November 23, 2024, 05:06:38 AM

News : LinuxSolved.com Linux Help Community Forum..


Author Topic: iptables and dhcp issue  (Read 7162 times)

Offline iron_girl

  • New Member
  • Posts: 3
iptables and dhcp issue
« on: April 15, 2005, 05:19:59 AM »
Hi guys, I have a weird issue and I'm sure its just me missing something here but I am not able to block dhcp with iptables for some reason. I backed up my rule base and installed a new one, I set the default policy on all chains in all tables to DROP, but for some reason my clients are still able to get and ip addr from the system. tcpdump is showing the dhcp requests and the replying offers. Anyone know why this may be??

Thanks,
Jen

Offline dragoncity99

  • LST CareTaker
  • Experienced
  • *****
  • Posts: 551
iptables and dhcp issue
« Reply #1 on: April 16, 2005, 05:28:03 AM »
Please show us ur iptables rule how u deny it :)

By the way, is ur DHCP server and the firewall is on the same machine?

Both of them also have two network cards?

For further or advance reference:
http://www.iptablesrocks.org

For easier life, read this:
http://www.shorewall.net

Offline iron_girl

  • New Member
  • Posts: 3
iptables and dhcp issue
« Reply #2 on: April 16, 2005, 10:50:24 AM »
Here is my test rule base, its configured to drop everything but dhcp still passes.

*filter
:INPUT DROP [387:51066]
:FORWARD DROP [30:1456]
:OUTPUT DROP [473:34696]
COMMIT
# Completed on Thu Apr 14 08:38:49 2005
# Generated by iptables-save v1.2.8 on Thu Apr 14 08:38:49 2005
*nat
:PREROUTING DROP [533:61561]
:POSTROUTING DROP [0:0]
:OUTPUT DROP [473:34696]
COMMIT

Yes the DHCP service and firewall are on the same machine and has 3 NICs.

Offline dragoncity99

  • LST CareTaker
  • Experienced
  • *****
  • Posts: 551
iptables and dhcp issue
« Reply #3 on: April 18, 2005, 09:09:18 AM »
No good, i cant really put ur iptable dump to restore, something really went wrong.

Can u show me ur firewall rules: both the script as well as the output.

The output please use:

root#iptables -L -n

Thank you!

Offline iron_girl

  • New Member
  • Posts: 3
iptables and dhcp issue
« Reply #4 on: April 18, 2005, 10:44:43 PM »
You dont actually need my rule base to test this. Just create a DROP policy for all chains, turn on the DHCP service and you will see that the BOOTPC/BOOTPS will pass iptables and the clients will still get an address.

Offline deven_01

  • Linux Learner
  • ***
  • Posts: 143
dhcp problem
« Reply #5 on: May 20, 2005, 12:42:39 PM »
Hi Dear
do the following on konsole
$ service dhcpd stop
$ chkconfig dhcpd off
$ chkconfig --del dhcpd
after this give
$ chkconfig --list dhcpd
it will show nothing or service not available
ok dear
enjoy linux