Re: Passing DHCP through a Hotbrick

From: Alec (
Date: 06/12/04

Date: Sat, 12 Jun 2004 04:13:14 GMT

"Michael A. Covington" <> wrote
in message
> "Lars M. Hansen" <> wrote in message
> > On Fri, 11 Jun 2004 19:29:50 -0400, Michael A. Covington spoketh
> >
> > >Greetings,
> > >
> > >Exactly how do you set up a Hotbrick firewall so that the machines
> it
> > >will be DHCP-served by the campus main DHCP server (out on the WAN)
> rather
> > >than the Hotbrick?
> > >
> > >Thanks!
> > >
> > >
> >
> > You can't. As far as I can tell from hotbricks' website, there's no
> > support for DHCP relay.
> That is very sad news, if true. I was mis-advised and may end up swapping
> this firewall to a department that can use it.
> Opening up UDP ports 67 and 68 won't do it? Admittedly I was unsuccessful
> with that, but I thought I had left out some detail.
> Also, Hotbrick *does* allow me to stop the firewall from being a DHCP
> server. I suppose I could hard-code the IP addresses into all the
> computers... but that would deprive us of the benefits of the campus DHCP
> server, such as its ability to update the list of nameservers dynamically.

Nope. The DHCP and BOOTP protocols are not layer 3, routable protocols.
Since the whole point is that the booting device does not have an IP
address, it must send out a layer 2 broadcast packet out on to the subnet to
ask for help from a DHCP server that is listening for such broadcasts.
Routers and firewalls do not generally pass layer 2 broadcast packets.
Therefore, you need a BOOTP/DHCP Relay Agent (RFC 1542) to listen for these
special broadcast packets and forward them on. Some routers and firewalls
have such functionality built-in and some do not. I do not know specifically
about the Hotbrick.