From owner-freebsd-questions  Wed Feb 24 16:16:55 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from mailhub.scl.ameslab.gov (mailhub.scl.ameslab.gov [147.155.137.127])
	by hub.freebsd.org (Postfix) with ESMTP id 7EC4714C1C
	for <freebsd-questions@freebsd.org>; Wed, 24 Feb 1999 16:16:34 -0800 (PST)
	(envelope-from ghelmer@scl.ameslab.gov)
Received: from demios.ether.scl.ameslab.gov ([147.155.137.54])
	by mailhub.scl.ameslab.gov with esmtp (Exim 1.90 #1)
	id 10FVjs-0003W0-00; Tue, 23 Feb 1999 22:16:00 -0600
Date: Tue, 23 Feb 1999 22:15:25 -0600
From: Guy Helmer <ghelmer@scl.ameslab.gov>
To: Brian Gallucci <brian@briang.org>
Cc: FreeBSD <freebsd-questions@freebsd.org>
Subject: Re: IPFW Help
In-Reply-To: <000b01be5f89$ece76ae0$2a00a8c0@brian-desktop.briang.org>
Message-ID: <Pine.SGI.4.05.9902232212450.16182-100000@demios.scl.ameslab.gov>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 23 Feb 1999, Brian Gallucci wrote:

> I have a static IP from my ISP and here's the setup I have >
> fxp0 = 24.1.88.xxx /24
> fxp1 = 192.168.0.1 /24
> I have a NT box <192.168.0.20> running a DHCP server.
> 
> When I boot up any of the workstations on my local net I get this message in
> my log.
> 
> ipfw: 5600 Deny UDP 0.0.0.0:68 255.255.255.255:67 in via fxp0
> ipfw: 5600 Deny UDP 192.168.0.20:67 255.255.255.255:68 in via fxp0
> ipfw: 5600 Deny UDP 24.1.88.1:67 255.255.255.255:68 in via fxp0
> ipfw: 5300 Deny UDP 0.0.0.0:68 255.255.255.255:67 in via fxp0
> ipfw: 5300 Deny UDP 192.168.0.20:67 255.255.255.255:68 in via fxp0

These packets are *entering* through fxp0, not exiting.  Do you have fxp0
and fxp1 on the same Ethernet?

> I have told it not to pass any DHCP reguest through the fxp0 interface (ie.)
> ipfw -a l
> ...
> ^^00300          0          0 deny udp from any 67 to any out xmit fxp0^^
> ^^00400          0          0 deny udp from any 68 to any out xmit fxp0^^

These rules only apply to packets going out the fxp0 interface.

Guy Helmer

Guy Helmer, Ph.D. Candidate, Iowa State University Dept. of Computer Science 
Research Assistant, Ames Laboratory       ---         ghelmer@scl.ameslab.gov
Research Assistant, Dept. of Computer Science   ---   ghelmer@cs.iastate.edu
http://www.cs.iastate.edu/~ghelmer



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message