On Tue, Nov 24, 2020 at 12:26 AM Tuomo Soini <t...@foobar.fi> wrote: > > That's not quite enough. When dhcp clients want to renew leases they > need unicast dhcp access to your dns server. You can do that in rules > with DHCPfwd macro. > > DHCPfwd(ACCEPT) lan1 ibs:10.215.137.54 > > Macro will allow traffic to both directions.
Thanks, Tuomo. In this case, the DHCP service is listening on 10.215.137.54 and is in the "ibs" zone, but the DNS servers that are being "provisioned" in the DHCP response are in both the ibs and lan1 zones. You mention that clients should have unicast dhcp access to the DNS servers, so I guess that if they are in lan1, they don't need any specific rule for the DNS servers in the same zone but do require a rule for the DNS servers in another zone (ibs). In other words, the rule would be something like this: DHCPfwd(ACCEPT) lan1 ibs:$DHCP_SERVER,$DNS_SERVERS Right? Regards, Vieri _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
