On Sunday 29 February 2004 7:54 pm, Dr. Lawrence J. Schmitt wrote: > I am setting up a lab for students to configure and experiment with > Linux. I need to set up something that will keep responses to DHCP > requests from leaving the lab to keep from driving the network support > people crazy. > 1. What is the appropriate tool to use? A router. DHCP doesn't cross network boundaries. > 2. Can anyone suggest an iptables rule that will block either > dhcp requests from entering the lab subnet or responses from > exiting. Well, since the machine running netfilter (onto which you put your rules) is going to have to have one subnet on one side, and another subnet on the other, the precise rules you use don't much matter - the system will very satisfactorily block DHCP for you. > 3. I would like to set up one pc running Linux as a router and > firewall, filter that also would run DHCP and DNS for the local > lab as well as block responses to DHCP requests on the nic that > is connected to the campus network. I think if you set up such a PC as a router and firewall, you won't have a DHCP problem, simply because DHCP doesn't get routed. Regards, Antony. -- Documentation is like sex. When it's good, it's very very good. When it's bad, it's still better than nothing. Please reply to the list; please don't CC me.