On Fri, 12 Sep 2003, Gavin Hamill wrote:
> On Friday 12 September 2003 07:11, Faheem Mitha wrote:
> > Dear People,
> >
> > Are the lines
> >
> > iptables -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 207.69.188.18*
> > --sport 53 -d 0/0 -j ACCEPT
> >
> > allowing through the DHCP connection? The 207.69.188.18* are
> > Earthlink servers, they look like nameservers.
>
> Your second hunch is right - they are for Eathlink's nameservers, since that's
> what will be defined in /etc/resolv.conf... DNS lookups reply using a UDP
> source port of 53, hence the lines added by lokkit..
>
> I would be wary of the fact that DHCP (which uses UDP ports 67 and 68) is
> currently blocked, so if you start to get connection problems in the near
> future, you'll know why - you should probably see messages from your DHCP
> client that it was unable to renew the lease...
>
> iptables -A INPUT -p UDP -i eth0 --dport 67 --sport 68 -j ACCEPT
>
> is what I use to ensure that the DHCP traffic is permitted from the outside
> world.
Hi. Thanks for the info. Does the rest of the configuration look Ok then?
Faheem.
