dhcp server is working but there are no rules allowing it using a drop policy

dhcp server is working but there are no rules allowing it using a drop policy

[richard hauswald]

Hi all,
my problem is a verry strange one, so i think i did a configuration 
failure. But i can't find him.
i made a listung of my iptables rules using the -L parameter and finaly 
a tcpdump wich should show you, that dhcp is working - well i couldnt 
post hte windowsxp bubble wich says that i got a wunderfull wlan 
connection...

-------------------------------------

Antifreeze:~# date;iptables -L;date;iptables -t nat -L;date;iptables -t mangle -L;date;tcpdump -i eth0 udp
Mon Mar  7 14:50:57 CET 2005
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:64385 state NEW,ESTABLISHED

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:64385 state ESTABLISHED
Mon Mar  7 14:50:57 CET 2005
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Mon Mar  7 14:50:57 CET 2005
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
Mon Mar  7 14:50:57 CET 2005
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
14:51:10.965603 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:0f:cb:ad:75:a8, length: 300
14:51:10.966600 IP Antifreeze.lan.bootps > 192.168.0.19.bootpc: BOOTP/DHCP, Reply, length: 300
14:51:10.975221 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:0f:cb:ad:75:a8, length: 322
14:51:10.978049 IP Antifreeze.lan.bootps > 192.168.0.19.bootpc: BOOTP/DHCP, Reply, length: 300

4 packets captured
4 packets received by filter
0 packets dropped by kernel
------------------------------------------------


Ok, i would be verry happy if anyone could help me blocking the dhcp server that i can trust iptables again. 
regards
richard hauswald

Re: dhcp server is working but there are no rules allowing it using a drop policy

[Jason Opperisano]

On Tue, 2005-03-08 at 06:40, richard hauswald wrote:
> Hi all,
> my problem is a verry strange one, so i think i did a configuration 
> failure. But i can't find him.
> i made a listung of my iptables rules using the -L parameter and finaly 
> a tcpdump wich should show you, that dhcp is working - well i couldnt 
> post hte windowsxp bubble wich says that i got a wunderfull wlan 
> connection...
> 
> -------------------------------------

<--snip-->

most DHCP implementations these days operate (read:  generate and
receive packets) at the BPF layer, which is below where netfilter hooks
into the IP stack; therefore your iptables rules never see the packets.

-j

--
"I bet Einstein turned himself all sorts of colors before he invented
 the light bulb."
	--The Simpsons