Contact for queries :

Login

  UpComing Live WebEx Workshop Series

Securing DHCP server with Firewall ( RHEL5/6)

Before any of the clients can start obtaining an IP address from the DHCP server, you need to deal with the security requirements for the DHCP server. They include adding a firewall rule with iptables and disabling any SELinux options that prevent the DHCP service from running.
For the firewall rule, you need to know that the DHCP server listens on UDP port 67 for incoming DHCP requests.
Step 1. Use iptables to create the required firewall rule:

# iptables -I INPUT 5 -p udp -m udp –dport 67 -j ACCEPT

Step 2. Save the firewall rule you just created:

# service iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]

Step 3. Then restart the iptables service:

# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]

With the firewall rules in place, you can shift your focus to SELinux. Well, wouldn’t you know…there are no SELinux requirements for a DHCP server.
You should now have a fully functional DHCP server! You can boot up your clients and see if they pick up an IP address, or if the client is already powered on, you can use the dhclient command to request an IP
address from the server.
Step 4. Request a dynamic IP from the server:

# dhclient
Internet Systems Consortium DHCP Client V3.0.5-RedHat
Copyright 2004-2006 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/
Listening on LPF/eth0/08:00:27:74:5b:11
Sending on LPF/eth0/08:00:27:74:5b:11
Sending on Socket/fallback
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
DHCPOFFER from 192.168.1.1
DHCPREQUEST on eth0 to 255.255.255.255 port 67
DHCPACK from 192.168.1.1
bound to 192.168.1.7 — renewal in 40126 seconds.

 

November 16, 2015

1 responses on "Securing DHCP server with Firewall ( RHEL5/6)"

Leave a Message

Your email address will not be published. Required fields are marked *

About iGURKUL

IGURKUL I.T. Training Hub offering various Career Certification courses in Computer Networking, Unix, Linux, Cloud Computing and DevOps Technologies. With its rich experience in IT training service sector, iGURKUL has been able to set Industry best practices in IT Training for the past five years.

In Past five years, more than 5000 professionals have been trained by iGURKUL for System administration, Cloud Computing and DevOps Skill set through our Online Training portal www.unixadminschool.com. And , each day , more than 10000 working professionals from all over the globe visiting our knowledge base www.unixadminschool.com/blog for the best practices and Knowledge learning.

top
copyright protected - 2011 © igurkul I.T. solutions. All rights reserved.