[Cerowrt-devel] BCP38 implementation

Toke Høiland-Jørgensen toke at toke.dk
Wed Mar 19 18:31:47 EDT 2014

On 19 March 2014 22:44:06 CET, Dave Taht <dave.taht at gmail.com> wrote:
> wow, thx. I was just about to give up and declare cero "baked enough".

Haha, well, felt like hacking on something new, and thought this might be appropriate :)

> the core problem remaining is ensuring dhcp request and renew work
> even
> with double-nat and that state is retained across a network and
> firewall reload.

Right. Well an easy fix could be to just omit the OUTPUT rule, so packets sent from the router itself are not blocked at all... But for double-nat, the actual traffic also needs to be allowed, I suppose.

Otherwise the documentation mentions hotplug scripts when an interface joins a firewall zone. That might be a suitable place to pick up addressing information? Storing it in the config shouldn't be a problem, but there probably needs to be some way for the user to override wrong auto-detection.

What source and dest ip does dhcp use?


More information about the Cerowrt-devel mailing list