Re: dhclient blues
From: Zenon Panoussis (spamtrap_at_provocation.net)
Date: 07/10/04
- Next message: Michael Heiming: "Re: xinted service starting automatically if not running"
- Previous message: Dave Uhring: "Re: NFS problems with Linux mounting a file"
- In reply to: Gerard Wassink: "Re: dhclient blues"
- Next in thread: Gerard Wassink: "Re: dhclient blues"
- Reply: Gerard Wassink: "Re: dhclient blues"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 10 Jul 2004 16:59:00 +0200
Gerard Wassink wrote:
> Pfff, looks like I pissed you off. Didn't intend to...
You did, but never mind. This dhcp stuff had me in a bad
mood. Sorry for lashing out.
> OK, don't use iptables then. But could not ZoneAlarm or the likes of it do
> the trick for you?
I refuse to give up that easily.
> Oh well, I was just curious about your reasons for doing things the way you
> suggested...
There's an application running on one of the LAN machines,
which reports its IP to the outside world on the application
level. Since the packet payload can't be mangled by iptables,
if I put that machine on NAT'ed private IP, that application
would end up reporting itself with one IP on the network level
and a different IP on the application level, thus confusing
its clients on the internet to the point that they would no
longer work.
> My reason to ask is that it seems to me so obvious to have only *one*
> firewall per subnet, and according to your story, all of your machines
> *are* on the same subnet.
Yes, correct, but it is not *my* subnet; it's the ISP's subnet
and, as such, part of the big evil internet.
> As for the rest: I'd look into starting a seperate dhcp client or process
> for eth1, *after* eth0 has gotten it's ip-address...
Tried that, it didn't work. I also tried routing the broadcast
address via eth0 with ip and re-routing it with iptables, to
no avail. No matter what I do, dhclient will send out the
requests on the interface that is to be configured, in this
case eth1. I think I've hit a dead end there.
I'm trying an alternative solution now by turning the firewall
into a bridge. That means that the interfaces on the firewall
don't get an IP at all (man brctl), so the entire dhcp problem
goes away. It remains to be seen though how well packet filtering
works on a bridge; it seems to have a lot of limitations.
Z
- Next message: Michael Heiming: "Re: xinted service starting automatically if not running"
- Previous message: Dave Uhring: "Re: NFS problems with Linux mounting a file"
- In reply to: Gerard Wassink: "Re: dhclient blues"
- Next in thread: Gerard Wassink: "Re: dhclient blues"
- Reply: Gerard Wassink: "Re: dhclient blues"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
