From owner-freebsd-current@FreeBSD.ORG Thu Jun 28 16:28:21 2007 Return-Path: X-Original-To: current@freebsd.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6753E16A421 for ; Thu, 28 Jun 2007 16:28:21 +0000 (UTC) (envelope-from rrs@cisco.com) Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by mx1.freebsd.org (Postfix) with ESMTP id 3D49E13C44B for ; Thu, 28 Jun 2007 16:28:21 +0000 (UTC) (envelope-from rrs@cisco.com) Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-6.cisco.com with ESMTP; 28 Jun 2007 09:28:21 -0700 X-IronPort-AV: i="4.16,471,1175497200"; d="scan'208"; a="173822034:sNHT42567984" Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-4.cisco.com (8.12.11/8.12.11) with ESMTP id l5SGSKR6029545; Thu, 28 Jun 2007 09:28:20 -0700 Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id l5SGSJmw010428; Thu, 28 Jun 2007 16:28:20 GMT Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 28 Jun 2007 09:28:15 -0700 Received: from [127.0.0.1] ([171.68.225.134]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 28 Jun 2007 09:28:14 -0700 Message-ID: <4683E203.2020702@cisco.com> Date: Thu, 28 Jun 2007 12:29:55 -0400 From: Randall Stewart User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.13) Gecko/20070601 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Michael Butler References: <46839A06.6080408@lakerest.net> <4683AE2C.6010709@protected-networks.net> In-Reply-To: <4683AE2C.6010709@protected-networks.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 28 Jun 2007 16:28:14.0888 (UTC) FILETIME=[53B96280:01C7B9A1] DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1133; t=1183048100; x=1183912100; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=rrs@cisco.com; z=From:=20Randall=20Stewart=20 |Subject:=20Re=3A=20F/W=20-=20dhcpd=20deamon=20question |Sender:=20; bh=O+yUsug6mQn+iTVBgtt6zM3iTED5agXUMEQz7hbDZG8=; b=ZwSxh1UAzmwzxDVAnMoPHvmUcMcHyOlBFgX9N9Ct6XbD66JchJvOUXu8Sm0x6PAwwVL6xspq fjxdgc7CKN7p1Rt/cfBMHdGaFG0Z2vjW/PKlfgxrQf18/OP/DL2tq/U3; Authentication-Results: sj-dkim-4; header.From=rrs@cisco.com; dkim=pass (sig from cisco.com/sjdkim4002 verified; ); Cc: current@freebsd.org Subject: Re: F/W - dhcpd deamon question X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jun 2007 16:28:21 -0000 Michael Butler wrote: > Randall Stewart wrote: > >>I seem to get: >> >>dhcpd: send_packet: Permission denied >> >>On my main server quite a bit... like once every 3-5 minutes. >> >>Now I have a F/W up and I am thinking maybe its a rule I >>am missing or something.. > > > These are likely UDP broadcasts to address 255.255.255.255 but, > fortunately, with a low TTL. These are responses to the following .. > >>From the client, dhcp queries are always directed to the bootp port (68) > of the server even if it doesn't yet have an appropriate address of its > own (it will use a source of 255.255.255.255). > > What you need is a rule-set which allows both halves of this transaction, > > Michael > > > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" > Thanks Michael I knew it was something I was forgetting :-D R -- Randall Stewart NSSTG - Cisco Systems Inc. 803-345-0369 803-317-4952 (cell)