From owner-freebsd-questions  Sun Jan 26 21: 0:35 2003
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 154EA37B401
	for <questions@freebsd.org>; Sun, 26 Jan 2003 21:00:34 -0800 (PST)
Received: from wonkity.com (wonkity.com [65.173.111.5])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 639AB43EB2
	for <questions@freebsd.org>; Sun, 26 Jan 2003 21:00:33 -0800 (PST)
	(envelope-from wblock@wonkity.com)
Received: from wonkity.com (localhost [127.0.0.1])
	by wonkity.com (8.12.6/8.12.6) with ESMTP id h0R50R3k003046;
	Sun, 26 Jan 2003 22:00:27 -0700 (MST)
	(envelope-from wblock@wonkity.com)
Received: from localhost (wblock@localhost)
	by wonkity.com (8.12.6/8.12.6/Submit) with ESMTP id h0R50RiB003043;
	Sun, 26 Jan 2003 22:00:27 -0700 (MST)
	(envelope-from wblock@wonkity.com)
Date: Sun, 26 Jan 2003 22:00:27 -0700 (MST)
From: Warren Block <wblock@wonkity.com>
To: Brian McCann <bjm1287@ritvax.rit.edu>
Cc: questions@freebsd.org
Subject: RE: IPFW and DHCPD
In-Reply-To: <000801c2c5ba$cf7845b0$1500a8c0@dogbert>
Message-ID: <20030126215555.U2592@wonkity.com>
References: <000801c2c5ba$cf7845b0$1500a8c0@dogbert>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Sun, 26 Jan 2003, Brian McCann wrote:

> You need to allow UDP ports 67&68 for full DHCP support, in both
> directions...so....
>
> "ipfw add allow any 67 to any any via int out"
> "ipfw add allow any 67 to any any via int in"
> "ipfw add allow any 68 to any any via int out"
> "ipfw add allow any 68 to any any via int in"
>
> Something like that should do it.
>
> Hope that helps.

ipfw didn't like those rules (ipfw: invalid protocol ``any'').  I think
it can be done easier, too:

${fwcmd} add pass udp from any 67,68 to any via ${iif}

But I'm not seeing any counts on that rule when a notebook client tries
for a DHCP lease, and the client never gets a lease.

-Warren Block * Rapid City, South Dakota USA

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message