This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DHCP Problem

I run DHCP on my Internal network (worstations) the DMZ is fixed IP. When the DHCP server goes to renew the IP's it just refuses any DHCP IP from doing anything on that network. I thought it was the 3com card and switched the 3com to the XXX.XXX.1.1 and the Intel to the XXX.XXX.0.1 . In doing this I have proven it's not the hardware. As of right now all my internal IP's are now fixed. Has anyone else run into this?

This thread was automatically locked due to age.

Parents

0 Craig White over 22 years ago

David

Can you provide more detail about your setup, such as any rules on the internal lan interface, and the dhcp settings.

Craig
Cancel
Vote Up 0 Vote Down

Cancel
0 David_Truesdale over 22 years ago in reply to Craig White

Here are the packet rules:

...

No.

From (Client)
Service
To (Server)
Action

Command

1

Any
Any
Broadcast 32
Drop

edit
del
move

2

Any
Any
Broadcast 8 - 1
Drop

edit
del
move

3

Any
Any
Broadcast 8 - 2
Drop

edit
del
move

4

PB
Any
Any
Reject

edit
del
move

5

Internal_Network__
Any
Any
Allow

edit
del
move

6

DMZ_Network__
Any
Any
Allow

edit
del
move

7

Any
SMTP
mail.simpletechsol.com
Allow

edit
del
move

8

Any
POP3
mail.simpletechsol.com
Allow

edit
del
move

9

Any
HTTP
www.simpletechsol.com
Allow

edit
del
move

10

Any
FTP
www.simpletechsol.com
Allow

edit
del
move

11

Any
FTP2
server5.simpletechsol.com
Allow

edit
del
move

13

Any
PASV Ports 1
server5.simpletechsol.com
Allow

edit
del
move

14

Any
PASV Ports 2
www.simpletechsol.com
Allow

edit
del
move

15

Any
Webcam1
Webcam1
Allow

edit
del
move

16

Any
Webcam2
Webcam 2
Allow

edit
del
move

Dhcp was setup to use addresses from XXX.XXX.0.20 to XXX.XXX.0.50 and I have certain IP's applied by mac address. Other than that everything else is default for DHCP.
Cancel
Vote Up 0 Vote Down

Cancel
0 Craig White over 22 years ago in reply to David_Truesdale

David

I believe that the DHCP client sends a broadcast packet to find a dhcp server.  I think what is happening in your case is one of the first three rules is dropping the broadcast packet.  One way to find out is change the action on the first three rule to log-drop.  Then open the packet filter live log window and boot one of your dhcp work stations.  Look for packets being drop with a destination port of  67 or 68.  If there are drops then you can temporarily disable these rules then try the dhcp request again.  If this works you will have to modify your rules.

Also I don't want to tell you how to run your systems, but if I were you I would get rid of rule  #6.  If someone were to compromise a server in the dmz, they could then gain access to you internal lan.

Craig

Just did a follow up test using my sniffer.  When a dhcp client starts up is sends a packet from 0.0.0.0 port 68 to 255.255.255.255 port 67.  This means you first rule is the problem.

Craig
Cancel
Vote Up 0 Vote Down

Cancel
0 David_Truesdale over 22 years ago in reply to Craig White

Thanks Craig on both of those I wasn't paying attention. I also think it is more than DHCP it seems every 48hrs even with fixed IP's that they lose the internet for about 10 minutes. I have yet to figure this out. I haven't changed anything in Astaro other than the packet filters.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 David_Truesdale over 22 years ago in reply to Craig White

Thanks Craig on both of those I wasn't paying attention. I also think it is more than DHCP it seems every 48hrs even with fixed IP's that they lose the internet for about 10 minutes. I have yet to figure this out. I haven't changed anything in Astaro other than the packet filters.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data