Scott Ruckh wrote: >My interface connected to the internet is eth2. The IP for this >interface is dynamically assigned by my ISP. My current IP on this >interface belongs to the 68.106.224.0/19 network. When I look at >the IP address of the DHCP server that assigned eth2's IP I see 172.19.73.31 . > >What I am wondering is if shorewall is going to block subsequent >DHCP renewals attempts because the 172.19.73.31 is non-routable >(public) through the interface connected to the internet.
Yes. You need to allow traffic out to the server. What will happen in practice is that your connection will work even if you do block traffic to the 172.16/12 network. When your client is unable to renew the lease via unicast packets and the lease is getting close to renewal, then the client should start using broadcast packets. The broadcast packets won't be blocked and so your client will be able to renew it's lease. So things will still work, but it'll be less resilient and you'll get all those error messages. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
