Relay agents, NAT, and offers to giaddr

Sten Carlsen sten at
Fri Sep 15 23:11:14 UTC 2006

What I see as really ugly and sometimes dangerous is the fact that the
dhcp-server must know exactly what goes on behind the NAT. I use NAT
precisely to avoid that.

This also makes me worry about IPv6, I want to be in charge of what is
visible to the world.

Alan DeKok wrote:
> Simon Hobson wrote:
>> Alan DeKok wrote:
>> Clients renewing do not use a relay agent - they unicast directly to 
>> the server.
>> So now you have to capture and mangle unicast packets as well as 
>> broadcast - yet another special case ALG.
>    But that's just what NAT boxes do...
>    Alan DeKok.

Best regards

Sten Carlsen

No improvements come from shouting:


More information about the dhcp-users mailing list