Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » Linux Networking
  Print view Previous topic | Next topic 
Author Message
ah
 Post subject: DHCP and Firewall
PostPosted: Wed Aug 19, 2009 6:13 pm 
Offline
Senior Newbie

Joined: Fri Aug 14, 2009 2:44 pm
Posts: 9
Hello,

I used the iptables guide in the wiki to set up my firewall rules. It works well. However, /var/log/daemon.log is getting spammed with the following error as a result:
Code:
Aug 19 22:09:43 <host> dhclient: DHCPREQUEST on eth0 to <ip> port 67
Aug 19 22:09:43 <host> dhclient: send_packet: Operation not permitted


Is this a problem? Is there anything I can do to stop this message? Do I need to punch holes for DHCP through the firewall?

Thanks.
Top
   
Reply with quote  
tronic
 Post subject:
PostPosted: Wed Aug 19, 2009 10:27 pm 
Offline
Senior Member

Joined: Sat Dec 04, 2004 5:36 pm
Posts: 145
Kinda hard to even begin to suggest where your issue might be without seeing the iptables script or commands you use to set up, including any iptables flush commands.

But you're probably not having the right kind of iptables permit statements for DHCP and it's falling through to some sort of deny-by-default-and-log-it statement. Or you have a policy for one of the tables (e.g. INPUT, OUTPUT) set to DROP by default and don't have a corresponding permit statement.

I don't use DHCP on my Linodes -- I just set the IP statically. That saves me the need to run an extra daemon and frees up a bit of memory and a few seconds of waiting for the DHCP negotiation process to finish. DHCP is merely a convenience, but you'd do just fine with static IPs set up in your configs.
Top
   
Reply with quote  
ah
 Post subject:
PostPosted: Thu Aug 20, 2009 3:38 am 
Offline
Senior Newbie

Joined: Fri Aug 14, 2009 2:44 pm
Posts: 9
I'm sorry if I wasn't clear enough. I'm using the iptables script in the guide I linked to:
http://www.linode.com/wiki/index.php/Ne ... Mini_Howto

And what you said is exactly what's happening. The script blocks everything by default and then opens a few ports. DHCP is blocked.

I think that switching to static IP is good idea. Problem will happen if I clone my linode or move it to a different dc. But these should be easy to fix as long as I remember to do so quickly.

Still, if someone kindly answers my question, it will be great:
- Is it necessary to punch holes for DHCP? If yes, how?
Top
   
Reply with quote  
fukawi2
 Post subject:
PostPosted: Thu Aug 20, 2009 10:53 pm 
Offline
Senior Member

Joined: Mon Feb 02, 2009 1:43 am
Posts: 67
Website: http://fukawi2.nl
Location: Melbourne, Australia
ah wrote:
- Is it necessary to punch holes for DHCP? If yes, how?

Yes, DHCP is network traffic. It doesn't get special treatment just because it's DHCP.
Top
   
Reply with quote  
ah
 Post subject:
PostPosted: Sat Aug 22, 2009 9:27 am 
Offline
Senior Newbie

Joined: Fri Aug 14, 2009 2:44 pm
Posts: 9
Thanks everyone for your help. I decided that DHCP wasn't worth it and switched to a static IP configuration.
Top
   
Reply with quote  
tronic
 Post subject:
PostPosted: Sun Aug 23, 2009 2:28 pm 
Offline
Senior Member

Joined: Sat Dec 04, 2004 5:36 pm
Posts: 145
ah wrote:
- Is it necessary to punch holes for DHCP? If yes, how?


iptables -I INPUT -i eth0 -p udp --dport 67:68 --sport 67:68 -j ACCEPT
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » Linux Networking


Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group