|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] DHCP requests and FW-1
Since the job of a DHCP relay is to receive UDP broadcasts and forward them unicast (and vice versa), it could be done by any host on the remote segment. But since (a) this is a relatively small-footprint task, and (b) clients on the remote segment depend upon the relay being operational, integrating this function with the inter-segment router makes a lot of sense. In this case, that's the firewall. I haven't heard of any compromises in a DHCP relay implementation; it's a pretty simple function and so it's pretty easy to get it right. So I'm fairly comfortable with this as an exception to the "don't run services on the firewall" principle. (I cannot say the same about a full-blown DHCP *server*....) Dave Gillett > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[email protected]]On Behalf Of > Elisabeth Lidie > Sent: Tuesday, August 06, 2002 11:32 AM > To: [email protected] > Subject: [FW-1] DHCP requests and FW-1 > > > Current info: 4.1 SP2 running on Sun Ultra 10, Solaris 2.6. > > My LAN folks are setting up a remote office which has a fiber > link to the > local building. There is a switch at each site. There is a firewall > between the two network segments, located here at the local > site. (The > local switch is plugged into one of the ports on a quad card.) > > There is a DHCP server at the local site, and it needs to > serve the PC's at > the remote site. I can see bootp traffic being broadcast, > but I don't see > any return traffic from the local server. The rulebase > allows for all > traffic in both directions through this particular firewall > for these two > network segments. Based on my research thus far, I believe > there needs to > be a DHCP relay somewhere in this structure. > > I've found how to configure the firewall at the OS level to relay DHCP > requests, although I haven't tried it yet. (I wanted to > check with this > list first.) Is that how I should proceed, or is there a > 'better' way to > accomplish this? > > Thanks for your help and/or opinions. > > Elisabeth > > > > NOTE: This electronic message and attachment(s), if any, > contains information which is intended solely for the > designated recipient(s). Unauthorized disclosure, copying, > distribution, or other use of the contents of this message or > attachment(s), in whole or in part, is prohibited without the > express authorization of the author of this message. > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
