Correct me if I'm wrong, but it seems that a reload is enough (no
restart needed) because it seems that the 'dhcp' option simply adds
the udp 67:68 rules on the specified interfaces. In my case, a
shorewall dump shows this kind rule was generated:
ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spts:67:68 dpts:67:68
Also, "sniffing" the UDP 67 DHCP requests going out on the "ibs" eth
interface should be enough to state that if the reply is not coming
back or if the remote FW does not see the DHCP requests, it should not
be because of a blocking rule in my SW router. Am I right?
Vieri
On Mon, Nov 23, 2020 at 3:12 PM Simon Matter <simon.mat...@invoca.ch> wrote:
>
> > Hi,
> >
> > I configured dhcrelay so that clients in my "lan1" zone should get IP
> > addr. leases from a server in my "ibs" zone.
> >
> > This is the command I run:
> >
> > /usr/sbin/dhcrelay -q -i lan.1 10.215.137.54
> >
> > BTW, a foreground run shows messages such as:
> >
> > Forwarded BOOTREQUEST for a4:bb:6d:03:6d:c9 to 10.215.137.54
> >
> > I allow "all" for now from lan1 to ibs and a tcpdump shos requests
> > only when there should be replies because the service in ibs is active
> > and accessible:
> >
> > IP 10.215.144.91.67 > 10.215.137.54.67: BOOTP/DHCP, Request from
> > a4:bb:6d:03:6d:c9, length 300
> >
> > I only recently added the dhcp option to both interfaces:
> >
> > lan1 ${IF_LAN}.1 routeback,arp_filter=1,proxyarp=1,dhcp
> > ibs $IF_IBS arp_filter=1,dhcp
>
> What is $IF_IBS? Is it a normal ethernet interface?
>
> Simon
>
>
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
