Reconfig of dhcp.conf
Simon Hobson
dhcp1 at thehobsons.co.uk
Thu Nov 26 09:00:08 UTC 2009
Chris Arnold wrote:
>So i know it is listening/sending on 192.168.124. Therefore, will
>need a trust to dmz policy and a dmz to trust policy? I did that and
>made no difference.
You will need the firewall to allow the relevant packets, AND act as
a relay - it's not a simple matter of just forwarding packets, the
relay agent modifies them as it goes. There may be a requirement for
untrust->firewall, firewall->untrust, trust->firewall, and
firewall->untrust permit rules - as well as untrust->trust and
trust->untrust to allow unicast traffic between clients and server
when it comes to renewal time.
>Would it be better to have dhcp on the trust network, 192.168.123.0?
Since the server is already physically connected, it would seem the
simplest way round it. Just turn off the relay agent in the firewall
and configure the DHCP server to serve that subnet/segment directly.
--
Simon Hobson
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
More information about the dhcp-users
mailing list