Two DHCP servers, tried blocking third party with IPTables

voarsh

Member
Nov 20, 2020
218
18
23
27
I added the following custom IPTable rules in a VM router (OpenMPTCProuter):

Code:
iptables -A INPUT -p tcp --src 192.168.1.1 -m tcp -m multiport ! --dports 80,443 -j DROP
iptables --append INPUT --protocol udp --src 192.168.1.1 --sport 67 --jump DROP
iptables --append INPUT --protocol tcp--src 192.168.1.1 --sport 53 --jump DROP
iptables --append INPUT --protocol udp --src 192.168.1.1 --sport 68 --jump DROP
iptables --append FORWARD --protocol udp --src 192.168.1.1 --sport 68 --jump DROP
iptables --append FORWARD --protocol udp --src 192.168.1.1 --sport 67 --jump DROP

I've called it WAN 3, it has DHCP on, I am unable to turn it off as it is serving other users.
I thought this was sufficient to block all DHCP traffic from WAN 3. After a while OpenMPTCProuter would display not connected (but all non DHCP VM's wouldn't be able to access sites).
My VM's inside Proxmox (OpenMPTCProuter is also in a VM) would start to show the WAN 3 in the Windows networking status (communityfibre.co.uk dns networking name).

I then became unsure if my traffic was even going through OpenMPTCProuter and my other two WAN networks. In my testing a new interface LAN using eth0 wouldn't

In Proxmox itself I set the following ebtables:

Code:
ebtables -I FORWARD 1 -p IPv4 --ip-src ! 192.168.100.1 --ip-proto udp --ip-sport 67 -j DROP
ebtables -I FORWARD 1 -p IPv4 --ip-src ! 192.168.100.1 --ip-proto udp --ip-sport 68 -j DROP

It seems the third party DHCP server still screws with my main DHCP server (the vm router, OpenMPTCProuter )
My networking switch has no firewall, so I can't firewall it at the hardware level
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!