[ale] A DHCP server on a firewall

Lathe magius at wittsend.com
Tue Mar 27 13:04:07 EST 2001


I run a setup like that at my place.  Along with an IPSEC implementation.
Dual honed, with eth1 connected via cable modem.  IPchains does all
forwarding and MASQing of connections that dont go across the IPSEC tunnel.
DHCPD is configured for eth0 to hand out leases on that interface only,
while dhcpcd is on eth1.  Frankly, it's about the only thing running stable
anywhere on my network ;)  As far as security goes, it's safe as long as you
bear in mind the input rules on the external interface.

Scott Warfield



----- Original Message -----
From: "David Hamm" <dhamm at itrepro.com>
To: ale at ale.org
To: "Kenn" <kenn at pcintelligent.com>; <ale at ale.org>
Sent: Tuesday, March 27, 2001 12:53 PM
Subject: Re: [ale] A DHCP server on a firewall


> I'm not a security expert but it seems the risk could be low.  I syspect
you
> only want to serve dhcp to the internal net.  If so then you could tell
dhpcd to
> only listen for requests on eth?.  You could do this on the command line
or in
> the dhcpd.conf file.
>
>  On Tue, 27 Mar
> 2001, Kenn wrote: > >%_Hi there,
> >
> >     Some of you may have read my post about iptables. Well I have moved
past those hurdles. Actually iptables is really nice. I am pleased. My
question however is this.
> >
> >     I have set up a firewall and tested it. I works well now I am toying
with the idea of setting up DHCP. Is this safe I have never used it beofre
and it seems like a good idea at first. Users just plug in and there you go!
All set. But what are the security risks?
> >
> > Thank you
> > Ken
> >
>
> ----------------------------------------
> Content-Type: text/html; name="unnamed"
> Content-Transfer-Encoding: quoted-printable
> Content-Description:
> ----------------------------------------
>
> --
> ---------------------------------
> David Hamm
> Systems Analyst
> Imaging Technologies Services Inc.
> email: dhamm at itrepro.com
> voice: 404-870-6663
> ---------------------------------
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message
body.
>

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list