Another DHCP question

[Antony Stone]

Hi.


I wonder if anyone can help with this one (I know it's a little off-topic, 
but if people are familiar with DHCP things, maybe they've done this 
before ?)

I have a firewall running netfilter / iptables, and also acting as a DHCP 
server, to give addresses to client systems on the inside of the firewall.

I have an empty network definition in my dhcp server config for the 
external interface, so the server knows not to try and give out addresses 
on that interface.

So far so good.

So long as I have a static address on my external interface (which I SNAT 
all the internal clients behind - works fine), then everything goes well.

However, in some situations (eg connecting the firewall to a cable modem 
for the external link), I need the external interface to GET an address by 
DHCP using a DHCP client, and I can't seem to stop the server which is 
running on the system from sending a NAK direct to the client as soon as 
it requests an address on the external interface, before the cable modem 
can respond and provide the address !

Any ideas how I can run a DHCP server on (several) internal interfaces, 
and a DHCP client on the (single) external interface, without the two 
talking to each 'inside the box' ?



Antony.