Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 22 Aug 2000 08:31:23 -0400
From:      Tom Parquette <tparquet@twcny.rr.com>
To:        freebsd-questions@freebsd.org
Subject:   Cannot get dhclient and dhcps to work with ipfw
Message-ID:  <39A2729B.A34D5C88@twcny.rr.com>

next in thread | raw e-mail | index | archive | help
I have a 4.1-RELEASE machine with two 3Com cards that is acting as my
Road Runner firewall.  I have dhclient, ISC's dhcp server and ipfw/NATD
running on the same machine.

The goal of this was to have the dhclient get the Road Runner address
and the (ISC) dhcp server issue the 192.168.x.x addresses for the
internal network.  All this while performing firewall/NATD duties.

When the machine comes up, it obtains the external address (the fwrules
script has not run yet) without complaining.

The fwrules script sets my rules then a homebrew script starts dhcps for
the internal interface.

Once this happens I get messages to the effect NATD[xxx] Unable to write
back packet.  Permission denied.  (I'm writing this at work so the text
may not be quite right.)  I also get error messages for the internal
interface that I do not remember the exact text but it is something like
"sendmsg to ep0 failed: permission denied".

From my wife's win98 machine and my obsolete win95 notebook I cannot
obtain IP addresses.  When I 'open up' the firewall code to allow
essentially everything, DHCP on the internal side works flawlessly and
the NATD errors appear to disappear as well.

I could not get rc.firewall to work with DHCP on Road Runner.  I based
my fwrules on the work of Marc Silver (see
http://www.freebsd.org/tutorials/dialup-firewall/rules.html for the
general setup I'm using.)

Researching this further, I found a message from Chist J. Clark in the
archives that talks about DHCP and how you have to set this up.
The Email also referenced another email posted to -stable that I could
not locate.  If I add the two liner at the bottom to my rules it does
not help.
(The message number from Christ is:
<20000806022335.M66052@184.215.6.64.reflexcom.com> in the mail
archives.)

When I list the ipfw rule hits, none of the allow udp rules appear to be
used.
Crist states that setting up ipfw with dhcp can be tricky.

Any insights would be appreciated.
Cheers...
--
Try not.  Do or do not.  Is no try. -- Yoda




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39A2729B.A34D5C88>