dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
363
foodog4
join:2015-03-03
Piqua, KS

foodog4

Member

[KS] COX DHCP and RFC1918 Blocking Question

I'm trying to set up ingress blocking of RFC1918 addresses and have discovered COX DHCP server appears to be in the 10.x.x.x block as I can get an address after removing that from my ACL, so my question is which host or network do I need to allow to pass through my WAN side in order for my DHCP lease to renew?

Thanks!
nickphx
join:2009-10-29
Phoenix, AZ

nickphx

Member

I would monitor where the answers come from. Looking at my logs I get dhcp answers from 172.19.73.55. The dhcp server IP hasn't changed.

Mar 1 09:33:27 cocks dhclient: DHCPREQUEST of x53 on em1 to 172.19.73.55 port 67
Mar 1 09:33:27 cocks dhclient: DHCPACK of x53 from 172.19.73.55
Mar 1 09:33:27 cocks dhclient: bound to x53 -- renewal in 34576 seconds.
whosmatt
join:2005-02-28
San Diego, CA

2 edits

whosmatt to foodog4

Member

to foodog4
I have RFC1918 blocked on my WAN and it doesn't cause any issues whatsoever. It does allow outgoing connections to RFC1918 addresses, so I can access my cable modem at 192.168.100.1... just blocks any incoming (meaning unsolicited) connections.

FWIW my firewall logs are full of DHCP request blocks from at least one 10.x.x.x address.

M

Edit: Looked at where my current WAN lease came from... 172.19.97.31. YMMV

basit
join:2003-11-25
Portsmouth, VA

basit to foodog4

Member

to foodog4
Easiest thing I found is to set up your ACL with what you know you want to permit and block and then add a permit any any with logging at the end and monitor for a few days. Look through the log daily and make a list that you need to allow and then change the line to deny any any and you should be fine, unless they change the address for the DHCP server. You can then just repeat above procedure.