On Monday 21 March 2005 05:39, Chris Denneen wrote:
Chris Denneen wrote:
I have setup DHCP Server through YAST properly. I have configured Firewall which DHCP Server enabled.
What firewall?
When I try to renew a DHCP address with the firewall up it will not let me. I shut down the firewall and try to renew again and it successfully works. So I decided to nmap the ports of the server when the firewall is on and when the firewall is off (figuring whatever extra port is showing when the firewall is off would be the solution).
TCP 631 is the only additional port available when the firewall is off.
Open 67 and 68 UDP.
Joe Morris
This didn't work.
I still can't retreive DHCP request from a client when the firewall is running.
While firewall running doing "nmap -sU" I see 68/udp only responding but in a "closed" state.
67 doesn't show at all.
Either way this isn't working as expected. I would hope that selecting DHCP Server check box the proper ports would be opened instead of this trial and error :(.. maybe I found a bug in the distrobutions' configuration?? Not sure..
Any more ideas or help to get this working is much appreciated.
Check the firewall logs to see what ports are blocked. Enable firewall logging if necessary. Also, you may want to use dhcpdump in the dhcp-tools package to examine what packages are sent/received by the dhcp server (use it on the dhcp server), and what packages are received/sent by the client (use it on the client). The following scriptlet called dhcp-dump helped me enormously: ----<cut>---- #! /bin/bash DEV=${1:-eth0} /usr/sbin/tcpdump -i $DEV -lenx -s 1500 port bootps or port bootpc | dhcpdump ----<cut>---- Use it like e.g. 'dhcp-dump eth0' or e.g. 'dhcp-dump eth1'. Cheers, Leen