[Dnsmasq-discuss] Windows Server 2008 R2 issue
richardvoigt at gmail.com
richardvoigt at gmail.com
Mon Oct 15 22:18:10 BST 2012
> The problem isn't the destination address, but the source, since we're
>> trying to catch anyone spoofing the DHCP server, but I may be able to
>> write an iptables rule to catch this case and change the source IP to be
>> correct.
>>
>
> Understood, in my experience firewalls which don't unconditionally accept
> packets with destination 255.255.255.255 can often cause DHCP problems. The
> same is true for packets with source address 0.0.0.0
>
Filtering DHCPOFFER packets based on source address is a very good thing if
you don't have total control over every connected device (users are prone
to plug "residential broadband gateway" devices in backwards, with your
network hooked to a LAN port instead of WAN, and start serving up
addresses). But you do need rules for all addresses of the authorized DHCP
server, just in case. Filtering based on the source interface is another
viable option.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20121015/6e92e979/attachment.html>
More information about the Dnsmasq-discuss
mailing list