How do I allow clients to lease ip addresses with DHCP through iptables?

Scott Summers asked:

I have looked around and I am very confused on how I can forward dhcp request to client using iptables. I understand that DHCP works on two UDP ports 67 for server side and 68 for client side. My network looks kind of like this:
Network Topology

I have set INPUT, OUTPUT, FORWARD chains and flushed everything. I tried iptables -A FORWARD -p udp -s 0/0 --dport 67 -j ACCEPT
iptables -A FORWARD -p udp -d 0/0 --sport 67 -J ACCEPT

iptables -A FORWARD -p udp -s 0/0 --dport 68 -j ACCEPT
iptables -A FORWARD -p udp -s 0/0 --sport 68 -j ACCEPT

But this does not work!

My answer:


DHCP is not a routable protocol. It operates on a single link. But you have a router between the client and the intended DHCP server.

If you want this to have a chance of working, you will need to install a DHCP relay on the router, so that clients on the second subnet can reach the DHCP server on the first subnet. You also need to reconfigure the DHCP server to give out appropriate IP addresses for the second subnet, which must be different to the first subnet.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.