On 01/23/2014 11:13 AM, Ty Featherling wrote:
Can someone confirm that you CANNOT manage traffic FROM the DHCP Server on
a Mikrotik with IP Firewall?
To test this I added the rule:
add action=log chain=output disabled=no protocol=udp src-port=67
DHCP Conversation looks like this:
DHCPDISCOVER
client: UDP src-addr 0.0.0.0 sport=68
dst-addr 255.255.255.255 dport=67
DHCPOFFER
DHCP server:
UDP src-addr server.ip.addr sport=67
dst-addr 255.255.255.255 dport=68
DHCPREQUEST -
From client, just like discover
DHCPACK -
From server, just like offer
SO, your rule should show the DHCPOFFER and the DHCPACK traffic. My
first guess about why it isn't showing up would be if the interface in
question is on a bridge and the "use-ip-firewall" option isn't on for
the bridge. Barring that, I suspect you should be able to see the
traffic in the logs. I just did a test on a router here and it didn't
show up there, either. Very odd. Perhaps a bit more research on my
part is in order. Maybe, because the traffic is all broadcast type, the
IP firewall isn't seeing the traffic? I don't know. I'll play with
this a bit more and see what I can discover.
For others that answered, the rule that Ty posted IS the right format
and in the right chain.
--
Butch Evans
702-537-0979
Network Support and Engineering
http://store.wispgear.net/
http://www.butchevans.com/
_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
