[Nottingham] Broadband - where does the cable modem need to go?

[Chris Hastie]

On Fri, 14 Mar 2003, Duncan John Fyfe <djf@star.le.ac.uk> wrote
>On Thu, 13 Mar 2003, David Luff wrote:
>
>
>> These iptable things seem very complicated... :-(
>>
>
>ok, I'll bite.
>Here is the iptables script from my firewall.  It is a hand crafted (fouled ?)
>job.
>I've changed a few numbers to N's to protect the guilty, so fill them in
>as required.  Not all are necessary some are there because this is a 
>handy place to store them should I need them.  I've also retained a few 
>bits of cruft from other folks scripts which I don't need.
>
># NTL CABLE MODEM
>NTL_MODEM_IP=NN.NN.NN.NN
>NTL_MODEM_MAC=NN:NN:NN:NN:NN:NN
>
These don't appear to get used again, so I assume they're redundant

># DHCP assumed if INET_IFACE != ppp0
>
>DHCP_SERVER="62.254.0.21"

Mmm, I'm not sure about being specific about the DHCP server's address. 
In the three years or so I've had a cable modem I think I've only seen 
two IP addresses changes, but they have happened, and one involved a 
change of sub-net and therefore DHCP server.

I've also seen problems in the past with specifying the IP in that not 
all packets appear to come from there. From what I recall, they 
occasionally appear to come from the subnet's broadcast address.

FWIW, I've ended up with the following rules for IPFW with respect to 
DHCP. I'm not entirely sure why, just empirically anything tighter 
caused me problems:

# Allow DHCP
$fwcmd add allow log logamount 0 udp from any 67 to any 68 in recv $pub_nic
$fwcmd add allow log logamount 0 udp from any 67 to any 68 out xmit $pub_nic
$fwcmd add allow log logamount 0 udp from any 68 to any 67 out xmit $pub_nic

-- 
Chris Hastie