Brooks Carlson schrieb:
> I have specified under Valid Addresses: Others.
>
> This group contains Internal_Net (with broadcast allowed),
> InternalDHCPServer
> with IP 255.255.255.255, and ExternalIPs (for NAT translation back to
> internet).
>
> It still doesn't work. Rule 0 is still blocking. Please note that
> DHCP is NOT running on the firewall, separate machine with 10.0.0.4 address.
So the DHCP server is on a DIFFERENT interface than the clients trying to obtain
an IP address?!??
> It seems like maybe
> this is not working because it is basing the spoofing on the source address
> which is nothing, instead of the destination address 255.255.255.255.
Yes, you are right - I just was not sure about the source when doing DHCP resp.
BOOTP.
Change that to 0.0.0.0 for anti-spoofing.
Bye
Volker
--
Volker Tanger <[EMAIL PROTECTED]>
Wrangelstr. 100, 10997 Berlin, Germany
DiSCON GmbH - Internet Solutions
http://www.discon.de/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
