dnsmasq's dhcp blocked to clients by firestarter
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dnsmasq (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
firestarter (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: firestarter
server: hardy, clients hardy.
In a situation where firestarter is sharing the internet connection and act as a firewall, dnsmasq's dhcp server can not be reached by clients. Shutting down firestarter, all works fine, except the sharing of internet. Enable firstarter again, no dhcp.
The iptables rules decide that all destination traffic to 255.255.255.255 from source 0.0.0.0 (unknown) (even if the port is 67-68) will be dropped. (so no new dhcp requests)
The workaround was to add the following line to /etc/firestarte
$IPT -A INPUT -i $INIF -p udp -s 0.0.0.0 –sport 68 -d 255.255.255.255 –dport 67 -j ACCEPT
(thanks Andrew)
But i think firestarter should solve this. All new dhcp resolving is done by sending packets to 255.255.255.255 from source 0.0.0.0.
I hope this helps.
Regards. ... ow.. and keep up the good work ;)
Thanks for reporting this bug and helping in making Ubuntu better.
AFAICT this is not a bug in dnsmasq : if firestarter blocks UDP broadcasts to port 67, that will for sure prevent dnsmasq (or any other DHCP server) to receive and process DHCPDISCOVER / DHCPREQUESTs. So I'll mark this part of the bug invalid.