[Cerowrt-devel] BCP38 implementation
toke at toke.dk
Wed Mar 19 18:31:47 EDT 2014
On 19 March 2014 22:44:06 CET, Dave Taht <dave.taht at gmail.com> wrote:
> wow, thx. I was just about to give up and declare cero "baked enough".
Haha, well, felt like hacking on something new, and thought this might be appropriate :)
> the core problem remaining is ensuring dhcp request and renew work
> with double-nat and that state is retained across a network and
> firewall reload.
Right. Well an easy fix could be to just omit the OUTPUT rule, so packets sent from the router itself are not blocked at all... But for double-nat, the actual traffic also needs to be allowed, I suppose.
Otherwise the documentation mentions hotplug scripts when an interface joins a firewall zone. That might be a suitable place to pick up addressing information? Storing it in the config shouldn't be a problem, but there probably needs to be some way for the user to override wrong auto-detection.
What source and dest ip does dhcp use?
More information about the Cerowrt-devel