Firewall Wizards mailing list archives

RE: Dual-homed firewall with DHCP on one of the interfaces.

From: "Keller, Dennis" <DKeller () ddc dla mil>
Date: Tue, 23 Mar 1999 14:23:12 -0500

Don't use DHCP for for your firewall.  Apply static addresses to all
interfaces on the firewall.  Your external address is your Internet
footprint and should remain constant as well as your internal address should
remain constant for internal users.  

Regards,
Dennis Keller                                 
ADP Security Administrator
DDSP-Z
email: dkeller () ddc dla mil                       


-----Original Message-----
From: Daniel Knighten [mailto:daniel () knighten org]
Sent: Monday, March 22, 1999 7:20 PM
To: firewall-wizards () nfr net
Subject: Dual-homed firewall with DHCP on one of the interfaces.


I have connected a small office to the Internet through a Linux based
router/firewall.  This machine employs network address translation and
a combination of packet filtering and proxies to firewall the internal
network.  The problem I am having is that the external (Internet)
interface receives it's IP address via DHCP.  When the machine first
boots the firewall is not initialized till after DHCP has obtained
it's address.  However once the firewall has been initialized DHCP
traffic is no longer passed.  I thought I had anticipated the problem
by creating holes in the firewall for TCP/UDP ports 67-68, but
nonetheless the problem exist.  My current solution is to simply squat
on an IP after DHCP has acquired it, however I would like to
understand the full ramifications. Has anybody encountered this before
and are there any suggestions?

Thanks,
Dan
-- 
____________________________________
                                    |
Daniel Knighten                     |
                                    |
Quad Group Computer Solutions, Inc. |
P.O. Box 590                        |
Dupont, WA 98327-0590               |
                                    |
Voice: (360) 507-7842               |
Fax: (360) 455-0463               |
                                    |
dknighten () qgcs com                  |
http://www.qgcs.com                 |
____________________________________|

Attachment: Keller, Dennis.vcf
Description:

Current thread:

Dual-homed firewall with DHCP on one of the interfaces. Daniel Knighten (Mar 23)
- Re: Dual-homed firewall with DHCP on one of the interfaces. Steve George (Mar 23)
- <Possible follow-ups>
- RE: Dual-homed firewall with DHCP on one of the interfaces. Cottrell, Ian (Mar 23)
  - Re: Dual-homed firewall with DHCP on one of the interfaces. Daniel Knighten (Mar 24)
- RE: Dual-homed firewall with DHCP on one of the interfaces. Keller, Dennis (Mar 23)
- RE: Dual-homed firewall with DHCP on one of the interfaces. Peter Capelli (Mar 24)