Date: Tue, 15 May 2001 14:27:44 -0400 (EDT) From: Dru <genisis@istar.ca> To: Neil Darlow <neil@darlow.co.uk> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: dhclient-ipfw oddity Message-ID: <Pine.BSF.4.21.0105151426260.11539-100000@istar.ca> In-Reply-To: <20010515.17561600@ideal.darlow.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Neil,
What is the output of "ipfw show"?
Dru
On Tue, 15 May 2001, Neil Darlow wrote:
> Hi All,
>
> I've researched this through the mailing list archives and not
> found anything relevant.
>
> I'm running freebsd-4.2 using dhclient to request dynamic IPs for
> a cable modem driven connection.
>
> I have firewalled the setup using the "simple" settings in the
> rc.firewall script with changes to use ${oif} in place of ${oip}.
>
> It is my understanding that dhclient talks on port 67 and listens
> on port 68 with the DHCP server doing the reverse.
>
> I am puzzled by two facets of this configuration e.g.:
>
> 1) There are no explicit (or implied) rules to allow udp traffic
> in/out on ports 68/67 in the "simple" firewall setup but I do see
> dynamic IP configuration in /var/log/messages at intervals. How is
> this possible?
>
> 2) natd is complaining that it can't write back packets due to a
> permission denied condition. Replacing the final "deny all" rule in
> the firewall with a "deny and log" gives the following output:
>
> 3800 deny udp xx.xx.xx.xx:67 xx.xx.xx.xx:68 out via ed0
>
> where xx.xx.xx.xx is my dynamic IP and ed0 is the external NIC.
> This gives the impression that dhclient is trying to talk to itself
> which seems somewhat odd. Can anyone comment on this?
>
> Regards,
> Neil Darlow.
>
> --
> 1024D/531F9048 1999-09-11 Neil Darlow <neil@darlow.co.uk>
> Key fingerprint = 359D B8FF 6273 6C32 BEAA 43F9 E579 E24A 531F 9048
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
>
>
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0105151426260.11539-100000>