[H-GEN] RE: DHCP server & IP Masquerading

Michael Anthon mca at tams.com.au
Tue Jul 13 21:53:20 EDT 1999 

(Note reply-to: being general at humbug.org.au vs Michael Anthon <mca at tams.com.au>)

Not really... it looks to me like it would not be blocking anything to do
with DHCP.  Both input and output chains have a default policy of DENY, but
the first rule in each chain then allows all traffic anyway, so DHCP traffic
should get in and out OK, so that is not the problem.

Are you sure that dhcpd is running and that the config file is correct?  I'm
pretty sure dhcpd will bomb with an error in syslog if there is a syntax
error in the config file, however it will start and run if there is an error
in the file that is not a syntax error (eg specifying an incorrect subnet).
Is there any messages in syslog from dhcpd at all?  You should see quite a
bit of info regarding DHCP REQUESTS in there....

Next step might be to look for log messages and review the config file..
perhaps send me the file and I can take a quick look at it.

Cheers
Michael A.



> -----Original Message-----
> From: John.B [mailto:john at uq.net.au]
> Sent: Monday, 12 July 1999 10:33
> To: general at humbug.org.au
> Subject: [H-GEN] RE: DHCP server & IP Masquerading
> 
> 
> (Note reply-to: being general at humbug.org.au vs "John.B" 
> <john at uq.net.au>)
> 
> 
> Michael,
> The output of ipchains. Does this help ?
> 
> root at pegasus:~# ipchains -L
> Chain input (policy DENY):
> target     prot opt     source                destination          
> ports
> ACCEPT     all  ------  anywhere              anywhere        
>       n/a
> ACCEPT     all  ------  localnet/24           anywhere        
>       n/a
> ACCEPT     all  ------  anywhere              
> zzjboggo.dialin.uq.net.au
> n/a
> DENY       all  ----l-  localnet/24           anywhere        
>       n/a
> 
> Chain forward (policy DENY):
> MASQ       all  ------  localnet/24           anywhere        
>       n/a
> 
> Chain output (policy DENY):
> ACCEPT     all  ------  anywhere              anywhere        
>       n/a
> ACCEPT     all  ------  anywhere              localnet/24     
>       n/a
> ACCEPT     all  ------  zzjboggo.dialin.uq.net.au  anywhere
> n/a
> DENY       all  ----l-  anywhere              localnet/24     
>       n/a
> 
> Michael Anthon wrote:
> > 
> > (Note reply-to: being general at humbug.org.au vs Michael Anthon
> <mca at tams.com.au>)
> > 
> > I run that setup here.... 2.2.5 kernel, dhcpd V2.0b1pl18.  
> I also had
> the
> > same dhcpd running previously on 2.0.35.
> > 
> > I do not think there is anything strange required to get it to work.
> > However if you are setting the default input and output policies for
> the
> > masquerading to deny, this might cause a problem.  Can we see the
> output of
> > ipchains -L ?
> > 
> > Cheers
> > Michael A.
> 
> 
> John Boggon
> 
> 
> 
> 
> 
> 
> 
> 
> --
> This is list (humbug) general handled by 
> majordomo at lists.humbug.org.au .
> Postings only from subscribed addresses of lists general or 
> general-post.
> 

--
This is list (humbug) general handled by majordomo at lists.humbug.org.au .
Postings only from subscribed addresses of lists general or general-post.

More information about the General mailing list