DHCP Server
 

Hi

I wonder if some of you technically minded people can answer a question :) I've just inspected the info when using the winipcfg tool and there is something strange. When I first set up my firewall rules I put in the DHCP address to permit it to connect to my machine. I've noticed now though, that the address is different to the one I have in my rule sets.

Question 1 : Is there anything I should be worried about here ?

Question 2 : Do I need to make another rule to allow this server to connect to my machine ?

Question 3 : By not allowing this new server address at the moment, should I be noticing any problems, such as my browsing speed being hit and miss at the moment, or is that just down to the temperamental proxy servers ?

Regards

Re: DHCP Server
 

Do you mean you Ip address has changed since you first installed? If so and you are using NTL (or any other ISP that uses a dynamic IP address) then this will happen.

Your IP will normally stay the same even after being re newed but sometimes, due to one circumstance or another, it will change.

Re: DHCP Server
 

Hi

No, not my ip address, the ip address of the DHCP server itself.

Regards

Re: DHCP Server
 

Hmmm,

You mean you have a software firewall I presume ??

And you have allowed your PC ( via said firewall program ) to talk to a DHCP server of a specific IP address ??

Is this correct ??

Re: DHCP Server
 

Hi

Yes, I have allowed a DHCP server from a specific ip address to (talk) to my machine through a software firewall. But the ip address of the DHCP server has changed since I originally configured the rule in my firewall.

Re: DHCP Server
 

Hmmm,

In theory if the DHCP server from NTL has changed address and it tries to issue another address you should not be able to peruse the web, however, both would have to be true for this to happen.

Make sure the IP that you are trying to DHCP from, is an IP of an NTL server. If so allow the DHCP, although if the NTL gurus out there can confirm or deny I would not have thought for this exact reason, that there are not many DHCP servers that are accessible by you or the DHCP servers do not change IP addresses very often,

As long as your IP is valid for you it should not affect browsing speeds, if the IP is not valid for you you should not be able to browse ( this, to be fair should not happen anyway ).

Re: DHCP Server
 

As far as I'm aware, ntl's DHCP server addresses are private addresses (somebody correct me if I'm wrong on that point) so how do I check if it's an ntl address or not ? It is very strange though, that an address that I have not specified as having access to my machine can still get through (maybe there is a more technical reason for this and I'd love an explanation from anyone) possibly something to do with routing :confused:

Regards

Re: DHCP Server
 

Have a read of Robin Walkers site at http://homepage.ntlworld.com/robin.d...dr.html#dhcpip

Re: DHCP Server
 

Whats the IP ?

Re: DHCP Server
 

Hi

I've already read that article, but it doesn't help me in wondering why it has changed from the original address to a different one.

Regards

Re: DHCP Server
 

What are the 2 IP's ??

Re: DHCP Server
 

The newly discovered ip is 10.185.16.134 although I can't say how long it has been changed for, as I've only just discovered it.

Regards

Re: DHCP Server
 

Did you read the bit about NTL having two DHCP servers per region and how to find the IP address of the second one?

Re: DHCP Server
 

I would expect that as NTL upgrades and reconfigures the infrastructure some IP addresses will change. Once a week I check all the IPs (UBR, DHCP...) just to make sure nothing has changed and if it has, I update my firewall (ZA Pro). I also guess that as a machine goes searching for a DHCP server to provide it with an IP address, it might not always find the same server. Dunno.

Re: DHCP Server
 

Hi

Yes, sorry I should have mentioned that earlier, I have rules for both DHCP servers in my ruleset. This new one is different to both of the original ones though.

Regards

Re: DHCP Server
 

Hi

I understand your point, but how is this new ip showing up in winipcfg ? And to add another twist to this, I log activity on my firewall, and it shows connections to my machine just as it should do. So why is winipcfg showing a different address to the one thats being logged on my firewall ? This is very confusing lol

Regards

Re: DHCP Server
 

What are the IP addresses involved?

Re: DHCP Server
 

My firewall rules are as follows

DHCP rule .......... Allow udp connections on local port 68 from 10.0.80.71 port 67

2nd DHCP.........Allow udp connections on local port 68 from 10.20.48.1 port 67

3rd rule ........ Allow udp outwards on local port 68 to 255.255.255.255 port 67

For as long as I can remember, I have logs from 10.20.48.1 constantly making connections with me.

Even as we speak its constantly making connections with me, but when I run winipcfg, it informes me that DHCP server address is 10.185.16.134 so how is that address making a connection with me (if indeed it is) as my firewall tells me what connections I have currently. And how is that address connecting to me in the first place as I don't give that address permission to connect to me ?

Regards

Re: DHCP Server
 

We're migrating to new dhcp servers at the moment, thats why the address has changed.

The .1 ip is your default gateway, which the initial dhcp discover broadcast is routed through, the subsequent dhcp chatter is unicast so that'll be the .134 address.

You should be able to bin the rules for the .71 ip now :)

Hope that helpls

Re: DHCP Server
 

Hi

So, let me get this right, the .134 is being routed through .1 as I suspected it might ? so I can get rid of the first DHCP rule and leave the other 2 in ?

Regards

Re: DHCP Server
 

Yes, feel free to remove the rule for 10.0.80.71 as its no longer in service.

:)

Re: DHCP Server
 

Thank You for your very informative response, much appreciated.

Regards

Re: DHCP Server
 

Can you confirm that access via STB is still through 10.0.76.70 & 10.0.76.71 in this area.

Re: DHCP Server
 

Those dhcps have also been taken out of service and traffic migrated to new addresses. (10.185.16.139 & 10.185.16.140 now for your firewall bits n bobs)

HTH

M

Re: DHCP Server
 

Just out of curiosity - why do those addresses look more like the address of my area's UBR (10.74.16.1) then my area's DCHP servers (62.252.224.21 & 62.252.224.20)?? Is there no consistency - varies from area to area?

Re: DHCP Server
 

The 10.x addresses are classed as private and dont route over the public network, the 62.x addresses are public and do.

You'll be using a cable modem and the other chaps above are likely on bb through the stb, both utililse different architecture for supplying the same service, hence the difference.

Just depends on which service you are using really :)

Re: DHCP Server
 

<greencreeper suddenly realises that it's all much more complicated than he first thought>

:D

Re: DHCP Server
 

Ick - didn't occur to me to drop a note to Robin.

Basically the STB platform was DHCP'd using lots of big old slow servers. They're being replaced by smaller, more centralised, faster servers. Easier to maintain, cheaper to run, higher capacity. Win/win situation.

The old servers were placed locally to your UBR. The new ones are placed centrally near all the other Interactive servers. Hence the address change.

Re: DHCP Server
 

Thanks for that, not checked DHCP for a while but have now added the new ones to trusted zone.:tu:

Re: DHCP Server
 

My rules allow the two known DHCP servers, the UBR private address, and broadcast address (as remote).

An additional rule allows it if the local address is broadcast - a bit cockeyed, but I had to throw that one in to resolve a problem, as the firewall implied "localhost is ME" without being set.

If your firewall allows it, always best to duplicate, and then disable, the generic DHCP rule, then edit the copy, so that you can quickly revert if you need to.

Re: DHCP Server
 

Hmmmm. When it comes to firewall rules there seems to be two camps: those who create rules such as "allow TCP traffic from my pc on port b to server x on port y" and those who put a server in the trusted zone and just allow any traffic to and from it. I don't see any benefit in doing the former - very controlling behaviour ;) Also very inflexible. I do the latter - all my mail servers, proxy server, DNS, DHCP, NNP, NTP, UBR, SETI, various FTP servers, and the CM subnet are in the trusted zone along with localhost.

Re: DHCP Server
 

I try to be generic, for things which ARE, and tight, for things which can be tightened without having to specify a new rule every time you do something.

DHCP can be used to misdirect your traffic - and why would somene attack YOU in that way? - well, generally, someone is attacking everyone. DNS is also restricted.

Put simply - I generally don't allow anything which is unexpected, but whwnever a new rule is required, I make it generic enough to cover all expected situations - if you HAVE a decent rules based firewall, no point setting it up like Zonealarm free (and any application needs MASSIVE justification before I'll give it anything that constitutes "Allow Server" - I have thrown "all ports outgoing" at some when anything else is just too much hassle - NEVER, except for testing and if totally desperate, would I EVER give an application "Trusted" status).