ipfw and dhcp


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users ipfw and dhcp
# 1  
Old 09-18-2010
ipfw and dhcp

Hello,
I have a little problem with my server configuration.
So: I have two PC's with DHCP enable and both of them have two NIC's.

PC1 - le0 ADSL
PC1 - le1 192.168.10.1

PC2 - le0 192.168.10.10
PC2 - le1 192.168.20.1

One NIC on PC1 is connected to ADSL, another one have IP address 192.168.10.1
PC2 have 192.168.10.10 on the 1st NIC, and 192.168.20.1 on the 2nd.
When someone want to connect and his MAC is not configured in PC1 ( to take IP from 192.168.10.0 network ) he take IP address from DHCP from PC2 - 192.168.20.2.
The problem is that, when I type: /release /renew somethimes PC take IP address from ADSL - 192.168.1.17 How can I restrict/deny this range - 192.168.1.0?I don't wana my PC's to take IP's from there.
I try with: ipfw add 2 deny all from 192.168.1.0/24 to any;ipfw add 3 deny all from any to 192.168.1.0/24;ipfw add 4 deny all from any to 192.168.1.1 and many, many, but nothing works Smilie
And the second question is: when I ping from 192.168.10.1 to 192.168.10.10 ( another PC ), ping is < 1ms, but when I ping 192.168.20.1 ( another interface ), ping is too high ( like 2ms,8ms, 20ms and etc. ).It's not hardware problem in lan card, becouse interfaces are virtual.
# 2  
Old 09-18-2010
Are you running two DHCP servers? use static DHCP entries - eg: configure their MAC addresses to get the same IP each time. I have done this with ISC DHCP.

where is PC2:le1 plugged into physically?
# 3  
Old 09-19-2010
Yes I have two DHCP servers and also use fixed-address ( on the 1st one ).
On the 1st PC in dhcp.conf I have: range 192.168.10.3 192.168.10.3;
so when PC with no fixed-address connect, it's redirected to dhcp on PC2.

PC1 and PC2 are part of my VMWare Infrastructure.
PC2 le0 is definite like VM Nework Public, le1 is VM Network Private.

P.S. Something for packet filter for 192.168.1.0 ADSL network?How to restrict this network?

Last edited by mrowcp; 09-19-2010 at 06:35 PM..
# 4  
Old 09-26-2010
Ok, lets ask something else.

1) How to config my dhcp server ( or put some rule in ipfw ) to deny 192.168.10.3 to be distributed/used from PC's in my network?

2) When 1 laptop is connetced to my wireless network, its take IP 192.168.20.34 ( becouse laptop MACs is not configured in dhcp server to take ip from 192.168.10.0 network ).So I run: ipconfig /release and ipconfig /renew
Now laptop wana take IP 192.168.10.3, but I put this IP manualy like 2nd in my network adapter, so laptop can take it and in cmd I have this msg:

Quote:
C:\Documents and Settings\PC_User>ipconfig /renew

Windows IP Configuration

No operation can be performed on Local Area Connection while it has its media di
sconnected.
An error occurred while renewing interface Wireless Network Connection : The DHC
P client has obtained an IP address that is already in use on the network. The l
ocal interface will be disabled until the DHCP client can obtain a new address.
Wireless adapter continue to reconnecting and after 1.40min he take IP 192.168.20.34.
Why my dhcp server say: "IP address that is already in use on the network" This IP is released and no one use it.Is there any options in dhcp.conf for releasing time?
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. OS X (Apple)

How to enable ipfw.log?

Under Mountain Lion, I want logs from ipfw sent to ipfw.log instead of dumped in system.log I've tried to figure out how OSX handles logs, but... after going back and forth between a syslog.conf which does little if anything, a newsyslog.conf that seems to only handle rotation, an asl.conf that... (3 Replies)
Discussion started by: jnojr
3 Replies

2. IP Networking

Get DHCP relay interfaces IP address using DHCP

Hi All , please view the set up below: ------------------------------------------------------------------- | DHCP Server |-----------| ROUTER & |-----------| Clients | | 192.168.99.1 | - -<eth1>| DHCP-RELAY|<eth2>-- | 192.168.88.X | ... (2 Replies)
Discussion started by: gdangoor
2 Replies

3. Shell Programming and Scripting

Help, SSH /ipfw block script

Hello, This is an SSH Block hammer script using ipfw, that I have modified for my own use. It is for a freenas 7.2 box which is FreeBSD based. The script works, but if there is more then one hammer attack per day, my issue is the script reads the first five instances of refused or invalid... (2 Replies)
Discussion started by: dpreviti
2 Replies

4. Cybersecurity

pass syntax iptables to ipfw

Hello, excuse my English. Please could tell me how I can pass this syntax for iptables to ipfw. iptables -A OUTPUT -p tcp --dport 80 -m state --state NEW -m recent --set --name thor --rdest -j ACCEPT iptables -A INPUT -p tcp -m tcp --tcp-flag RST RST -m state --state ESTABLISHED -m recent... (0 Replies)
Discussion started by: dot357
0 Replies

5. BSD

Using several pipes in ipfw (dummynet)

Hi! I've already posted this on the freebsd-questions mailing list, but I thought I could try it here too. I'm using FreeBSD 7.0 with IPFW DUMMYNET enabled. I've got a problem with creating a ruleset, which allows me to limit the overall bandwidth of a link and afterwards pass the packets... (0 Replies)
Discussion started by: xenator
0 Replies

6. Cybersecurity

FreeBSD IPFW Rules clarification please...

Hello. I hope you can help me please. We are about to bring a few servers online which will be hosting different things... For one server, it will be hosting a HTTPd, and just wanted to know whether these rules are correct that I have? To ensure the right interfaces etc, here's a copy of... (1 Reply)
Discussion started by: DanUK
1 Replies

7. UNIX for Dummies Questions & Answers

Need help with IPFW.. Please...

Hi folks, I am a Mac User, and have little knowledge on IPFW. I have a set up at home where my computer (with 2 ethernet cards and static IP adresses) serves Internet to my family's computers. I have already a script that will run automatically at login and called from Cron at certain... (2 Replies)
Discussion started by: fundidor
2 Replies

8. BSD

ipfw slow ssh and ftp connections

just as the title says. thanks. #General Rule Sets /sbin/ipfw add 0300 check-state /sbin/ipfw add 0301 deny tcp from any to any in established /sbin/ipfw add 0302 pass tcp from any to any out setup keep-state /sbin/ipfw add 0303 pass udp from any to any out #SSH FTP /sbin/ipfw add 0400... (11 Replies)
Discussion started by: dwildgoose
11 Replies

9. Cybersecurity

ipfw directives and order of precidence...

Is there a general rule I can apply when examining/editing ipfw entries? Also, does each new entry have to have a unique rule number? And, I think I can write a script to block code red infected machines (though I'm not sure it would do more than slim down my web server error message log),... (0 Replies)
Discussion started by: [MA]Flying_Meat
0 Replies

10. UNIX for Dummies Questions & Answers

fBSD nat ipfw

i am running nat on my freeBSD and web/ftp server. The rule allow ip from any to any must always be? or how? if i accept all packets to go on my ep0 which diverts all to my intranet it doesnt help, must the rule allow ip from any to any always be ? even if many rules are between divert rule and... (3 Replies)
Discussion started by: hachik
3 Replies
Login or Register to Ask a Question