Originally Posted by
sky-knight
Ok allow me to clarify...
You CAN enable DHCP support on all interfaces. But to do so you must disable the system packet filter rule that prevents DHCP access on all interfaces.
At this time there are packet filter rules built in to manually allow access to the local DHCP server for Internal and DMZ. There are no other rules for the other interfaces. I've tried many times, and never managed to get a GUI based custom rule to work. This is due to some special things that IPTables must be configured for to pass DHCP successfully.
So you CAN enable DHCP on everything, but in the process you're going to allow DHCP access on your External interface. Which is in a word... bad.
So I should say, there is no secure way to enable DHCP on interfaces other than Internal and DMZ.
And there are many reasons to enable other interfaces that don't involve DHCP. Remember, a proper DMZ shouldn't ever have DHCP on it anyway. As a DMZ should be populated by servers only. It all depends on what you're planning on doing with a given network segment. Not all network segments are created for use by network clients.
P.S. don't poke at IPTables directly, you'll only get frustrated when your settings get nuked every 15 minutes.