TechRepublic|Forums|Networks

Networks

Question

  • Creator
    Topic
  • December 7, 2011 at 12:50 pm #2209432

    I have DHCP enabled on the Windows Server why is the DHCP server need to be enabled on the firewall?

    Locked

    by shadetreeadmin · about 10 years, 5 months ago

    No one can get to the Internet unless the Firewall DHCP is enabled.
    This is a simple setup that is connected as follows Cloud->Router->Firewall (gateway)->Switches->Machines (including the Win 2008 server).

    Topic is locked This conversation is currently closed to new comments.
  • Creator
    Topic

All Answers

  • Author
    Replies
    • December 7, 2011 at 12:50 pm #2444452

      Clarifications

      by shadetreeadmin · about 10 years, 5 months ago

      In reply to I have DHCP enabled on the Windows Server why is the DHCP server need to be enabled on the firewall?

      Clarifications

    • December 7, 2011 at 1:04 pm #2444451

      Depends on what you have running on it

      by oh smeg · about 10 years, 5 months ago

      In reply to I have DHCP enabled on the Windows Server why is the DHCP server need to be enabled on the firewall?

      But no it doesn’t need to be the Gateway unless you have a Gateway App running on it.

      Col

    • December 7, 2011 at 1:23 pm #2444449

      it doesnt need to be on it

      by markp24 · about 10 years, 5 months ago

      In reply to I have DHCP enabled on the Windows Server why is the DHCP server need to be enabled on the firewall?

      As Oh Smeg states, unless your running a service that needs it, then you should not require DHCP on that server.

    • December 7, 2011 at 1:26 pm #2444447

      Just another thought

      by srakhra · about 10 years, 5 months ago

      In reply to I have DHCP enabled on the Windows Server why is the DHCP server need to be enabled on the firewall?

      Hi there,

      It is purely because of security purpose. If blocked clients may find it difficult to attach to your DHCP server to acquire an IP address. Firewall basically is design to block everything. Its only through allowing access via a port number, MAC address or program association that this characteristic of firewall can be modified as per the requirement. So enabling DHCP services on the server is not worth unless its allowed through in firewall too.

      Just wondering I never enabled this before and yet when I looked into my firewalls settings on Win Srv 2008 R2 I found it enabled by default.

      Satts

    • December 7, 2011 at 7:09 pm #2444439

      traceroute

      by charles bundy · about 10 years, 5 months ago

      In reply to I have DHCP enabled on the Windows Server why is the DHCP server need to be enabled on the firewall?

      ping, nslookup and ipconfig are your friends here. I’d say one of two things is happening –

      A) Your firewall has a different IP/subnet from your DHCP scope under AD
      B) DHCP on the server isn’t set to supply the right IP for the gateway and DNS

      Use the above listed tools on both the firewall and AD DHCP setups. That should narrow down if it is a routing/IP problem or a name resolution problem. Good Luck!

    • December 8, 2011 at 7:58 am #2445541

      You Shouldn’t Need DHCP On the Firewall

      by cfwhitman · about 10 years, 5 months ago

      In reply to I have DHCP enabled on the Windows Server why is the DHCP server need to be enabled on the firewall?

      Rest assured that you should not need DHCP enabled on the firewall if you’re running it on another server. To figure out what’s going on is a process of elimination.

      You might try turning off DHCP on the firewall and releasing and renewing the IP address on a client and checking to see if it has the correct TCP/IP settings after you renew it. If it doesn’t, then you know you have a configuration problem on the DHCP server. If it does have the correct settings, then you probably have a configuration problem on the firewall (or at least a non-matching configuration between the firewall and the DHCP server; that is, they don’t agree on which traffic should be let through the firewall).

      As Charles Bundy said, network testing commands like traceroute, ipconfig, nslookup, and ping should reveal the problem. You may also need to brush up on the general principles of firewall configuration, and how to institute them on your particular firewall.

      Of course, it’s possible that it would also work for you to turn off your internal DHCP server and just let the firewall do DHCP. If it were me, though, I’d want to know why it wasn’t working even if I did decide to use the firewall’s DHCP at a later time.

    • December 8, 2011 at 8:43 am #2445530

      As mentioned, it sounds like DNS/DHCP config issues on the server(s)

      by christexan · about 10 years, 5 months ago

      In reply to I have DHCP enabled on the Windows Server why is the DHCP server need to be enabled on the firewall?

      First, your subnet configuration should be reviewed in DHCP/DNS, your IP “gateway” setting (aka 003 Router in Windows DHCP under Scope Options) should point to the internal address for the firewall.
      Your firewall’s internal address should be hard-coded to an IP in the same subnet as your machines (often either x.x.x.1 or x.x.x.254 to put it at one “end” of the range).
      Your DHCP client settings for the gateway in the DHCP server should match the firewall’s internal IP address.
      The DHCP server “DHCP server” address should match your DHCP server’s IP address if you run an” IPCONFIG /ALL” from the command line.
      Example:
      Windows/DHCP server address = 10.1.1.5
      Firewall/Gateway address = 10.1.1.1.
      All servers or other “static” addressed machines should have their gateway address set to 10.1.1.1.
      In DHCP, the client scope settings should be set with a gateway (003 Router setting) of 10.1.1.1
      In DHCP scope address pool, you need setup an exclusion for the firewall address for 10.1.1.1 (and any other static IP servers/devices) so another machine doesn’t try to take it, causing a conflict. Or you can setup reservations for each device (requires mac addressing, a little more complicated than just an exclusion).
      -end example-
      Typically it is very common for a small environment, to preconfigure DHCP with a “static” pool, and a DHCP pool. If you have a gateway at 10.1.1.1, 3 servers and a few printers that need static IPs, you might leave 10.1.1.1 through 10.1.1.25 out of the DHCP pool and use those addresses for those devices, and configure your DHCP pool to start at 10.1.1.26 through 10.1.1.254. If not, you’ll have to setup exclusions at random as needed.
      Good luck, hopefully these point you towards the solution.

    • December 8, 2011 at 2:55 pm #2445492

      Linux dhcp is also an option

      by open_source_user_01 · about 10 years, 5 months ago

      In reply to I have DHCP enabled on the Windows Server why is the DHCP server need to be enabled on the firewall?

      Linux dhcp is 100 times more flexible and verbose in logging than MS dhcp.

      Windows has the worst logging on system related services and it is vulernable to viruses/malware and the non-stop reboots from patches.

  • Author
    Replies
Viewing 7 reply threads