I have come across an interesting problem on one of my networks. The main file server (a Windows box, which is set up for a static IP), will go and pull 10 DHCP addresses at once in addition to its static address. It appears to not use them, as the lease times begin decrementing immediately and within seconds of each other. However, it has caused problems for people trying to access the server, as well as tying up 10 addresses in our DHCP pool unnecessarily.
I want to write a filter that blocks the server’s MAC address from the DHCP server, but still allows the server to pass traffic throug the router as users demand. Is it as simple as:
Chain=input action=drop src-mac-address=xx:xx:xx:xx:xx:xx ?
Are there other parameters that need to set to block just DHCP requests?
Turns out the file server had RRAS running, even though it wasn’t being used by anyone. RRAS was pulling the addresses to have so that it could give them out as needed. I spoke with the server admin, and he went through and cleaned up a lot of unused services, including RRAS.
Problem solved, and I’m mostly posting this solution in case anyone in the future has a similar problem and searches the archives.