Securing DHCP server with Firewall ( RHEL5/6)
Other Learning Articles that you may like to read
Free Courses We Offer
Paid Training Courses we Offer
Before any of the clients can start obtaining an IP address from the DHCP server, you need to deal with the security requirements for the DHCP server. They include adding a firewall rule with iptables and disabling any SELinux options that prevent the DHCP service from running.
For the firewall rule, you need to know that the DHCP server listens on UDP port 67 for incoming DHCP requests.
Step 1. Use iptables to create the required firewall rule:
# iptables -I INPUT 5 -p udp -m udp –dport 67 -j ACCEPT
Step 2. Save the firewall rule you just created:
# service iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
Step 3. Then restart the iptables service:
# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
With the firewall rules in place, you can shift your focus to SELinux. Well, wouldn’t you know…there are no SELinux requirements for a DHCP server.
You should now have a fully functional DHCP server! You can boot up your clients and see if they pick up an IP address, or if the client is already powered on, you can use the dhclient command to request an IP
address from the server.
Step 4. Request a dynamic IP from the server:
Internet Systems Consortium DHCP Client V3.0.5-RedHat
Copyright 2004-2006 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/
Listening on LPF/eth0/08:00:27:74:5b:11
Sending on LPF/eth0/08:00:27:74:5b:11
Sending on Socket/fallback
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
DHCPOFFER from 192.168.1.1
DHCPREQUEST on eth0 to 255.255.255.255 port 67
DHCPACK from 192.168.1.1
bound to 192.168.1.7 — renewal in 40126 seconds.