LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-02-2001, 09:46 AM   #1
clausawits
Member
 
Registered: Jun 2001
Posts: 147

Rep: Reputation: 16
dhcpd and iptables


after finding nothing on a search of these terms on this board, I thought I'd make a quick check to see if other people were having similar experiences.

To get up and running, I followed the rc.firewall of http://boingworld.com/workshops/linu...bles-tutorial/

Since then, masquerading seems to be working... dhcpd (running on the same machine) does not, though (will not assign an address while the firewall is up). If I flush my rules, it works fine. I'm running the ubiquitous Mandrake 8.
I figure I need to go through, check my entries and settings and get familiar with the specific rules chains, but I wanted to see if this was a phenomenon other people had already encountered and solved.

A quick google search shows other people are having this problem, but I haven't seen a reply with a specific solution.. (and some distributions claim to have iptables and dhcpd running on the same box, so it seems the problem is solvable.)

thanks for your time,
James
 
Old 07-03-2001, 01:15 PM   #2
clausawits
Member
 
Registered: Jun 2001
Posts: 147

Original Poster
Rep: Reputation: 16
wow! 1 day, ten views.. sucks to have a post with a title that is plain and descriptive.

I guess no one is doing DHCP with the 2.4 kernel masquerading?
 
Old 08-15-2001, 10:44 AM   #3
Phucen ey
LQ Newbie
 
Registered: Aug 2001
Posts: 5

Rep: Reputation: 0
You might want to try the following for allowing DHCPD traffic.

# Allow incoming DHCP requests via the internal interface
#
iptables -A INPUT -i $internal_interface -s 0.0.0.0 -d 255.255.255.255/255.255.255.255 -j ACCEPT

# Allow outgoing DHCP responses via the internal interface
#
iptables -A OUTPUT -o $internal_interface -s $internal_network -d 255.255.255.255/32 -j ACCEPT

These worked for me even though they're probably not the best

FnA
 
Old 10-18-2001, 02:31 PM   #4
[BHBS]=TK
Member
 
Registered: Aug 2001
Location: Salt Lake City, UT
Distribution: REDHAT 7.1
Posts: 32

Rep: Reputation: 15
Same Trbl

I have the same trouble.... I have made two scripts one that flushes temporarily to get a lease, then one to bring the firewall up.. Will see if previous post works...
 
Old 10-18-2001, 04:41 PM   #5
dizzydench
LQ Newbie
 
Registered: Oct 2001
Posts: 7

Rep: Reputation: 0
I have set-up (very recently... as in over the last week) a firewall with DHCP... What I did was created the dhcp.conf script per a how-to (pretty straight forward). Then the second eth1 gets its IP address from the DHCP server of our DSL provider. I disabled iptables all together and am just using ipchains... So far it works like a dream. Just make sure you put "echo 1 > /proc/sys/net/ipv4/ip_forward" in the rc.local script (something I learned from these boards...) I hope this helps your situation...

-Dizzy

::edit:::
Oh yeah... I set-up the IPchains to start-up with:
ipchains -P forward -j MASQ
with ip_forward on it works like a charm...
 
Old 10-21-2001, 08:28 AM   #6
Cpare
Member
 
Registered: Aug 2001
Location: Magic City, USA
Distribution: Ubuntu
Posts: 73

Rep: Reputation: 15
I also have a RH7.1 (2.4) Router running DHCPD (For my LAN) and IPTABLES, my rules are pretty plain, but these are the only signifficant parts that should get you running...


#Change Default INPUT Policy to DROP
iptables -P INPUT DROP

# Allow all protocols to hit this box on eth0 (LAN) this allows me
# to FTP/TELNET from the LAN, but not the WAN
iptables -A INPUT -i eth0 -j ACCEPT

#Allow this box to be seen to my providors DHCP Server on eth1(WAN)
iptables -A INPUT -p tcp --dport 68 -i eth1 -j ACCEPT
iptables -A INPUT -p udp --dport 68 -i eth1 -j ACCEPT
 
Old 10-22-2001, 12:04 AM   #7
DavidPhillips
LQ Guru
 
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,163

Rep: Reputation: 58
To get your address from a SLIP, PPP, or DHCP

echo "1" > /proc/sys/net/ipv4/ip_dynaddr


you should put it in the rc.firewall script

it works for me

Last edited by DavidPhillips; 10-22-2001 at 12:11 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
DHCPD blocked by IPTables Rules Riddick Linux - Networking 4 10-10-2005 11:35 AM
Start DHCPd and configure iptables on boot (Debian Sarge) Qis Linux - Networking 6 03-02-2005 06:34 AM
dhcpd , bind, iptables gateway help munkie_poo Linux - Networking 1 01-25-2005 05:21 AM
DHCPD startup failure, mdk 9.2, dhcpd v3.0.1rc11 fuzzyworm Linux - Networking 1 02-14-2004 04:58 AM
DHCPD and IPTABLES question arobinson74 Linux - Networking 3 04-04-2003 06:15 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:04 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration