Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
First question is what is the IP address of your DHCP server? Is it 192.168.69.1? And is this also the system where you are trying to LOG the DCHP requests?
IF the DHCP server and IPTABLES are the same system then try the following:
After some more search I think I found out the reason.
In my raw table I am filtering for
Code:
iptables -t nat -A PREROUTING -m rpfilter --invert -j DROP
This drops the incoming dhcp messages from 0.0.0.0:68 to 255:255:255:255.67
No incoming message, no reply!
Despite that the dhcp exchange still succeeds, because I am using ISC's dhcp server, which apparently has the ability to intercept messages at a lower network level, therefore in effect bypassing the firewall.
Last edited by fabioca; 01-07-2017 at 11:27 AM.
Reason: typos
I highly doubt that DHCP can bypass the firewall. This is more of a case that something else is handing out the DCHP address and not your system. You should be able to look at the logs on that system requesting the IP Address and it should show you what device gave it to him.
So you are seeing the complete transaction in tcpdump? Discovery Offer Request Acknowledge? Even your link states that the whole process is not possible.
I believe that since your system had an ip addrerss before it is just using it again.
Have you tried to release the address and obtain a new one?
No, tcpdump only shows 2 of the DORA messages, however this seems sufficient for dhcpd to do its job: it has been working fine for at least 1 year now, including for new wireless devices of guests visiting my house for the first time.
Anyway, I have now modified the reverse filtering logic (disabled it in the kernel and selectively activated it in iptables), so that I can see the full set of DORA messages passing thorugh ipfilter.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.