1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Block WAN DHCP Auto-renew or Block DHCP

Discussion in 'Tomato Firmware' started by Xero5, May 28, 2013.

  1. Xero5

    Xero5 Serious Server Member

    Hello,

    DHCP automatically renews half way though the lease. Is there any ways to block the autorenew from happening at all?

    If that is not possible on Tomato, is it possible to block DHCP though the WAN port so that I do not ever get a DHCP address from my ISP?

    I could then add that script to the Firewall to do something like this:

    Code:
    sleep 30
     
    [DHCP BLOCK SCRIPT]
    
    That way I can get the initial DHCP IP.

    The reason I would like to do this is because my ISP hands out "sticky" IPs and the only way to get a new IP is to allow the DHCP lease to expire without renewing. Unfortunately, my ISP increased its DHCP lease time to 2 weeks from 6 hours and it is not practical to keep my router off that long.

    Also, changing my router's MAC address won't work either because my ISP requires us to use their gateway and the only way to use Tomato instead is to spoof that gateways' MAC address.

    Thank you for your help.

    ______________________


    I have tried the following and it did not work:

    Code:
    sleep 30
     
    iptables -I wanout -p tcp --sport 67 -j DROP
    iptables -I wanout -p udp --sport 67 -j DROP
    iptables -I wanout -p tcp --dport 67 -j DROP
    iptables -I wanout -p udp --dport 67 -j DROP
     
    iptables -I wanin -p tcp --sport 67 -j DROP
    iptables -I wanin -p udp --sport 67 -j DROP
    iptables -I wanin -p tcp --dport 67 -j DROP
    iptables -I wanin -p udp --dport 67 -j DROP
     
    iptables -I wanout -p tcp --sport 68 -j DROP
    iptables -I wanout -p udp --sport 68 -j DROP
    iptables -I wanout -p tcp --dport 68 -j DROP
    iptables -I wanout -p udp --dport 68 -j DROP
     
    iptables -I wanin -p tcp --sport 68 -j DROP
    iptables -I wanin -p udp --sport 68 -j DROP
    iptables -I wanin -p tcp --dport 68 -j DROP
    iptables -I wanin -p udp --dport 68 -j DROP
    
     
  2. mstombs

    mstombs Network Guru Member

    You should be able to block the halftime renew with iptables but I think the communication for a full renew is via raw sockets outside iptables. Why not just killall udhcpc ?
     
  3. Malitiacurt

    Malitiacurt Networkin' Nut Member

    Having your IP changed every so often is not a real security benefit. It's just something tin-foil hatters do.

    I'd be happy to discuss this further if I can find the link where I had this discussion before repeatedly on a different forum.
     
  4. Xero5

    Xero5 Serious Server Member

    Thank you very much for telling me about the udhcpc. That worked to kill the autorenew.

    I know that changing your IP isn't a security benefit. But it's just a matter of preference. I want a new one every once in a while.
     

Share This Page