[ale] A DHCP server on a firewall
Ken Nagorski
kenn at pcintelligent.com
Tue Mar 27 23:53:22 EST 2001
HI there,
Yeah, I also added a rule that drops any packets that are coming
in on eth0 (external) that are claiming to be 192.168.x so even if there
is a way to get a lease from outside you can't come in that way anyway.
Thanks for the input.
Ken
On Tue, 27 Mar 2001, Lathe wrote:
> I run a setup like that at my place. Along with an IPSEC implementation.
> Dual honed, with eth1 connected via cable modem. IPchains does all
> forwarding and MASQing of connections that dont go across the IPSEC tunnel.
> DHCPD is configured for eth0 to hand out leases on that interface only,
> while dhcpcd is on eth1. Frankly, it's about the only thing running stable
> anywhere on my network ;) As far as security goes, it's safe as long as you
> bear in mind the input rules on the external interface.
>
> Scott Warfield
>
>
>
> ----- Original Message -----
> From: "David Hamm" <dhamm at itrepro.com>
> To: "Kenn" <kenn at pcintelligent.com>; <ale at ale.org>
> Sent: Tuesday, March 27, 2001 12:53 PM
> Subject: Re: [ale] A DHCP server on a firewall
>
>
> > I'm not a security expert but it seems the risk could be low. I syspect
> you
> > only want to serve dhcp to the internal net. If so then you could tell
> dhpcd to
> > only listen for requests on eth?. You could do this on the command line
> or in
> > the dhcpd.conf file.
> >
> > On Tue, 27 Mar
> > 2001, Kenn wrote: > >%_Hi there,
> > >
> > > Some of you may have read my post about iptables. Well I have moved
> past those hurdles. Actually iptables is really nice. I am pleased. My
> question however is this.
> > >
> > > I have set up a firewall and tested it. I works well now I am toying
> with the idea of setting up DHCP. Is this safe I have never used it beofre
> and it seems like a good idea at first. Users just plug in and there you go!
> All set. But what are the security risks?
> > >
> > > Thank you
> > > Ken
> > >
> >
> > ----------------------------------------
> > Content-Type: text/html; name="unnamed"
> > Content-Transfer-Encoding: quoted-printable
> > Content-Description:
> > ----------------------------------------
> >
> > --
> > ---------------------------------
> > David Hamm
> > Systems Analyst
> > Imaging Technologies Services Inc.
> > email: dhamm at itrepro.com
> > voice: 404-870-6663
> > ---------------------------------
> > --
> > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message
> body.
> >
>
--
I couldn't quite remember what I was going to say
so I causally tip another sip of whatever it was I was drinking,
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list