Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 12-18-2003, 04:41 AM   #1
Registered: Nov 2003
Location: Ronneby, Sweden
Posts: 555

Rep: Reputation: 30
iptables with DHCP and hostname


First I would like to describe my home network: I have one dedicated machine that works as a NAT firewall / DNS / DHCP server. That machine is the only one with direct contact to the Internet and it's "always" on (a reboot every second month, or so). That machine is also the only one with a fix IP (XXX.XXX.XXX.254). Every other machine (a couple of different Linux boxes and one Win2k machine) connects with DHCP. One Linux box is a Samba server.

Now for the problem. I want the Samba server to allow connections from other machines based on their hostnames in the DNS. I've written a very restrictive set of iptables rules that is started before I bring up eth0. Those rules only allow contact with the DHCP server. Then I've written some rules that allow SMB connect with specific machines. Like these:
-I RH-Lokkit-0-50-INPUT -s crap.homenet -p udp --dport 137:138 -j ACCEPT
-I RH-Lokkit-0-50-INPUT -s crap.homenet -p tcp --dport 139 -j ACCEPT
These rules are added after eth0 is activated and then iptables seems to resolve the name for an ip. The problem is that if "crap" (in this case) isn't on when I start the Samba server, then it's never allowed to connect, since the lookup fails.

How is this solved? Is it possible to write iptables rules that resolves the hostname "on demand"?

Thanks in advance!
Old 12-25-2003, 04:03 PM   #2
Senior Member
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 48
A suggestion...
Don't worry about the dynamic part...
In your dhcpd.conf, link the MAC address of each pc to just one ip number, then use that ip number and/or the MAC address in your rules..

Old 12-29-2003, 10:55 AM   #3
Senior Member
Registered: Dec 2000
Location: Gothenburg, SWEDEN
Distribution: OpenSUSE 10.3
Posts: 1,028

Rep: Reputation: 45
Why bother to use hostnames when you could use IP addresses?
Since your using DHCP for your LAN hosts then you could as well use one single rule for the entire LAN network. Why?
Any computer connected to your LAN gets an address, all in the same range som why not use that range in the first place.
If you would like make it just a bit more secure then specify tha only connection incoming on your LAN interface are allowed.

iptables -A INPUT -d lanip --dport 137:139 -i laninterface ....

(you may have to change order of --dport and -i)


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Get hostname from DHCP microft Linux - Networking 2 07-18-2004 04:31 PM
DHCP Hostname Celestial Linux - Newbie 1 06-30-2004 07:50 PM
dhcp hostname .... phoeniXflame Linux - Networking 6 12-07-2003 12:12 PM
PB with DHCP and HostName jp515 *BSD 1 11-21-2003 05:57 AM
hostname changes with DHCP nathangg Linux - Networking 1 02-24-2003 08:38 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:29 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration