6. So what must a firewall pass?

A bridging firewall should permit the following packets to pass. We again assume the 163.1.14.0/255.255.254.0 subnet with gateway 163.1.15.254; you will need to replace these with your own network, netmask and gateway addresses.

Outgoing:

UDP 0.0.0.0 68  > 255.255.255.255 67
UDP 163.1.14.0/255.255.254.0 > 129.67.1.2 67
UDP 163.1.14.0/255.255.254.0 > 163.1.2.2 67

Incoming:

UDP 163.1.15.254 67 > 163.1.14.0/255.255.254.0 68
UDP 129.67.1.2 67 > 163.1.14.0/255.255.254.0 68
UDP 163.1.2.2 67 > 163.1.14.0/255.255.254.0 68

Routing firewalls are more complicated: the firewall itself will be acting as the gateway for internal hosts and must therefore be able to forward the traffic to the external DHCP servers. If purchasing such a firewall you will need to ensure that it can do this, or else implement your own DHCP server in-house.

Up: Contents Previous: 5. Renewing lease