I added the following custom IPTable rules in a VM router (OpenMPTCProuter):
I've called it WAN 3, it has DHCP on, I am unable to turn it off as it is serving other users.
I thought this was sufficient to block all DHCP traffic from WAN 3. After a while OpenMPTCProuter would display not connected (but all non DHCP VM's wouldn't be able to access sites).
My VM's inside Proxmox (OpenMPTCProuter is also in a VM) would start to show the WAN 3 in the Windows networking status (communityfibre.co.uk dns networking name).
I then became unsure if my traffic was even going through OpenMPTCProuter and my other two WAN networks. In my testing a new interface LAN using eth0 wouldn't
In Proxmox itself I set the following ebtables:
It seems the third party DHCP server still screws with my main DHCP server (the vm router, OpenMPTCProuter )
My networking switch has no firewall, so I can't firewall it at the hardware level
Code:
iptables -A INPUT -p tcp --src 192.168.1.1 -m tcp -m multiport ! --dports 80,443 -j DROP
iptables --append INPUT --protocol udp --src 192.168.1.1 --sport 67 --jump DROP
iptables --append INPUT --protocol tcp--src 192.168.1.1 --sport 53 --jump DROP
iptables --append INPUT --protocol udp --src 192.168.1.1 --sport 68 --jump DROP
iptables --append FORWARD --protocol udp --src 192.168.1.1 --sport 68 --jump DROP
iptables --append FORWARD --protocol udp --src 192.168.1.1 --sport 67 --jump DROP
I've called it WAN 3, it has DHCP on, I am unable to turn it off as it is serving other users.
I thought this was sufficient to block all DHCP traffic from WAN 3. After a while OpenMPTCProuter would display not connected (but all non DHCP VM's wouldn't be able to access sites).
My VM's inside Proxmox (OpenMPTCProuter is also in a VM) would start to show the WAN 3 in the Windows networking status (communityfibre.co.uk dns networking name).
I then became unsure if my traffic was even going through OpenMPTCProuter and my other two WAN networks. In my testing a new interface LAN using eth0 wouldn't
In Proxmox itself I set the following ebtables:
Code:
ebtables -I FORWARD 1 -p IPv4 --ip-src ! 192.168.100.1 --ip-proto udp --ip-sport 67 -j DROP
ebtables -I FORWARD 1 -p IPv4 --ip-src ! 192.168.100.1 --ip-proto udp --ip-sport 68 -j DROP
It seems the third party DHCP server still screws with my main DHCP server (the vm router, OpenMPTCProuter )
My networking switch has no firewall, so I can't firewall it at the hardware level