If you are trying to catch traffic not originating on the MT, wouldn't
the chain need to be forward and not output?
On 01/24/2014 08:54 AM, Ty Featherling wrote:
Chupaka and Butch. This rule is on a router that has a bridge for LAN ports
and the DHCP server is run on that bridge. Use IP Filter is enabled for the
bridge as well. I am glad you are seeing the same lack of result I did
Butch. In my case I want to act on DHCP server traffic that does NOT
originate from the router, ie Rogue DHCP traffic. To that end I don't
really need to catch the legit server traffic but I was trying to prove
where it was or wasn't so I could write my rules accordingly.
"For others that answered, the rule that Ty posted IS the right format and
in the right chain."
- Wel I did learn from the best... ;)
-Ty
On Fri, Jan 24, 2014 at 3:00 AM, Chupaka <[email protected]> wrote:
Afair, DHCP uses something like RAW_SOCKET or even more low-level
functions, so the only way to catch its packets is to create a bridge (with
a single port - necessary interface) and use bridge filter (or enable
'use-ip-firewall').
--
Подпись:
(добавляется в конце всех исходящих писем)
2014/1/24 Butch Evans <[email protected]>
On 01/23/2014 11:13 AM, Ty Featherling wrote:
Can someone confirm that you CANNOT manage traffic FROM the DHCP Server
on
a Mikrotik with IP Firewall?
To test this I added the rule:
add action=log chain=output disabled=no protocol=udp src-port=67
DHCP Conversation looks like this:
DHCPDISCOVER
client: UDP src-addr 0.0.0.0 sport=68
dst-addr 255.255.255.255 dport=67
DHCPOFFER
DHCP server:
UDP src-addr server.ip.addr sport=67
dst-addr 255.255.255.255 dport=68
DHCPREQUEST -
From client, just like discover
DHCPACK -
From server, just like offer
SO, your rule should show the DHCPOFFER and the DHCPACK traffic. My
first
guess about why it isn't showing up would be if the interface in question
is on a bridge and the "use-ip-firewall" option isn't on for the bridge.
Barring that, I suspect you should be able to see the traffic in the
logs.
I just did a test on a router here and it didn't show up there, either.
Very odd. Perhaps a bit more research on my part is in order. Maybe,
because the traffic is all broadcast type, the IP firewall isn't seeing
the
traffic? I don't know. I'll play with this a bit more and see what I
can
discover.
For others that answered, the rule that Ty posted IS the right format and
in the right chain.
--
Butch Evans
702-537-0979
Network Support and Engineering
http://store.wispgear.net/
http://www.butchevans.com/
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <
http://mail.butchevans.com/pipermail/mikrotik/attachments/20140124/14c5f2ff/attachment.html
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.butchevans.com/pipermail/mikrotik/attachments/20140124/84ce8634/attachment.html>
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
