From owner-freebsd-net@FreeBSD.ORG Thu Jun 4 19:01:02 2015 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E7FFB899 for ; Thu, 4 Jun 2015 19:01:02 +0000 (UTC) (envelope-from kpaasial@gmail.com) Received: from mail-la0-x22a.google.com (mail-la0-x22a.google.com [IPv6:2a00:1450:4010:c03::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6E0931675 for ; Thu, 4 Jun 2015 19:01:02 +0000 (UTC) (envelope-from kpaasial@gmail.com) Received: by labko7 with SMTP id ko7so38739745lab.2 for ; Thu, 04 Jun 2015 12:01:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=aTD5mDWfDOyS7f1i6AOtlUpu269o+f1P+v3aqzWhb28=; b=a9zU3AdLzKJa/H/O+iflcdlAfQHGmPCOVG51zTfL/jVDeaJw1VgxJ4CfIQpT6Hyxe/ PjOOxjd+IPJ+KK9HuJGBU5OJ0kJAVh8CdPqtGnRQRWbpsqBbcapdQy/v1e0ohyo2H/RD sUtWLHO08obJlRCxcqtRYgooNih9B2QKSdsQ5uI1bK/7VrwmUd3JG1Ib5UpCMoGpZGGX Ij1IwovaiHaQFq8wmhucTXBC0t7IlYQ/Om54ChATbhxrg8aA/JUi8OV3ZavvO+2lrJlr 3cW8jRWPICVMvTV1Yv6mBl/x3Vz80kYNl8N5i0WRtnziKHrjie5PMhuLWq4p+ZK++G7X Ynxg== MIME-Version: 1.0 X-Received: by 10.112.166.5 with SMTP id zc5mr24535736lbb.91.1433444460244; Thu, 04 Jun 2015 12:01:00 -0700 (PDT) Received: by 10.152.137.193 with HTTP; Thu, 4 Jun 2015 12:01:00 -0700 (PDT) In-Reply-To: <20150604182013.GA1841@c720-r276659> References: <20150604073100.GA2012@c720-r276659> <20150604182013.GA1841@c720-r276659> Date: Thu, 4 Jun 2015 22:01:00 +0300 Message-ID: Subject: Re: unknown UDP caused by dhclient From: Kimmo Paasiala To: Matthias Apitz , Kimmo Paasiala , FreeBSD Net Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2015 19:01:03 -0000 On Thu, Jun 4, 2015 at 9:20 PM, Matthias Apitz wrote: > El d=C3=ADa Thursday, June 04, 2015 a las 07:54:35PM +0300, Kimmo Paasial= a escribi=C3=B3: > >> That is how a DHCP client ask for lease renewal from the DHCP server, >> you should allow the traffic if the interface in question is >> configured to use DHCP. > > Thanks for your kind answer. I was wondering why I only see this on the > ue0 interface (which is to my Ubuntu mobile phone when I'm in the > fields) and not on the Wifi wlan0. But, perhaps this is due to the very > short renewal interval of 1800 secs: > > DHCPREQUEST on ue0 to 255.255.255.255 port 67 > DHCPACK from 10.42.0.1 > bound to 10.42.0.83 -- renewal in 1800 seconds. > > I will let pass this traffic from now. > > matthias > -- > Matthias Apitz, guru@unixarea.de, http://www.unixarea.de/ +49-170-4527211= +49-176-38902045 > "Wenn der Mensch von den Umst=C3=A4nden gebildet wird, so mu=C3=9F man di= e Umst=C3=A4nde menschlich bilden." > "Si el hombre es formado por las circunstancias entonces es necesario for= mar humanamente > las circunstancias", Karl Marx in Die heilige Familie / La sagrada famili= a (MEW 2, 138) What you saw there was the most specific way to ask for lease renewal using the last known address of the DHCP server. If that fails the client falls back to broadcasting to 10.41.0.255:67 because the DHCP server might have relocated to a new address in the subnet. If even that fails the client will start over from zero broadcasting to 255.255.255.255:67. DHCP is a bit complicated case for stateful filtering, that's why you should allow all outgoing UDP traffic to port 67 regardless of addresses. -Kimmo