Re: DHCP, cable modem, rfc1918
For your dhpc, just setup "dhcp" option in the interfaces files.
For private address, you'll probably have to dig the shorewall
doc a little, but i bet you this have already been addresses somehow.
JeF
On Sat, Sep 14, 2002 at 01:38:25AM +0200, Robert Ian Smit wrote:
> I setup a machine for my parents that is basically the gateway
> system to the internet. It is connected on eth0 to a cable modem
> using DHCP. The system has Shorewall installed.
>
> Everything works, but I noticed an enormous amount of logging by
> Shorewall concerning rfc1918 drops. Since I am not very familiar
> with DHCP I have to make some assumptions.
>
> Their isp uses 172.31.254.133 as DHCP server.
>
> The cable modem has an address in the range of 10.144.xxx.xxx.
>
> Again the setup has just worked, but I want to reduce the logging of
> Shorewall to these "known" destinations.
>
> Since I can imagine why a DHCP-client would like to talk to the
> server I have allowed the server ips packets to pass.
>
> But why is the modem talking to the dhcp-client (or I assume it is
> trying to do that). Since the isp tells me that the modem ip is
> dynamic, I will have to assume that just allowing one ip in the
> 10.144.xxx.xxx range is not enough.
>
> Is it safe or recommended to open up a wide range of rfc1918 ips? I
> could ofcourse also have the packets dropped silently, but now I
> know about this, I am not sure that blocking traffic with regards to
> DHCP is smart.
>
> Bob
>
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--
-> Jean-Francois Dive
--> jef@linuxbe.org
There is no such thing as randomness. Only order of infinite
complexity. - _The Holographic Universe_, Michael Talbot
Reply to: