DHCP and Firewall

Kinda hard to even begin to suggest where your issue might be without seeing the iptables script or commands you use to set up, including any iptables flush commands.

But you're probably not having the right kind of iptables permit statements for DHCP and it's falling through to some sort of deny-by-default-and-log-it statement. Or you have a policy for one of the tables (e.g. INPUT, OUTPUT) set to DROP by default and don't have a corresponding permit statement.

I don't use DHCP on my Linodes – I just set the IP statically. That saves me the need to run an extra daemon and frees up a bit of memory and a few seconds of waiting for the DHCP negotiation process to finish. DHCP is merely a convenience, but you'd do just fine with static IPs set up in your configs.

I'm sorry if I wasn't clear enough. I'm using the iptables script in the guide I linked to:

http://www.linode.com/wiki/index.php/Ne … Mini_Howto">http://www.linode.com/wiki/index.php/NetfilterIPTablesMini_Howto

And what you said is exactly what's happening. The script blocks everything by default and then opens a few ports. DHCP is blocked.

I think that switching to static IP is good idea. Problem will happen if I clone my linode or move it to a different dc. But these should be easy to fix as long as I remember to do so quickly.

Still, if someone kindly answers my question, it will be great:

• Is it necessary to punch holes for DHCP? If yes, how?

@ah:

• Is it necessary to punch holes for DHCP? If yes, how?
  Yes, DHCP is network traffic. It doesn't get special treatment just because it's DHCP.

Thanks everyone for your help. I decided that DHCP wasn't worth it and switched to a static IP configuration.

@ah:

• Is it necessary to punch holes for DHCP? If yes, how?

iptables -I INPUT -i eth0 -p udp –dport 67:68 --sport 67:68 -j ACCEPT