Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Allowing DHCP from ISP - Looking for a safe firewall rule
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Allowing DHCP from ISP - Looking for a safe firewall rule - 20.Jul.2008 11:37:26 PM
|
|
|
sander99
Posts: 13
Joined: 17.Jul.2008
Status: offline
|
Hi,
I suspect this is another 101 question.
I have two NIC's in my box. One going to my ISP. I noticed (the hard way) that I blocked the DHCP renewal formy ISA box from ISP.
What would be a good safe firewall rule that would enable that DHCP renewal traffic? I found that I can select the DHCP reply/request protocl. I'm afraid that I opened it up to wide as far as networks. Would Extern to localhost be safe?
|
|
|
|
|
RE: Allowing DHCP from ISP - Looking for a safe firewal... - 21.Jul.2008 9:07:53 AM
|
|
|
paulo.oliveira
Posts: 727
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: offline
|
Hi,
I think the best way to do it is allowing to/from yours ISP DHCP server address. This makes more sense then selecting the external network object.
Regards,
Paulo Oliveira.
|
|
|
|
|
RE: Allowing DHCP from ISP - Looking for a safe firewal... - 21.Jul.2008 9:11:18 AM
|
|
|
Budmaas
Posts: 48
Joined: 7.Oct.2007
Status: offline
|
External
|
|
|
|
|
RE: Allowing DHCP from ISP - Looking for a safe firewal... - 21.Jul.2008 7:18:05 PM
|
|
|
sander99
Posts: 13
Joined: 17.Jul.2008
Status: offline
|
I'm not sure that I can assume that my ISP's DHCP server stays the same?
Will the following rule work and still be safe?
From: external
To: localhost
Protocols: DHCP reply and request
What is lcoalhost exactly? I have two NIC's in my box. One going to the ISP, one to the internal network.
BTW. I'm also seeing that I'm blocking Netbios name service calls from my box to the ISP. Is this OK?
< Message edited by sander99 -- 21.Jul.2008 7:27:32 PM >
|
|
|
|
|
RE: Allowing DHCP from ISP - Looking for a safe firewal... - 22.Jul.2008 7:16:07 AM
|
|
|
paulo.oliveira
Posts: 727
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: offline
|
Hi,
you have to ask your ISP and check if the IP of DHCP server is static. Otherwise, try to get their range IP for the servers, even if they donīt have it, it is much better you put the whole IP range from them.
For sure this is more secure versus External network object.
LocalHost is the ISA machine itself. Everything that goes to an ISA machine is going to localhost network, regardless if it is internal or external.
You should block all unecessary traffic and explicit allow the one you want to. I would not recommend you allow netbios, once this protocol itīs not used on the internet.
Regards,
Paulo Oliveira.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
