Microsoft KB Archive/252432

From BetaArchive Wiki
< Microsoft KB Archive
Revision as of 12:52, 21 July 2020 by X010 (talk | contribs) (Text replacement - """ to """)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Knowledge Base


Article ID: 252432

Article Last Modified on 5/2/2000



APPLIES TO

  • Microsoft Proxy Server 2.0 Standard Edition



This article was previously published under Q252432

SYMPTOMS

If you set up Proxy Server 2.0 on a multihomed computer with packet filtering enabled and the external network adapter obtains an IP address from a Dynamic Host Configuration Protocol (DHCP) server, the external network adapter may not be able to renew the IP address lease for the external interface after the lease has expired.

CAUSE

When the external interface attempts to renew the IP address from the DHCP server at a predetermined time (determined by the DHCP server), a DHCP renewal request is sent from the local client's User Datagram Protocol (UDP) port 68 to the DHCP server's UDP port 67. These ports are closed by default when packet filtering in Proxy Server 2.0 is enabled, so the request never leaves the proxy server's external interface.

RESOLUTION

To resolve this issue, create a custom packet filter exception for UDP ports 67 and 68. To create this custom filter click Start, point to Programs, click Microsoft Proxy Server, click Microsoft Management Console), right-click either Web Proxy or Winsock Proxy, click Properties, and then click Security.

There are two custom filters that you can create to resolve this issue:

  • Create a custom packet filter for UDP with the direction set to Both. Specify local port 68 and destination port 67.
  • Create a custom packet filter for UDP with the direction set to Both with any local port and destination port. Set a specific remote host and type for the IP address of the DHCP server.


WORKAROUND

To work around this behavior, disable packet filtering. Microsoft does not recommend this method because it introduces a security risk if the computer is connected to an Internet service provider (ISP) or directly to the Internet. Microsoft recommends using the method that is described in the "Resolution" section.

STATUS

This behavior is by design.

MORE INFORMATION

When a proxy server that is running packet filtering obtains the external IP address from a DHCP server, the method that is described in the "Resolution" section allows the interface only to renew the IP address. If the IP address is released before a renew attempt is made, the DHCP renew attempt may not succeed. This occurs because the IP address of the adapter is set to 0.0.0.0 when a release occurs. The Proxy 2.0 Packet Filter driver requires that external adapters have an IP address that resides in the proxy local address table (LAT). If the DHCP address is released and the address is set to 0.0.0.0, the Proxy Server-based computer must be rebooted to obtain a new IP address and ensure that packet filtering is working properly.

REFERENCES

ipfltdrv.sys

Keywords: kbenv kbnetwork kbprb KB252432