Multiple chrooted dhcp servers for vlans on Linux?
Simon Hobson
dhcp1 at thehobsons.co.uk
Sat Feb 27 20:11:51 UTC 2016
stevel_isc at jbco.com wrote:
> I had high hopes since firehol has a helper for dhcp and does appear to be
> setting an accept rule for "udp spt:bootpc dpt:bootps".
>
> I've never actually checked to see if dropping the rule would still let dhcp
> function though.
dhcpd uses two routes to/from the network.
For some packets it needs to bypass the network stack because it must handle packets to/from unconfigured clients which are done by local broadcast.
But it also deals with "ordinary" IP packets - renewals with already configured clients, relayed requests from other networks. These definitely go through the network stack outbound, and I think, in bound (but I'm not certain of that).
> At least I'm getting a good education on dhcp and iptables, thank you!
:-)
More information about the dhcp-users
mailing list