DHCP Security Configuration

Before any of the clients can start obtaining an IP address from the DHCP server, you need to deal with the security requirements for the DHCP server. They include adding a firewall rule with iptables and disabling any SELinux options that prevent the DHCP service from running. For the firewall rule, you need to know that the DHCP server listens on UDP port 67 for incoming DHCP requests.

Step 1. Use iptables to create the required firewall rule:

# iptables -I INPUT 5 -p udp -m udp --dport 67 -j ACCEPT

Step 2. Save the firewall rule you just created:

# service iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]

Step 3. Then restart the iptables service:

# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]

With the firewall rules in place, you can shift your focus to SELinux. Well, wouldn’t you know...there are no SELinux requirements for a DHCP server.

Step 4. Request a dynamic IP from the server:

# dhclient
Internet Systems Consortium DHCP Client V3.0.5-RedHat
Copyright 2004-2006 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/
Listening on LPF/eth0/08:00:27:74:5b:11
Sending on LPF/eth0/08:00:27:74:5b:11
Sending on Socket/fallback
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
DHCPOFFER from 192.168.1.1
DHCPREQUEST on eth0 to 255.255.255.255 port 67
DHCPACK from 192.168.1.1
bound to 192.168.1.7 — renewal in 40126 seconds.

DHCP Security Configuration

DHCP Security Configuration

results matching ""

No results matching ""