I'm trying to expand my knowledge of ipchains and dhcp, but I'm not having much luck. What I am trying to do is setup a DHCP server on the backside of our firewall and then have the client communicate with the server and obtain an ip address.

I am running RedHat 6.2 with ipchains.

My rules are as follows

ipchains -I output -j DENY
ipchains -I input -j DENY
ipchains -i forward -j DENY

(Deny everything just like a politician.)

ipchains -A -i eth0 -p udp -s 10.129.10.0/24 68 -d 19.129.10.40 67 -j ACCEPT

ipchains -A -i eth0 -p udp -s 0.0.0.0 68 -d 10.129.10.40 67 -j ACCEPT

ipchains -A -i eth0 -p udp -s 0.0.0.0 68 -d 255.255.255.255 67 - j ACCEPT

ipchains -A output -i eth0 -p udp -s 10.129.10.40 67 -d 10.129.10.0/24 68 -j ACCEPT

ipchains -A output -i eth0 -p udp -s 10.129.10.40 67 -d 255.255.255.255 68 -J ACCEPT

ipchains -A output -i eth0 -p udp -s 0.0.0.0 67 -d 255.255.255.255 68 -j ACCEPT

ipchains -A output -i eth0 -p udp -s 10.129.10.40 67 --destination-port 68

If I change my default output rule to accept, I am able to use the dhcp server without any problems.

What have I missed on the output side?

/var/log/messages receives the dhcp_request and starts to send the dhcp_ack when send_packet: Operation Not permitted appears in the log.

Thanks in advance for your assistance.

Jay