Bonneau-Tessier Thierry wrote:
Hi all,
I'am looking about DHCP relay functionnality on SPLAT R55. I have 2
isolated DMZ (with two separated IP networks) behind the firewall. I
have been enable to configure the DHCP relay with one DMZ. My concern is
that when a dhcp request is forwarded by the FW, the source IP address
becomes the firewall internal IP address.
1 ) does that mean all the dhcp requests coming from both of the DMZ
will be forwarded with the same source IP => how my dhcp server will be
able to forward a correct IP ? I had not time to check yesterday.
Read RFC1542 to see how DHCP (or BOOTP) relay agents work. But
to answer your question, how else could it work? When a machine
sends an initial request with a 0.0.0.0 source, how could things
work if the relay agent didn't put its own IP address as the
source for communications to the server?
A DHCP relay does NOT simply forward messages at the network
layer, but works at the application layer and actually modifies
the data.
2 ) Does anyone know if it is possible to NAT dhcp request coming from a
DMZ ? This solution may be very helpful.
Not sure what this means. If you are trying to overload the source
field to give the DHCP server information, there is the explicit
giaddr field in a DHCP message which provides the information you
probably want.
--
Crist J. Clark crist.clark AT globalstar DOT com
Globalstar Communications (408) 933-4387
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
| 