[ale] iptables rules to allow DHCP for windows clients

Mike Millson mgm at atsga.com
Thu Jun 20 18:49:06 EDT 2002


James,

I found out what the problem was. I had this iptables rule:
$IPTABLES -A INPUT -p ALL -i $LAN_IFACE -s $LAN_IP_RANGE -j ACCEPT

$LAN_IP_RANGE is defined as 192.168.1.1/24.

I think the problem was that when the windows client was requesting its IP
address, it had no IP address, so it automatically failed the LAN_IP_RANGE.

I change the rule to this:
$IPTABLES -A INPUT -p ALL -i $LAN_IFACE -j ACCEPT

So basically I'm accepting all traffic that comes through the LAN interface.
Is this a security risk? Is there a better way to do this (a better rule
besides letting all LAN traffic in)?

Thank you,
Mike
-----Original Message-----
From: James P. Kinney III [mailto:jkinney at localnetsolutions.com]
To: ale at ale.org
Sent: Thursday, June 20, 2002 5:57 PM
To: mgm at atsga.com
Cc: ALE
Subject: Re: [ale] iptables rules to allow DHCP for windows clients


How about 546 and 547 dhcpv6 client and server?


On Thu, 2002-06-20 at 16:57, Mike Millson wrote:
> What ports do I need to open on my iptables firewall to allow Windoze
> clients like W98 to obtain an IP address? Just opening up 67 and 68 didn't
> do it. It works when I have no rules, so I know the config is correct,
it's
> just the iptables rules I need to nail down. Anyone out there have an
> iptables rule(s) that works to allow this?
>
> Thank you,
> Mike
>
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should
be
> sent to listmaster at ale dot org.
--
James P. Kinney III   \Changing the mobile computing world/
President and CEO      \          one Linux user         /
Local Net Solutions,LLC \           at a time.          /
770-493-8244             \.___________________________./

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7




---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.



---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list