[Firehol-support] DHCP firewall issue
Romeo Theriault
romeotheriault at gmail.com
Sat Jun 10 02:23:12 BST 2006
Hi, I'm having a bit of an issue with dhcp while using firehol. I have
eth0 which servers my private lan and I have eth1 with access to the
internet and I'm routing the internal lan to the network. This works
fine. I have DHCP bound to eth0 so it can server ip's the the clients
on the lan. From my understanding of the firewall config I have below
DHCP shouldn't be allowing my clients to get a ip address, but they
are getting an ip address. This worries me. I would of thought that I
would have to type something like
interface eth0 dhcp
policy return
server dhcp accept
before my
interface eth0 lan
etc.....
to get dhcp to work.
If someone could look at my config file below and tell me what I'm
doing wrong I would be very grateful.
Thanks.
Romeo
# Require release 5 of FireHOL configuration directives
version 5
# A space separated list of all the IPs on the internet, I trust
sshTrust="130.111.68.145 130.111.68.212"
# The IP address of this Linux and LAN for the rest of the world
public_ip="130.111.68.110"
# My LAN.
interface eth0 lan
protection strong
server ident reject with tcp-reset
client all accept
# Make sure the traffic coming in, comes from valid Internet IPs,
# and that is targeting my public IP
interface eth1 internet src not "$UNROUTABLE_IPS" dst "$public_ip"
# Protect me from various kinds of attacks.
protection strong
# Public servers.
server ssh accept src "$sshTrust"
# Make sure idents do not timeout.
server ident reject with tcp-reset
# This is also a workstation.
client all accept
# Route the LAN requests to the internet.
router lan2internet inface eth0 outface eth1
# Masquerading on outface.
masquerade
# Route all specified requests from inface to outface
# and their replies back.
route http accept
route https accept
route dns accept
More information about the Firehol-support
mailing list