DHCP directed broadcast passing NAT

m.morianos · ‎08-14-2008

can I use an IP helper-address to direct DHCP broadcasts to a DHCP on the other side of a NAT? I'm thinking not.

tdrais · ‎08-14-2008

Never tried this one but you can in general nat traffic originated by the router itself. It just gets a little tricky because router generated messages do not com in a NAT IN interface.

Lets assume we go thought the trouble to get the message to nat. The reason I suspect it won't work is because the way the helper is using fields inside the dhcp request itself to indicate which interface it came from.

So lets assume you have a interface 192.168.1.1 that send a message to a helper and places 192.168.1.1 in the packet as the source interface. Now the source in the ip header of the packet gets natted to 10.10.10.10 but the one in the packet is left untouched and gets sent to the helper. The helper gets the packet looks inside and uses the 192.168.1.1 to generate a ip and places it back in the packets. This is good thing because if it used 10.10.10.10 it would have issues. Now he will attempt to send the packet back to the gateway using 192.168.1.1 which of course doesn't work because it needs to return to 10.10.10.10.

It been a while since I read the helper RFC but I am pretty sure it uses the internal address and not the address on the packets. This is not to say that someone might have a option on a DHCP server to get around this issue.