipio, Jun 30, 2006
    #2
    1. Advertisements

  3. stokkeland

    Stoker Guest

    Scenario:
    Actually, that doesn't help, it looks like dhcpd looks at all local
    configured if's anyway and requires an emptry config...

    But I think I got it solved so it don't reply at all to those
    inqueries, a bit of my own rtfm fault here; some of the global options
    in the default (debian) config needed to be moved to inside the active
    scope, after doing that dhcpd logs that it didnt have any address to
    give out and simply ignbores it (instead of sending a NAK like
    before)..
     
    Stoker, Jun 30, 2006
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.