ipfw troubles

[Lowell Gilbert]

Dan Phiffer <dphiffer at hmc.edu> writes:

> I guess this means I'm not serving DHCP - what kind of rule would fix
> that?

There are two sides.  You need to accept the packets coming in to
dhcps, as well as the ones going out to dhcpc.  There are a number
of different ways to do this, but make sure you keep it limited to
the interface on which you intend to supply these addresses.

>       I read somewhere that simply using natd adds statefulness to an
> otherwise stateless ipfw configuration. Would an unstateful ipfw setup be
> less secure in this case?

Not necessarily, no.  The kinds of state being kept are quite
different, and there isn't any particular relationship between
them.  In fact, it's a lot more difficult to use stateful rules
with natd running, because the packets match differently depending
on whether they've been NAT'd already or not.