Linux Forums - Linux Help,Advice & support community:LinuxSolved.com
Network Troublshooting => General Networking Support in Linux => Topic started by: iron_girl on April 15, 2005, 05:19:59 AM
-
Hi guys, I have a weird issue and I'm sure its just me missing something here but I am not able to block dhcp with iptables for some reason. I backed up my rule base and installed a new one, I set the default policy on all chains in all tables to DROP, but for some reason my clients are still able to get and ip addr from the system. tcpdump is showing the dhcp requests and the replying offers. Anyone know why this may be??
Thanks,
Jen
-
Please show us ur iptables rule how u deny it :)
By the way, is ur DHCP server and the firewall is on the same machine?
Both of them also have two network cards?
For further or advance reference:
http://www.iptablesrocks.org
For easier life, read this:
http://www.shorewall.net
-
Here is my test rule base, its configured to drop everything but dhcp still passes.
*filter
:INPUT DROP [387:51066]
:FORWARD DROP [30:1456]
:OUTPUT DROP [473:34696]
COMMIT
# Completed on Thu Apr 14 08:38:49 2005
# Generated by iptables-save v1.2.8 on Thu Apr 14 08:38:49 2005
*nat
:PREROUTING DROP [533:61561]
:POSTROUTING DROP [0:0]
:OUTPUT DROP [473:34696]
COMMIT
Yes the DHCP service and firewall are on the same machine and has 3 NICs.
-
No good, i cant really put ur iptable dump to restore, something really went wrong.
Can u show me ur firewall rules: both the script as well as the output.
The output please use:
root#iptables -L -n
Thank you!
-
You dont actually need my rule base to test this. Just create a DROP policy for all chains, turn on the DHCP service and you will see that the BOOTPC/BOOTPS will pass iptables and the clients will still get an address.
-
Hi Dear
do the following on konsole
$ service dhcpd stop
$ chkconfig dhcpd off
$ chkconfig --del dhcpd
after this give
$ chkconfig --list dhcpd
it will show nothing or service not available
ok dear
enjoy linux