From owner-freebsd-questions@FreeBSD.ORG Sun Apr 17 14:25:07 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4AAC716A4CE for ; Sun, 17 Apr 2005 14:25:07 +0000 (GMT) Received: from lakermmtao02.cox.net (lakermmtao02.cox.net [68.230.240.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7918A43D39 for ; Sun, 17 Apr 2005 14:25:06 +0000 (GMT) (envelope-from rjhjr@cox.net) Received: from localhost ([68.230.186.138]) by lakermmtao02.cox.net (InterMail vM.6.01.04.00 201-2131-118-20041027) with ESMTP id <20050417142504.HNCO6521.lakermmtao02.cox.net@localhost> for ; Sun, 17 Apr 2005 10:25:04 -0400 Date: Sun, 17 Apr 2005 10:25:05 -0400 From: Bob Hall To: freebsd-questions@freebsd.org Message-ID: <20050417142505.GA79959@kongemord.krig.net> Mail-Followup-To: Bob Hall , freebsd-questions@freebsd.org References: <200504171304.48447.joost@amiculus.com> <20050417121710.GA79613@kongemord.krig.net> <200504171450.05608.joost@amiculus.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200504171450.05608.joost@amiculus.com> User-Agent: Mutt/1.4.2.1i Subject: Re: messages from dhclient X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Apr 2005 14:25:07 -0000 On Sun, Apr 17, 2005 at 02:50:05PM +0200, Joost van Dijk wrote: > On Sunday 17 April 2005 14:17, Bob Hall wrote: > > > > My solution is in the archives, here: > > > http://lists.freebsd.org/mailman/htdig/freebsd-questions/2005-January/071412.html > > Again, I can't promise that it will solve your problem. > > > > Bob Hall > > I had a look at the document, but I am afraid that this is all way above my > head. This may also explain why my csvup..FreeBSD.org was finding > nothing. Not one single host I tried could be found up and running. It seems > that all FreeBSD servers were down. It is probably the firewall which is > disabling my machine. I shall see if it is possible to turn it off. > > Now, it will probably take me 6 hours to find out how to do that. Whew! Don't turn off the firewall. Look in /var/db/dhclient.leases, and find the entry for routers. If your ISP is set up like mine, there will be only one IP address for a router listed. Put the following rule before any NAT diverts in your firewall, if you're using NAT. That's important, because IPFW ignores it if it is placed after a divert rule. ${fwcmd} add allow udp from ${router} bootps to ${bcast} bootpc in via ${oif} Replace ${router} with the router IP address. Replace ${bcast} with 255.255.255.255. If I recall correctly, you load new firewall rules by uttering rc.firewall assuming that "rc.firewall" contains the firewall rules that you are using. /etc/rc.firewall contains the default rules for IPFW. I recommend making a backup copy of /etc/rc.firewall before making any changes. If that works, then you have diagnosed the problem and you can worry about a more conplicated set of rules. If it doesn't work, then you haven't found the cause of your problem. BTW, the firewall rule above is not an obvious test, but it opens a hole in your firewall for a packet that dhclient expects to get periodically. When it doesn't get it, it starts trying to send the messages that your firewall is blocking. Just allowing dhclient to send the messages won't necessarily solve the problem. It will just make the immediate symptom go away. Another test, which I don't recommend, is to set your firewall so that it defaults to allow. If the messages go away, then your firewall rules are blocking traffic that dhclient needs. HTH, Bob Hall