| Linode Forum https://forum.linode.com/ |
|
| DHCP and Firewall https://forum.linode.com/viewtopic.php?f=19&t=4526 |
Page 1 of 1 |
| Author: | ah [ Wed Aug 19, 2009 6:13 pm ] |
| Post subject: | DHCP and Firewall |
Hello, I used the iptables guide in the wiki to set up my firewall rules. It works well. However, /var/log/daemon.log is getting spammed with the following error as a result: Code: Aug 19 22:09:43 <host> dhclient: DHCPREQUEST on eth0 to <ip> port 67 Is this a problem? Is there anything I can do to stop this message? Do I need to punch holes for DHCP through the firewall? Thanks. |
|
| Author: | tronic [ Wed Aug 19, 2009 10:27 pm ] |
| Post subject: | |
Kinda hard to even begin to suggest where your issue might be without seeing the iptables script or commands you use to set up, including any iptables flush commands. But you're probably not having the right kind of iptables permit statements for DHCP and it's falling through to some sort of deny-by-default-and-log-it statement. Or you have a policy for one of the tables (e.g. INPUT, OUTPUT) set to DROP by default and don't have a corresponding permit statement. I don't use DHCP on my Linodes -- I just set the IP statically. That saves me the need to run an extra daemon and frees up a bit of memory and a few seconds of waiting for the DHCP negotiation process to finish. DHCP is merely a convenience, but you'd do just fine with static IPs set up in your configs. |
|
| Author: | ah [ Thu Aug 20, 2009 3:38 am ] |
| Post subject: | |
I'm sorry if I wasn't clear enough. I'm using the iptables script in the guide I linked to: http://www.linode.com/wiki/index.php/Ne ... Mini_Howto And what you said is exactly what's happening. The script blocks everything by default and then opens a few ports. DHCP is blocked. I think that switching to static IP is good idea. Problem will happen if I clone my linode or move it to a different dc. But these should be easy to fix as long as I remember to do so quickly. Still, if someone kindly answers my question, it will be great: - Is it necessary to punch holes for DHCP? If yes, how? |
|
| Author: | fukawi2 [ Thu Aug 20, 2009 10:53 pm ] |
| Post subject: | |
ah wrote: - Is it necessary to punch holes for DHCP? If yes, how?
Yes, DHCP is network traffic. It doesn't get special treatment just because it's DHCP. |
|
| Author: | ah [ Sat Aug 22, 2009 9:27 am ] |
| Post subject: | |
Thanks everyone for your help. I decided that DHCP wasn't worth it and switched to a static IP configuration. |
|
| Author: | tronic [ Sun Aug 23, 2009 2:28 pm ] |
| Post subject: | |
ah wrote: - Is it necessary to punch holes for DHCP? If yes, how?
iptables -I INPUT -i eth0 -p udp --dport 67:68 --sport 67:68 -j ACCEPT |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|