dhcp-server with Linux packet Filter(aka LPF)-Interface bypasses iptables firewall (and socket interface fails with dhclient)
David W. Hankins
David_Hankins at isc.org
Fri Apr 28 16:08:22 UTC 2006
On Wed, Apr 26, 2006 at 09:58:43AM -0700, Joerg Pommnitz wrote:
> Does anybody on the list have an idea how to solve this problem?
No, I haven't been able to make USE_SOCKETs work for dhclient on
Linux. The trouble is that while SO_BINDTODEVICE or other methods
will happily let us emit and receive DHCP packets to the all-ones
limited broadcast (255.255.255.255) on a configured interface (or
with some work, it seems we can transmit on an unconfigured
interface), an interface with no ipv4 address refuses to receive
(the packet goes into IP forwarding and gets dropped by the kernel
due to being a martian rather than being delivered locally, much
less to dhclient).
So it looks like making USE_SOCKETS work for dhclient on Linux will
take kernel hacking.
I'm not sure the 3.0.3 USE_SOCKETS will work for dhcpd either, at
least possibly not for all clients. If you have trouble configuring
a client, look there first.
--
David W. Hankins "If you don't do it right the first time,
Software Engineer you'll just have to do it again."
Internet Systems Consortium, Inc. -- Jack T. Hankins
More information about the dhcp-users
mailing list