[pkg-dhcp-devel] Bug#652739: A (possibly) useful tip

[John Winters]

Although old, this bug seems to be still extant in current versions 
(Wheezy) and in other distributions.  Various workarounds are documented 
on the web, but not all work in all installations.  For instance, if 
you're using Xen then you can't change the NIC type unless you have 
hardware virtualisation.

After a bit of research, I found one workaround which should work 
anywhere, and is probably worth documenting in the same place as the bug 
is documented.

On your client machine, set up a firewall rules as follows:

iptables -A POSTROUTING -t mangle -p udp --dport 67 -j CHECKSUM 
--checksum-fill

and on your server machine, do similarly with the following:

iptables -A POSTROUTING -t mangle -p udp --sport 67 -j CHECKSUM 
--checksum-fill

this will cause the firewall elves to fix the checksum which 
isc-dhcp-server/client has failed to put on the packets.

Slightly incredible that it's the same piece of software failing at both 
ends.  isc-dhcp fails to put a checksum on the packet, then refuses to 
process the packet because the checksum isn't there.

Anyway, a bit of pragmatic help I hope.

John