ip helper-address-utm168-ChinaUnix博客

当在接口使用 helper-address命令，路由器会前传接收到的UDP广播报文到指定服务器地址

Lab_B()#interface f0/0
Lab_B(config-if)#ip helper-address 192.168.254.251

下表列出了前传的数据包类型

Port or Protocol	Meaning	On by Default
<0–65535>	Port number (create your own)
biff	Biff (mail notification, comsat, 512)
bootpc	Bootstrap Protocol (BOOTP) client (68)	X
bootps	Bootstrap Protocol (BOOTP) server (67)	X
discard	Discard (9)
dnsix	DNSIX security protocol auditing (195)
domain	Domain Name Service (DNS) (53)	X
echo	Echo (7)
isakmp	Internet Security Association and Key Management Protocol (ISAKMP) (500)
mobile-ip	Mobile IP registration (434)
nameserver	IEN116 name service (obsolete, 42)
netbios-dgm	NetBios datagram service (138)	X
netbios-ns	NetBios name service (137)	X
netbios-ss	NetBios session service (139)
ntp	Network Time Protocol (NTP) (123)
pim-auto-rp	PIM Auto-RP (496)
rip	Routing Information Protocol (RIP) (router, in.routed, 520)

这些默认的前传类型，可以通过下面的命令关闭，只开启bootps UDP 67，来提高路由器的安全性

Lab_B(config)#no ip forward-protocol udp 69
Lab_B(config)#no ip forward-protocol udp 53
Lab_B(config)#no ip forward-protocol udp 37
Lab_B(config)#no ip forward-protocol udp 137
Lab_B(config)#no ip forward-protocol udp 138
Lab_B(config)#no ip forward-protocol udp 68
Lab_B(config)#no ip forward-protocol udp 49