[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

suggestion: small addendum to pf FAQ ?



Hello!
I'm new to this, so it's slippery for me! Still: Wouldn't it be
appropriate, to add some information about the necessity of allowing
incoming DHCP-traffic from a server to a client to enable the client
to ask for a renewal of the lease on
http://www.openbsd.org/faq/pf/example1.html ?
As what I read here
http://users.telenet.be/mydotcom/library/network/dhcp.htm
and here (german)
http://www.manderby.com/informatik/netzwerk/dhcp.php
and of course here
http://www.freesoft.org/CIE/RFC/2131/20.htm
something like this might be necessary in pf.conf if $ext_if is
configured via DHCP by a provider (i'm not sure about the "keep
state"):
pass in on $ext_if inet proto udp from any port 67 to any port 68 keep
state
The pf FAQ says:
"Since the IP address on the external interface is assigned
dynamically, parenthesis are placed around the translation interface
so that PF will notice when the address changes."
but it doesn't mention anything about how the DHCP-information about
the change is passed in once the IP is given and the lease is running
out. The RFC 2131 says:
"DHCP uses UDP as its transport protocol. DHCP messages from a client
to a server are sent to the 'DHCP server' port (67), and DHCP messages
from a server to a client are sent to the 'DHCP client' port (68)."
Isn't it then necessary to open port 68, to let "my providers
DHCP-server" answer to me as a client, when I ask for a renewal of the
lease? Or am I getting something very wrong here?