From owner-freebsd-questions@FreeBSD.ORG Wed Feb 28 17:44:23 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B69FB16A402 for ; Wed, 28 Feb 2007 17:44:23 +0000 (UTC) (envelope-from alex@schnarff.com) Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171]) by mx1.freebsd.org (Postfix) with ESMTP id 8B46D13C474 for ; Wed, 28 Feb 2007 17:44:23 +0000 (UTC) (envelope-from alex@schnarff.com) Received: from c-68-49-149-185.hsd1.va.comcast.net ([68.49.149.185] helo=schnarff.com) by outbound.mailhop.org with esmtpa (Exim 4.63) (envelope-from ) id 1HMSqk-000I5S-Mv for freebsd-questions@freebsd.org; Wed, 28 Feb 2007 12:44:22 -0500 Received: (qmail 24599 invoked by uid 67); 28 Feb 2007 17:44:22 -0000 Received: from 192.168.2.68 ([192.168.2.68]) by mail.schnarff.com (Horde) with HTTP for ; Wed, 28 Feb 2007 12:44:21 -0500 X-Mail-Handler: MailHop Outbound by DynDNS X-Originating-IP: 68.49.149.185 X-Report-Abuse-To: abuse@dyndns.com (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information) X-MHO-User: schnarff Message-ID: <20070228124421.j73ex8x4ow0g0o8k@mail.schnarff.com> Date: Wed, 28 Feb 2007 12:44:21 -0500 From: alex@schnarff.com To: freebsd-questions@freebsd.org References: <200702272248.l1RMmD81013215@cheyenne.sixcompanies.com> <8cb6106e0702271455w5be91292vfce007b8ed439e1d@mail.gmail.com> <20070228173517.5a044300@gumby.homeunix.com> In-Reply-To: <20070228173517.5a044300@gumby.homeunix.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.0.4) Subject: Re: pf.conf and cable modem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2007 17:44:23 -0000 Quoting RW : > On Tue, 27 Feb 2007 14:55:55 -0800 > "Josh Carroll" wrote: > >> > I am converting from DSL to RoadRunner this week and wondering if >> > there is anything special I need to do to my pf.conf for passing >> > DHCP into my NIC? >> >> I think all you'll need is: >> >> pass in quick on $ext_if proto udp from any port 67 to any port 68 >> keep state >> > > When I used DHCP with PF, I found that it just worked without any rules > at all. That's been my experience as well (admittedly on OpenBSD, but it's basically the same PF). Remember, your NIC's initialization sequence, which is where the DHCP request will come, happens before PF is enabled, so you're essentially at a "pass all" sort of a state when the request happens. The one thing to keep in mind is that if you're doing, say, NAT for some clients behind the box, you can use a rule like this to deal with any changes in your dynamic IP (which should be extremely rare -- on Comcast I've had one IP change in 1.5 years, and that was because I was down for a significant chunk of time): nat on $ext_if from $int_if:network to any -> (nfe0) The "(nfe0)" here says "use the IP address of the nfe0 interface, instead of requiring you to specify the address manually. HTH, Alex Kirk