Vista doesn't ack dhcp offer

Doug Tucker tuckerd at engr.smu.edu
Mon Sep 24 13:58:12 UTC 2007


Sorry, after spending a week on that I had to catch up on some stuff.
Here are the filters for the 128 subnet in question on the gateway
router.


deny128a         0.0.0.0/ 0: 445     129.119.128.0/24:   0     T-D-X
13702
deny128b         0.0.0.0/ 0: 445     129.119.128.0/24:   0     U-D-X   1
deny128c         0.0.0.0/ 0: 139     129.119.128.0/24:   0     T-D-X
15526
deny128d         0.0.0.0/ 0: 139     129.119.128.0/24:   0     U-D-X   0
deny128e         0.0.0.0/ 0:  23     129.119.128.0/24:   0     T-D-X
59762
deny128f         0.0.0.0/ 0:  25     129.119.128.0/24:   0     T-D-X
60575
deny128g         0.0.0.0/ 0: 135     129.119.128.0/24:   0     T-D-X
242950
deny128h         0.0.0.0/ 0: 135     129.119.128.0/24:   0     U-D-X
4409220
  all128   129.119.128.0/24:   0     129.119.128.0/24:   0     I-P-X
130887102
 http128         0.0.0.0/ 0:  80     129.119.128.0/24:   0     T-P-X
386362774
https128         0.0.0.0/ 0: 443     129.119.128.0/24:   0     T-P-X
141582344
ssmtp128         0.0.0.0/ 0: 465     129.119.128.0/24:   0     T-P-X
476275
imaps128         0.0.0.0/ 0: 993     129.119.128.0/24:   0     T-P-X
3505476
pop3s128         0.0.0.0/ 0: 995     129.119.128.0/24:   0     T-P-X
4091082
  ssh128         0.0.0.0/ 0:  22     129.119.128.0/24:   0     T-P-X
20399138
  dns128         0.0.0.0/ 0:  53     129.119.128.0/24:   0     T-P-X
177768
dns128udp         0.0.0.0/ 0:  53     129.119.128.0/24:   0     U-P-X
7924870
socks128         0.0.0.0/ 0:1080     129.119.128.0/24:   0     T-P-X
6044712
  pgp128     129.119.0.0/16:9000     129.119.128.0/24:   0     T-P-X
505
 dhcp128         0.0.0.0/ 0:   0     129.119.128.0/24:  67     U-P-X
584


They are exactly the same now, as the day things were working for
unicast and not working for broadcast for dns, with the only acception
being we added the ONE filter for dhcp128, which allowed the broadcast
to work as well.  To recap, without this filter in allowing broadcast
though, the clients not setting the broadcast bit were still working
fine.


On Fri, 2007-09-21 at 23:09 +0100, Simon Hobson wrote:
> Doug Tucker wrote:
> >If anyone is interested, we found it.  Our gateway router had 
> >filters on it to allow 80, 443, 21, 22...and then deny everything 
> >else.  We added an allow for dhcp, and wallah, everything is 
> >working.  What still has us scratching our heads, and why we kept 
> >ruling that out, is even with the filter in place, dhcp still 
> >worked, as long as the client dind't have the broadcast flag set. 
> >Makes no sense to me, either dhcp is blocked or it isn't I would 
> >think, reguardless of broadcast client flag.
> 
> Don't forget that the route taken by packets, and the destination 
> address, depends on the mode of delivery. Perhaps if you posted the 
> filters then someone might see an obvious answer.
> 



More information about the dhcp-users mailing list