[ale] iptables rules to allow DHCP for windows clients

James P. Kinney III jkinney at localnetsolutions.com
Thu Jun 20 21:42:42 EDT 2002 

It would be better to explicitly allow traffic in on the LAN device with
dport to bootp. 
$IPTABLES -A INPUT -i $LAN_IFACE -p ALL -dport 67 -j ACCEPT

That should allow incoming traffic to port 67, the dhcp server port.

On Thu, 2002-06-20 at 18:49, Mike Millson wrote:
> James,
> 
> I found out what the problem was. I had this iptables rule:
> $IPTABLES -A INPUT -p ALL -i $LAN_IFACE -s $LAN_IP_RANGE -j ACCEPT
> 
> $LAN_IP_RANGE is defined as 192.168.1.1/24.
> 
> I think the problem was that when the windows client was requesting its IP
> address, it had no IP address, so it automatically failed the LAN_IP_RANGE.
> 
> I change the rule to this:
> $IPTABLES -A INPUT -p ALL -i $LAN_IFACE -j ACCEPT
> 
> So basically I'm accepting all traffic that comes through the LAN interface.
> Is this a security risk? Is there a better way to do this (a better rule
> besides letting all LAN traffic in)?
> 
> Thank you,
> Mike
> -----Original Message-----
> From: James P. Kinney III [mailto:jkinney at localnetsolutions.com]
> Sent: Thursday, June 20, 2002 5:57 PM
> To: mgm at atsga.com
> Cc: ALE
> Subject: Re: [ale] iptables rules to allow DHCP for windows clients
> 
> 
> How about 546 and 547 dhcpv6 client and server?
> 
> 
> On Thu, 2002-06-20 at 16:57, Mike Millson wrote:
> > What ports do I need to open on my iptables firewall to allow Windoze
> > clients like W98 to obtain an IP address? Just opening up 67 and 68 didn't
> > do it. It works when I have no rules, so I know the config is correct,
> it's
> > just the iptables rules I need to nail down. Anyone out there have an
> > iptables rule(s) that works to allow this?
> >
> > Thank you,
> > Mike
> >
> >
> > ---
> > This message has been sent through the ALE general discussion list.
> > See http://www.ale.org/mailing-lists.shtml for more info. Problems should
> be
> > sent to listmaster at ale dot org.
> --
> James P. Kinney III   \Changing the mobile computing world/
> President and CEO      \          one Linux user         /
> Local Net Solutions,LLC \           at a time.          /
> 770-493-8244             \.___________________________./
> 
> GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
> <jkinney at localnetsolutions.com>
> Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
> 
> 
> 
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> sent to listmaster at ale dot org.
> 
> 
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> sent to listmaster at ale dot org.
-- 
James P. Kinney III   \Changing the mobile computing world/
President and CEO      \          one Linux user         /
Local Net Solutions,LLC \           at a time.          /
770-493-8244             \.___________________________./

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7 




---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list