[ale] A DHCP server on a firewall

Ken Nagorski kenn at pcintelligent.com
Tue Mar 27 23:53:22 EST 2001 

HI there,

	Yeah, I also added a rule that drops any packets that are coming
in on eth0 (external) that are claiming to be 192.168.x so even if there
is a way to get a lease from outside you can't come in that way anyway.

	Thanks for the input.

Ken



On Tue, 27 Mar 2001, Lathe wrote:

> I run a setup like that at my place.  Along with an IPSEC implementation.
> Dual honed, with eth1 connected via cable modem.  IPchains does all
> forwarding and MASQing of connections that dont go across the IPSEC tunnel.
> DHCPD is configured for eth0 to hand out leases on that interface only,
> while dhcpcd is on eth1.  Frankly, it's about the only thing running stable
> anywhere on my network ;)  As far as security goes, it's safe as long as you
> bear in mind the input rules on the external interface.
> 
> Scott Warfield
> 
> 
> 
> ----- Original Message -----
> From: "David Hamm" <dhamm at itrepro.com>
> To: "Kenn" <kenn at pcintelligent.com>; <ale at ale.org>
> Sent: Tuesday, March 27, 2001 12:53 PM
> Subject: Re: [ale] A DHCP server on a firewall
> 
> 
> > I'm not a security expert but it seems the risk could be low.  I syspect
> you
> > only want to serve dhcp to the internal net.  If so then you could tell
> dhpcd to
> > only listen for requests on eth?.  You could do this on the command line
> or in
> > the dhcpd.conf file.
> >
> >  On Tue, 27 Mar
> > 2001, Kenn wrote: > >%_Hi there,
> > >
> > >     Some of you may have read my post about iptables. Well I have moved
> past those hurdles. Actually iptables is really nice. I am pleased. My
> question however is this.
> > >
> > >     I have set up a firewall and tested it. I works well now I am toying
> with the idea of setting up DHCP. Is this safe I have never used it beofre
> and it seems like a good idea at first. Users just plug in and there you go!
> All set. But what are the security risks?
> > >
> > > Thank you
> > > Ken
> > >
> >
> > ----------------------------------------
> > Content-Type: text/html; name="unnamed"
> > Content-Transfer-Encoding: quoted-printable
> > Content-Description:
> > ----------------------------------------
> >
> > --
> > ---------------------------------
> > David Hamm
> > Systems Analyst
> > Imaging Technologies Services Inc.
> > email: dhamm at itrepro.com
> > voice: 404-870-6663
> > ---------------------------------
> > --
> > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message
> body.
> >
> 

-- 
 I couldn't quite remember what I was going to say 
           so I causally tip another sip of whatever it was I was drinking,

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list