Op donderdag 5 juni 2003 13:53, schreef Matthew Pocock:
> Hi,
>
> I've set up my bridge+firewall, and everything is hunkeydory. I am doing
> statefull filtering. I let all traffic out, and all related/established
> traffic in. Then, I only allow new icmp & tcp:ssh connections in.
>
> To get windows 95 & 98 PCs on the inside to boot & join the network, I
> had to open up udp ports bootps & bootpc for new connections
> orriginating from the outside. I don't know the finer details about how
> these protocols work, but presumably they are connecting to the booting
> PC in response to some DHCP request it has made. Is there some module I
> should have loaded that would flag these connections as RELATED to some
> outgoing connection? Have I done something silly? Is this even possible?
>
> Thanks,
>
> Matthew
I'ts possible ,but a connection orriginating from the outside to boot internal
your PC , no way. ?? Request for a DHCP should be orriginating from the
inside. (your win95 +98). and reply should come from the outside.
No, you don't have to load a module.
but your very warm, there should be a rule to track these connections.
example:
DHCP_SERVER"211.124.45.2"
${IPTABLES} -A OUTPUT -p udp -s 0/0 -d ${DHCP_SERVER} --sport 68 --dport 67 \
-m state --state NEW -j ACCEPT
${IPTABLES} -A INPUT -p udp -s 0/0 -s ${DHCP_SERVER} --sport 67 --dport 68 \
-m state --state ESTABLISHED,RELATED -j ACCEPT
hmm.. silly NO , silly are the people who don't ask , but just do.
Pascal
