Page 1 of 1

Rougue DHCP server

Posted: Tue Oct 30, 2007 2:07 am
by kolorasta
I have read other post but they suggest using some apps to find rouge dhcp server...
but this is not what i want... i want some firewall rules only allow dhcp leases from my dhcp server.

Las weekend i had lot of problems because accidentally a client plug internet connection in the lan port of his router instead of plugging it in the wan port.... ahhhhhhhh lot of headache

Re: Rougue DHCP server

Posted: Tue Oct 30, 2007 2:54 am
by jwcn
Same problem here. You should be able to filter DHCP requests through the firewall but what about the clients that aren't connecting through a firewall i.e. on the same AP?

Re: Rougue DHCP server

Posted: Tue Oct 30, 2007 4:38 am
by Letni
I do not do a lot of wireless AP's with mikrotik, but I have read that you can uncheck the 'default forward' option to stop clients from passing traffic to each other on the same AP. This may help you. Otherwise I think you would have to add a /bridge filter rule to match and drop what you want.

-Louis

Re: Rougue DHCP server

Posted: Tue Oct 30, 2007 4:42 am
by Gunzoid
That happened to me last year. I tracked it down by foot and smashed it into a thousand pieces.
Very satisfying.

Re: Rougue DHCP server

Posted: Tue Oct 30, 2007 5:20 am
by kolorasta
Same problem here. You should be able to filter DHCP requests through the firewall but what about the clients that aren't connecting through a firewall i.e. on the same AP?
i think that Lerni is right... you have to disable "default forward" in the ap (and in every client in the access list, if you have any) and then use firewall rules in the AP... WHAT RULES??? that's what i wanna know

Re: Rougue DHCP server

Posted: Tue Oct 30, 2007 6:25 am
by tgrand
Here is a link to a message which has enough information to create your required rules:

http://forum.mikrotik.com/viewtopic.php ... hilit=dhcp

Re: Rougue DHCP server

Posted: Thu Feb 28, 2008 2:29 pm
by kolorasta
suppose that 192.168.2.1 is my dhcp server.
i want to block rogue dhcp servers in my network

putting this rule in ip/firewall/filter in every MT device in my network will block leases from rogue dhcp servers???

chain=forward action=drop dst-address=!192.168.2.1 dst-port=67 protocol=tcp