filtering DHCP Server packets?

filtering DHCP Server packets?

Post by Birmingham Dav » Wed, 21 Mar 2001 08:13:34



We just started using an ISP router, which has a DHCP Server component that
cannot be disabled.  We currently are running Proxy 2 with 2 NICs.......one
connects to the internal LAN, the external NIC connects to a port on the ISP
router. The MS DHCP Server crashes as it detects the other DCHP Server on
the network.  The obvious solution is to just give the internal clients a
static IP address, which in this case is possible considering the small size
of the company. However for larger clients I would not like to do this.  Is
there a way, that I could prevent the NT Server from detecting the other
DCHP server on the network?

Thanks,

Dave

 
 
 

filtering DHCP Server packets?

Post by SuperGumb » Wed, 21 Mar 2001 08:22:42


unbind the DHCP service from the NIC going to the router,,, in the network
properties, bindings.


>We just started using an ISP router, which has a DHCP Server component that
>cannot be disabled.  We currently are running Proxy 2 with 2 NICs.......one
>connects to the internal LAN, the external NIC connects to a port on the
ISP
>router. The MS DHCP Server crashes as it detects the other DCHP Server on
>the network.  The obvious solution is to just give the internal clients a
>static IP address, which in this case is possible considering the small
size
>of the company. However for larger clients I would not like to do this.  Is
>there a way, that I could prevent the NT Server from detecting the other
>DCHP server on the network?

>Thanks,

>Dave


 
 
 

filtering DHCP Server packets?

Post by David » Wed, 21 Mar 2001 09:14:02


It can also filtered on the router itself  -
 either ask your ISP to do it or check your router manual
David


> unbind the DHCP service from the NIC going to the router,,, in the network
> properties, bindings.


> >We just started using an ISP router, which has a DHCP Server component
that
> >cannot be disabled.  We currently are running Proxy 2 with 2
NICs.......one
> >connects to the internal LAN, the external NIC connects to a port on the
> ISP
> >router. The MS DHCP Server crashes as it detects the other DCHP Server on
> >the network.  The obvious solution is to just give the internal clients a
> >static IP address, which in this case is possible considering the small
> size
> >of the company. However for larger clients I would not like to do this.
Is
> >there a way, that I could prevent the NT Server from detecting the other
> >DCHP server on the network?

> >Thanks,

> >Dave

 
 
 

filtering DHCP Server packets?

Post by Phil Windel » Thu, 22 Mar 2001 00:05:34


In addition to the other suggestions you got, which should work fine, I
think you may have a problem with your DHCP server. It should *not* crash
because it sees another on the network. Having more than one is commmon
practice on a large system as long as each one has a different scope. And
even if by accident they should have overlapping scopes, they still
shouldn't crash, but would simply cause duplicate addresses on the network.

I suspect if it is crashing, that there is other problems with it.

--
Phillip Windell (MCP)

WAND TV
www.wandtv.com


Quote:> We just started using an ISP router, which has a DHCP Server component
that
> cannot be disabled.  We currently are running Proxy 2 with 2
NICs.......one
> connects to the internal LAN, the external NIC connects to a port on the
ISP
> router. The MS DHCP Server crashes as it detects the other DCHP Server on
> the network.  The obvious solution is to just give the internal clients a
> static IP address, which in this case is possible considering the small
size
> of the company. However for larger clients I would not like to do this.
Is
> there a way, that I could prevent the NT Server from detecting the other
> DCHP server on the network?

> Thanks,

> Dave

 
 
 

filtering DHCP Server packets?

Post by John Knap » Thu, 22 Mar 2001 00:16:55


Small Business Server 4.5 has been "modified" to prevent "rogue" DHCP. It
*will* indeed shut down with an event log error if it "sees" another DHCP
server on the physical (as opposed to logical segment) network.

--
Regards,
John M. Knapp
Systems Administrator
Hunt Leibert Chester & Jacobson, P.C.
(860) 808-0606 x125 (voice)
(860) 808-0625 (fax)


> In addition to the other suggestions you got, which should work fine, I
> think you may have a problem with your DHCP server. It should *not* crash
> because it sees another on the network. Having more than one is commmon
> practice on a large system as long as each one has a different scope. And
> even if by accident they should have overlapping scopes, they still
> shouldn't crash, but would simply cause duplicate addresses on the
network.

> I suspect if it is crashing, that there is other problems with it.

> --
> Phillip Windell (MCP)

> WAND TV
> www.wandtv.com



> > We just started using an ISP router, which has a DHCP Server component
> that
> > cannot be disabled.  We currently are running Proxy 2 with 2
> NICs.......one
> > connects to the internal LAN, the external NIC connects to a port on the
> ISP
> > router. The MS DHCP Server crashes as it detects the other DCHP Server
on
> > the network.  The obvious solution is to just give the internal clients
a
> > static IP address, which in this case is possible considering the small
> size
> > of the company. However for larger clients I would not like to do this.
> Is
> > there a way, that I could prevent the NT Server from detecting the other
> > DCHP server on the network?

> > Thanks,

> > Dave

 
 
 

filtering DHCP Server packets?

Post by Phil Windel » Thu, 22 Mar 2001 02:12:35


Ah! Ok, I didn't know that.

Thanks, guy,

--
Phillip Windell (MCP)

WAND TV
www.wandtv.com


> Small Business Server 4.5 has been "modified" to prevent "rogue" DHCP. It
> *will* indeed shut down with an event log error if it "sees" another DHCP
> server on the physical (as opposed to logical segment) network.

> --
> Regards,
> John M. Knapp
> Systems Administrator
> Hunt Leibert Chester & Jacobson, P.C.
> (860) 808-0606 x125 (voice)
> (860) 808-0625 (fax)



> > In addition to the other suggestions you got, which should work fine, I
> > think you may have a problem with your DHCP server. It should *not*
crash
> > because it sees another on the network. Having more than one is commmon
> > practice on a large system as long as each one has a different scope.
And
> > even if by accident they should have overlapping scopes, they still
> > shouldn't crash, but would simply cause duplicate addresses on the
> network.

> > I suspect if it is crashing, that there is other problems with it.

> > --
> > Phillip Windell (MCP)

> > WAND TV
> > www.wandtv.com



> > > We just started using an ISP router, which has a DHCP Server component
> > that
> > > cannot be disabled.  We currently are running Proxy 2 with 2
> > NICs.......one
> > > connects to the internal LAN, the external NIC connects to a port on
the
> > ISP
> > > router. The MS DHCP Server crashes as it detects the other DCHP Server
> on
> > > the network.  The obvious solution is to just give the internal
clients
> a
> > > static IP address, which in this case is possible considering the
small
> > size
> > > of the company. However for larger clients I would not like to do
this.
> > Is
> > > there a way, that I could prevent the NT Server from detecting the
other
> > > DCHP server on the network?

> > > Thanks,

> > > Dave

 
 
 

filtering DHCP Server packets?

Post by Birmingham Dav » Thu, 22 Mar 2001 03:23:19


Since SBS 4.5 has been modified, will disabling the DCHP Server on the
external NIC solve my problem?? Or will SBS still be able to detect the
other DHCP Server?


> Small Business Server 4.5 has been "modified" to prevent "rogue" DHCP. It
> *will* indeed shut down with an event log error if it "sees" another DHCP
> server on the physical (as opposed to logical segment) network.

> --
> Regards,
> John M. Knapp
> Systems Administrator
> Hunt Leibert Chester & Jacobson, P.C.
> (860) 808-0606 x125 (voice)
> (860) 808-0625 (fax)



> > In addition to the other suggestions you got, which should work fine, I
> > think you may have a problem with your DHCP server. It should *not*
crash
> > because it sees another on the network. Having more than one is commmon
> > practice on a large system as long as each one has a different scope.
And
> > even if by accident they should have overlapping scopes, they still
> > shouldn't crash, but would simply cause duplicate addresses on the
> network.

> > I suspect if it is crashing, that there is other problems with it.

> > --
> > Phillip Windell (MCP)

> > WAND TV
> > www.wandtv.com



> > > We just started using an ISP router, which has a DHCP Server component
> > that
> > > cannot be disabled.  We currently are running Proxy 2 with 2
> > NICs.......one
> > > connects to the internal LAN, the external NIC connects to a port on
the
> > ISP
> > > router. The MS DHCP Server crashes as it detects the other DCHP Server
> on
> > > the network.  The obvious solution is to just give the internal
clients
> a
> > > static IP address, which in this case is possible considering the
small
> > size
> > > of the company. However for larger clients I would not like to do
this.
> > Is
> > > there a way, that I could prevent the NT Server from detecting the
other
> > > DCHP server on the network?

> > > Thanks,

> > > Dave

 
 
 

filtering DHCP Server packets?

Post by John Knap » Thu, 22 Mar 2001 03:24:11


No problem, I saw that the OP had cross-posted.

JK


> Ah! Ok, I didn't know that.

> Thanks, guy,

> --
> Phillip Windell (MCP)

> WAND TV
> www.wandtv.com



> > Small Business Server 4.5 has been "modified" to prevent "rogue" DHCP.
It
> > *will* indeed shut down with an event log error if it "sees" another
DHCP
> > server on the physical (as opposed to logical segment) network.

> > --
> > Regards,
> > John M. Knapp
> > Systems Administrator
> > Hunt Leibert Chester & Jacobson, P.C.
> > (860) 808-0606 x125 (voice)
> > (860) 808-0625 (fax)



> > > In addition to the other suggestions you got, which should work fine,
I
> > > think you may have a problem with your DHCP server. It should *not*
> crash
> > > because it sees another on the network. Having more than one is
commmon
> > > practice on a large system as long as each one has a different scope.
> And
> > > even if by accident they should have overlapping scopes, they still
> > > shouldn't crash, but would simply cause duplicate addresses on the
> > network.

> > > I suspect if it is crashing, that there is other problems with it.

> > > --
> > > Phillip Windell (MCP)

> > > WAND TV
> > > www.wandtv.com



> > > > We just started using an ISP router, which has a DHCP Server
component
> > > that
> > > > cannot be disabled.  We currently are running Proxy 2 with 2
> > > NICs.......one
> > > > connects to the internal LAN, the external NIC connects to a port on
> the
> > > ISP
> > > > router. The MS DHCP Server crashes as it detects the other DCHP
Server
> > on
> > > > the network.  The obvious solution is to just give the internal
> clients
> > a
> > > > static IP address, which in this case is possible considering the
> small
> > > size
> > > > of the company. However for larger clients I would not like to do
> this.
> > > Is
> > > > there a way, that I could prevent the NT Server from detecting the
> other
> > > > DCHP server on the network?

> > > > Thanks,

> > > > Dave

 
 
 

filtering DHCP Server packets?

Post by John Knap » Thu, 22 Mar 2001 03:30:07


WinNT4.0SP4 or greater is needed to disable the DHCP binding to the external
NIC. I seem to recall some issues with "vanilla" SP4 where the MSProxy
firewall would not "firewall fast enough" to block the packets; but it's
been some time since I've seen this issue, and my recollection may be
faulty.

--
Regards,
John M. Knapp
Systems Administrator
Hunt Leibert Chester & Jacobson, P.C.
(860) 808-0606 x125 (voice)
(860) 808-0625 (fax)

****************************************************************************
********
follow-up set to  "microsoft.public.backoffice.smallbiz", my apologies to
all for not having done so previously!
****************************************************************************
********


> Since SBS 4.5 has been modified, will disabling the DCHP Server on the
> external NIC solve my problem?? Or will SBS still be able to detect the
> other DHCP Server?



> > Small Business Server 4.5 has been "modified" to prevent "rogue" DHCP.
It
> > *will* indeed shut down with an event log error if it "sees" another
DHCP
> > server on the physical (as opposed to logical segment) network.

> > --
> > Regards,
> > John M. Knapp
> > Systems Administrator
> > Hunt Leibert Chester & Jacobson, P.C.
> > (860) 808-0606 x125 (voice)
> > (860) 808-0625 (fax)



> > > In addition to the other suggestions you got, which should work fine,
I
> > > think you may have a problem with your DHCP server. It should *not*
> crash
> > > because it sees another on the network. Having more than one is
commmon
> > > practice on a large system as long as each one has a different scope.
> And
> > > even if by accident they should have overlapping scopes, they still
> > > shouldn't crash, but would simply cause duplicate addresses on the
> > network.

> > > I suspect if it is crashing, that there is other problems with it.

> > > --
> > > Phillip Windell (MCP)

> > > WAND TV
> > > www.wandtv.com



> > > > We just started using an ISP router, which has a DHCP Server
component
> > > that
> > > > cannot be disabled.  We currently are running Proxy 2 with 2
> > > NICs.......one
> > > > connects to the internal LAN, the external NIC connects to a port on
> the
> > > ISP
> > > > router. The MS DHCP Server crashes as it detects the other DCHP
Server
> > on
> > > > the network.  The obvious solution is to just give the internal
> clients
> > a
> > > > static IP address, which in this case is possible considering the
> small
> > > size
> > > > of the company. However for larger clients I would not like to do
> this.
> > > Is
> > > > there a way, that I could prevent the NT Server from detecting the
> other
> > > > DCHP server on the network?

> > > > Thanks,

> > > > Dave