Le mer 23/04/2003 à 12:08, Carsten Maass a écrit : > Local LAN (192.168.20.*) > | > | > Switch > | > | > Router/Firewall ---- DMZ (192.168.21.*) > | > | > | > Internet > > Everything runs smoothly, except for one thing: I am unable to > redirect DHCP request from the clients on the local LAN to the DHCP > server inside the DMZ. You'll achieve this setting a DHCP Relay up. Due to what they are, DHCP packets cannot be routed through different IP networks (mainly because of destination addresses that are used). But this kind of setup is no secure. If someones breaks into your DMZ, he will be able to have your LAN's configuration, and even tamper it, acting on DHCP stuff. That's _very bad_. DMZ compromission must not endanger rest of network security. -- Cédric Blancher <blancher@xxxxxxxxxxxxxxxxxx> IT systems and networks security - Cartel Sécurité Phone : +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99 PGP KeyID:157E98EE FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE
