[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: NAT issues..
 Date:  Thu, 8 Sep 2005 22:17:56 -0400
On 9/8/05, sai <sonicsai at gmail dot com> wrote:
> in status.php , under ipfstat -nio
> I have the following rule (vro is the WAN interface)
> 
> @10 block in quick on vr0 proto udp from any port = 67 to
> 192.168.10.0/24 port = 68
> 
> There are also a number of other rules related to port 67 and port 68.
> I was wondering why these are included by default by m0n0. presume
> that Toms question is related to this.
> 

yeah, that's what would be blocking it.  

The above rule is to stop any DHCP traffic from coming into your LAN
(after allowing it to the WAN in case you use DHCP on the WAN
interface).  DHCP traffic should never be let through subnets unless a
DHCP relay is involved, in which case that rule wouldn't apply.

To the original poster, what are you trying to open?  I'm not aware of
anything other than DHCP/BOOTP that uses UDP 68, and you wouldn't want
to open DHCP.  The current betas have a DHCP relay built in.  I don't
remember when it was added, but I don't think it's in 1.11.

-Chris