Securepoint Support Forum

Hello,

Is it possible to enable DHCP relaying from one subnet to another through Securepoint?

Thank you, Andy.

Hi,

maybe this should help you:

http://www.securepoint.de/support/topic.php?id=293

Hello,
Thanks for this. I think dhcrelay is ok.

The DHCP servers are located on our LAN (eth7).
We want DHCP broadcasts originating in dmz1 (eth4), to be forwarded to the LAN DHCP servers.

'/usr/sbin/dhcrelay -q -i eth4 -m forward 192.168.200.1 192.168.200.2'

However, the broadcast packets are being dropped at the securepoints dmz1 interface.

I created two network objects;
255.255.255.255/32 in zone 'firewall-dmz1' = 'DMZ1_Interface'
0.0.0.0/0 in zone 'dmz1' = 'DMZ1_any'

I created a service group with one service object;
Name: 'DHCPRelay', protocol: UDP, Source: 67:68, Destination: 67:68

I then created a firewall rule;
From: DMZ_any, To: DMZ_Interface, Service: DHCPRelay

However the logs show my DHCP broadcasts are being dropped!!!

Log;
'Firewall DROP' IN=eth4 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:80:5d:b0:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=16 PROTO=UDP SPT=68 DPT=67 LEN=308

Hi,
if the zones on eth4 equal "dmz1;firewall-dmz1" I don't see any reason, why the (DHCP Request) packets are dropped.
For letting the DHCP Reply packets pass through the firewall, you need to create a rule:
[Your DHCP-Server](internal) -> 255.255.255.255/32(internal-interface) -> dhcp-relay

To ensure, that the rules are correctly written to iptables execute the following command in a root-shell: The output should read similar to the following: Note:
According to the dhcrelay-manpages you need to specify the outgoing interface of the relayed DHCP-request as well as the incoming.

Unfortunately, I wasn't able to completely test dhcrelay in my environment.
I saw the request-packet on the external interface, but my router didn't send an answer :roll:

Thank you,

With your help I managed to get it working