Richard wrote regarding 'RE: [SLE] DHCP through transparent bridge' on Fri, Aug 06 at 10:52: [...]
How can I ammend the following script to allow DHCP through so the client can get all its IP / default route etc from my DHCP on the internal segment ????
[... script trimmed...]
Why not just run another DHCP server that only listens on the "safe" interface, and do the NAT thing on the LAN interface? If all you need is to be able to download patches, just put the infected machine on a second isolated network and allow http/ftp through a NAT'ed gateway instead of messing with a bridge. :) That also gives you a second test network to play with later on, while you're testing other network devices, etc.
--Danny, doing just that here
I really wanted to use a bridge because I also plan to use this as a learning excercie into how to effectivly setup bridges etc.
Cool - learning == good.
I think I need to be looking into dhc-relay which relays DHCP requests - although I would much rather find out why they dont make it through my script.
Dhrelay would do it.
If anyone can see why my script is blocking DHCP I would really appreciate the pointers...
The rules look fine, IMHO, but you may be missing something else. For example, do you maybe need to have proxyARP enabled or something like that? --Danny