Relay agents, NAT, and offers to giaddr

Sten Carlsen sten at s-carlsen.dk
Fri Sep 15 23:11:14 UTC 2006


What I see as really ugly and sometimes dangerous is the fact that the
dhcp-server must know exactly what goes on behind the NAT. I use NAT
precisely to avoid that.

This also makes me worry about IPv6, I want to be in charge of what is
visible to the world.

Alan DeKok wrote:
> Simon Hobson wrote:
>   
>> Alan DeKok wrote:
>>
>> Clients renewing do not use a relay agent - they unicast directly to 
>> the server.
>>
>> So now you have to capture and mangle unicast packets as well as 
>> broadcast - yet another special case ALG.
>>     
>
>    But that's just what NAT boxes do...
>
>    Alan DeKok.
>
>   

-- 
Best regards

Sten Carlsen

No improvements come from shouting:

       "MALE BOVINE MANURE!!!" 



More information about the dhcp-users mailing list