Alex Malinovich <[EMAIL PROTECTED]> writes: > > Unfortunately, it seems that no matter what I do requests (i.e. > DHCPDISCOVER from * via eth0) still come in on the external > connection (eth0).
I believe some (most?) Linux DHCP daemons (including the ISC "dhcpd" version 2 and 3) use an AF_PACKET socket for all communication. This very raw socket gets a copy of all frames, long before they hit the IPv4-specific packet filter that your "iptables" commands are configuring. Your best bet is, obviously, to configure your daemon to only bind to a specific interface. (The ISC "dhcpd" can do this with a command line option, as someone else has pointed out.) -- Kevin <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
