Re: Firewalls-Digest V8 #312

Mon, 1 Mar 1999 22:01:13 -0500 

>Date: Sun, 28 Feb 1999 19:40:57 -0600
>From: Matt Farwell <[EMAIL PROTECTED]>
>Subject: dhcp
>
>Does anyone know which ports and protocols are used in the DHCP process?
>If it matters we are running microsoft dhcp server.  Even a reference to
>a place that I could find this info would be great.


Matt,

There are RFCs describing the DHCP protocol.  There's at least rfc2131,
rfc2132 and rfc951.  There might be news ones - I don't know.

The DHCP protocol doesn't make for easy reading.

If ipfwadm firewall rules make any sense to you, here are the server rules
based on the RFCs.

Bob

-----------------------------------------------------------------------

    # DHCP server (67, 68)

    # allow dhcp clients (68) to connect to dhcp server (67)
    # Note: DHCP clients are the only externel source of broadcast
    #       messages we should see, ever.

    ipfwadm -I -a accept -P udp  -W $INTERNAL_INTERFACE \
            -S $DHCP_CLIENTS 68 \
            -D $DHCP_SERVER 67

    ipfwadm -O -a accept -P udp  -W $INTERNAL_INTERFACE \
            -S $DHCP_SERVER 67 \
            -D $DHCP_CLIENTS 68

    ipfwadm -I -a accept -P udp  -W $INTERNAL_INTERFACE \
            -S $BROADCAST_0 68 \
            -D $DHCP_SERVER 67

    ipfwadm -O -a accept -P udp  -W $INTERNAL_INTERFACE \
            -S $DHCP_SERVER 67 \
            -D $BROADCAST_1 68

    # Getting renumbered
    ipfwadm -O -a accept -P udp  -W $INTERNAL_INTERFACE \
            -S $BROADCAST_0 67 \
            -D $BROADCAST_1 68

    # REBINDING: Lease time expired. Fall back to INIT.
    ipfwadm -I -a accept -P udp  -W $INTERNAL_INTERFACE \
            -S $BROADCAST_0 68 \
            -D $BROADCAST_1 67

    # As a result of the above, they're supposed to change their IP address with
    # this message, which is addressed to their new address before the dhcp
    # client has received the update.

    ipfwadm -0 -a accept -P udp  -W $INTERNAL_INTERFACE \
            -S $DHCP_SERVER 67 \
            -D $DHCP_CLIENTS 68

-----------------------------------------------------------------------



........................................................................
Home Page ...................... <http://rlz.ne.mediaone.net> 
Linux Firewall & Security Site . <http://linux-firewall-tools.com>
Linux LAN & Firewall Paper ..... <http://linux-firewall-tools.com/linux/faq/>
Linux Firewall Design Tool ..... <http://linux-firewall-tools.com/linux/firewall/>


-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to