Bug #3257
ip /mac binding blocks dhcp server requests
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-firewall-base | |||
Target version: | v6.7 | |||
Security class: | Resolution: | |||
Affected version: | v6.6 | NEEDINFO: | No |
Description
*Nethserver with (at least) green + red configuration
- dhcp server enabled on green
- dhcp reservation
- ip /mac binding enabled
- ip/mac binding policy : block all traffic without binding
this kind of configuration is useful to leave all clients with a dynamic ip, the dhcp server release alway the same ip based on mac identification, the devices not in the dhcp reservations are blocked by the firewall.
In this scenario no devices can receive an ip address from the dhcp server because every request made to the firewall is blocked (the client is asking for an ip address but it hasn't anyone yet, so it won't match on the ip /mac binding table).
Associated revisions
Fix ip /mac binding blocks dhcp server requests. Refs #3257
IP/MAC binding: always enable dhcp option on green interfaces. Refs #3257
History
#1 Updated by Davide Marini almost 6 years ago
the solution is to add the option "dhcp" in the file /etc/shorewall/interfaces for the loc zones, the option accepts every request on ports 67, 68 UDP, it works even if in case of MACLIST_TABLE=mangle.
#2 Updated by Giovanni Bezicheri almost 6 years ago
- Assignee set to Giovanni Bezicheri
#3 Updated by Giovanni Bezicheri almost 6 years ago
- Category set to nethserver-shorewall
- Status changed from NEW to TRIAGED
- Target version set to v6.7
- % Done changed from 0 to 20
- Security class set to important
- Affected version set to v6.6
#4 Updated by Giovanni Bezicheri almost 6 years ago
- Status changed from TRIAGED to ON_DEV
- % Done changed from 20 to 30
#5 Updated by Giovanni Bezicheri almost 6 years ago
- Category changed from nethserver-shorewall to nethserver-firewall-base
#6 Updated by Giovanni Bezicheri almost 6 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
#7 Updated by Giovanni Bezicheri almost 6 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giovanni Bezicheri) - % Done changed from 60 to 70
- nethserver-firewall-base-2.8.0-1.2.g8db3022.ns6.noarch.rpm
Check the bug is not reproducible.
#8 Updated by Giacomo Sanchietti almost 6 years ago
- Status changed from ON_QA to TRIAGED
- % Done changed from 70 to 20
- Security class deleted (
important)
The fix should be much more simpler: add always dhcp option for green interfaces.
#9 Updated by Giacomo Sanchietti almost 6 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#10 Updated by Giacomo Sanchietti almost 6 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
#11 Updated by Giacomo Sanchietti almost 6 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
- nethserver-firewall-base-2.8.0-1.4.gd5830b3.ns6.noarch.rpm
- nethserver-firewall-base-ui-2.8.0-1.4.gd5830b3.ns6.noarch.rpm
- Check
dhcp
option is enabled on green interfaces - Check the bug is not reproducible
#12 Updated by dz0 0te almost 6 years ago
- Assignee set to dz0 0te
#13 Updated by dz0 0te almost 6 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
dz0 0te) - % Done changed from 70 to 90
System and Package Version installed
VM KVM - Clean install of Nethserver 6.7 fully updated - 2 eth
Package Installed: nethserver-firewall-base-2.8.0-1.ns6.noarch
nethserver-firewall-base-ui-2.8.0-1.ns6.noarch
Other Package installed: Basic firewall,DNS and DHCP server,Intrusion Prevention System
Test Original Problem
dhcp server enabled on green
dhcp reservation for client
ip /mac binding enabled
ip/mac binding policy : block all traffic without binding
pc in dhcp and ip/mac binding don't receive IP
Install Updated Package
yum --enablerepo=nethserver-testing update nethserver-firewall-base-2.8.0-1.4.gd5830b3.ns6.noarch nethserver-firewall-base-ui-2.8.0-1.4.gd5830b3.ns6.noarch
Test Results after update
Test case 1:
dhcp server enabled on green
dhcp reservation for client
ip /mac binding enabled
ip/mac binding policy : block all traffic without binding
pc in dhcp and with ip/mac binding enabled with block policy, receive ip and work correctly
Verified or Reopen
Verified
Note
#14 Updated by Giacomo Sanchietti over 5 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
- nethserver-firewall-base-ui-2.9.0-1.ns6.noarch.rpm
- nethserver-firewall-base-2.9.0-1.ns6.noarch.rpm