DHCP relay with UDP source port of 67 causes ISC 3.0.2 to respond with UDP source port of 1

Frank Bulk frnkblk at iname.com
Fri Nov 3 16:46:02 UTC 2006 

Chuck:

I read the same thing, which is why I tested that theory.  

As I wrote below that "when I remove the POSTROUTING rule, it's interesting
to see that most everything comes out of the DHCP server with IP source
address of a.b.c.22, as it should, but there are some ACKs with a source
address of a.b.c.24 -- and guess what, they all have a src port of 1!"

Kind regards,

Frank

-----Original Message-----
From: dhcp-users-bounce at isc.org [mailto:dhcp-users-bounce at isc.org] On Behalf
Of Chuck Anderson
Sent: Friday, November 03, 2006 10:32 AM
To: dhcp-users at isc.org
Subject: Re: DHCP relay with UDP source port of 67 causes ISC 3.0.2 to
respond with UDP source port of 1

On Fri, Nov 03, 2006 at 09:54:23AM -0600, Frank Bulk wrote:
> 	-A POSTROUTING -s a.b.c.22 -p udp -m udp --sport 67 -j SNAT
> --to-source a.b.c.24
> - when I remove the POSTROUTING rule, it's interesting to see that most
> everything comes out of the DHCP server with IP source address of
a.b.c.22,
> as it should, but there are some ACKs with a source address of a.b.c.24 --
> and guess what, they all have a src port of 1!  I tried over a dozen
> different iptables rules, but no success in catching those aberrant UDP
src
> port 1 packets and changing them, via iptables, to UDP src port 67.

IPTables SNAT may be changing the source port number on you:

       --to-source  ipaddr[-ipaddr][:port-port]
              which  can  specify a single new source IP address, an
inclusive
              range of IP addresses, and optionally, a port  range  (which
is
              only  valid if the rule also specifies -p tcp or -p udp).  If
no
              port range is specified, then source ports  below  512  will
be
              mapped  to  other  ports  below  512: those between 512 and
1023
              inclusive will be mapped to ports below 1024,  and  other
ports
              will  be mapped to 1024 or above. Where possible, no port
alter-
              ation will occur.

> - this leads me to conjecture that dhcpd, for some of its packets, is not
> binding to the right interface, and spewing out an incorrect packet.
> 
> I agree, dhcpd shouldn't care what the source port from the DHCP relay,
but
> it's possible that there's something in the code that's leading dhcpd to
> occasionally use a different interface for its output.

The server binds to a raw socket to generate some packets, and a BSD 
socket to generate others.  This would explain the differences.  I'm 
not sure if IPTables rules apply to packets generated with a raw 
socket.

More information about the dhcp-users mailing list