Afair, DHCP uses something like RAW_SOCKET or even more low-level functions, so the only way to catch its packets is to create a bridge (with a single port - necessary interface) and use bridge filter (or enable 'use-ip-firewall').
-- Подпись: (добавляется в конце всех исходящих писем) 2014/1/24 Butch Evans <[email protected]> > On 01/23/2014 11:13 AM, Ty Featherling wrote: > >> Can someone confirm that you CANNOT manage traffic FROM the DHCP Server on >> a Mikrotik with IP Firewall? >> >> To test this I added the rule: >> >> add action=log chain=output disabled=no protocol=udp src-port=67 >> > > DHCP Conversation looks like this: > > DHCPDISCOVER > client: UDP src-addr 0.0.0.0 sport=68 > dst-addr 255.255.255.255 dport=67 > > DHCPOFFER > DHCP server: > UDP src-addr server.ip.addr sport=67 > dst-addr 255.255.255.255 dport=68 > > DHCPREQUEST - > From client, just like discover > > DHCPACK - > From server, just like offer > > SO, your rule should show the DHCPOFFER and the DHCPACK traffic. My first > guess about why it isn't showing up would be if the interface in question > is on a bridge and the "use-ip-firewall" option isn't on for the bridge. > Barring that, I suspect you should be able to see the traffic in the logs. > I just did a test on a router here and it didn't show up there, either. > Very odd. Perhaps a bit more research on my part is in order. Maybe, > because the traffic is all broadcast type, the IP firewall isn't seeing the > traffic? I don't know. I'll play with this a bit more and see what I can > discover. > > For others that answered, the rule that Ty posted IS the right format and > in the right chain. > > > -- > Butch Evans > 702-537-0979 > Network Support and Engineering > http://store.wispgear.net/ > http://www.butchevans.com/ > > _______________________________________________ > Mikrotik mailing list > [email protected] > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20140124/14c5f2ff/attachment.html> _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
