Date: Wed, 28 Feb 2007 12:44:21 -0500 From: alex@schnarff.com To: freebsd-questions@freebsd.org Subject: Re: pf.conf and cable modem Message-ID: <20070228124421.j73ex8x4ow0g0o8k@mail.schnarff.com> In-Reply-To: <20070228173517.5a044300@gumby.homeunix.com> References: <200702272248.l1RMmD81013215@cheyenne.sixcompanies.com> <8cb6106e0702271455w5be91292vfce007b8ed439e1d@mail.gmail.com> <20070228173517.5a044300@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting RW <fbsd06@mlists.homeunix.com>: > On Tue, 27 Feb 2007 14:55:55 -0800 > "Josh Carroll" <josh.carroll@gmail.com> wrote: > >> > I am converting from DSL to RoadRunner this week and wondering if >> > there is anything special I need to do to my pf.conf for passing >> > DHCP into my NIC? >> >> I think all you'll need is: >> >> pass in quick on $ext_if proto udp from any port 67 to any port 68 >> keep state >> > > When I used DHCP with PF, I found that it just worked without any rules > at all. That's been my experience as well (admittedly on OpenBSD, but it's basically the same PF). Remember, your NIC's initialization sequence, which is where the DHCP request will come, happens before PF is enabled, so you're essentially at a "pass all" sort of a state when the request happens. The one thing to keep in mind is that if you're doing, say, NAT for some clients behind the box, you can use a rule like this to deal with any changes in your dynamic IP (which should be extremely rare -- on Comcast I've had one IP change in 1.5 years, and that was because I was down for a significant chunk of time): nat on $ext_if from $int_if:network to any -> (nfe0) The "(nfe0)" here says "use the IP address of the nfe0 interface, instead of requiring you to specify the address manually. HTH, Alex Kirk
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070228124421.j73ex8x4ow0g0o8k>