> Should I just create a new DHCP server on another box other than my
> gateway?
That would be my recommendation. I'm extremely uncomfortable with
the idea pf providing DHCP service across a security perimeter....
David Gillett
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM]On Behalf Of
> Stachowicz,Mark
> Sent: Thursday, December 23, 2004 11:58 AM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: Re: [FW-1] DHCP Service
>
>
> I tried creating a rule allowing udp/67 traffic to 255.255.255.255 and
> it still is dropped on that rule. Strange.
>
> Should I just create a new DHCP server on another box other than my
> gateway?
>
> -ms
>
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Crist
> Clark
> Sent: Thursday, December 23, 2004 12:21 PM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: Re: [FW-1] DHCP Service
>
> Stachowicz,Mark wrote:
> > I am running Checkpoint management and gateway software on
> my Windows
> > 2003 server which also acts as the DHCP server for my network.
> >
> > Unless I open up the policy totally, DHCP requests do not work. I
> > get an error in the log when a DHCP request comes through
> which simply
>
> > drops the request with no reason. Even if there is a rule implicity
> > specifying to allow tcp 67 to the DHCP server, it still drops the
> > packets on that rule.
> >
> > Any ideas?
>
> The initial DHCP discovery from the clients will be
> broadcast; they will
> not be sent to the DHCP server's address. Do you allow 67/udp sent to
> 255.255.255.255? Do you have a capture of packets that are dropped?
> --
> Crist J. Clark
> crist.clark AT globalstar DOT com
> Globalstar Communications
> (408) 933-4387
>
> =================================================
> To set vacation, Out-Of-Office, or away messages, send an email to
> LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your subscription options,
> email fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
