From owner-freebsd-current@FreeBSD.ORG Thu Jun 28 13:05:21 2007 Return-Path: X-Original-To: current@freebsd.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8BA8A16A41F for ; Thu, 28 Jun 2007 13:05:21 +0000 (UTC) (envelope-from imb@protected-networks.net) Received: from aaron.protected-networks.net (aaron.protected-networks.net [202.12.127.66]) by mx1.freebsd.org (Postfix) with ESMTP id 51DE313C487 for ; Thu, 28 Jun 2007 13:05:21 +0000 (UTC) (envelope-from imb@protected-networks.net) Received: from localhost (localhost [127.0.0.1]) by aaron.protected-networks.net (Postfix) with ESMTP id BDF1BC5D7; Thu, 28 Jun 2007 08:48:56 -0400 (EDT) Received: from toshi.auburn.protected-networks.net (c-66-30-0-101.hsd1.ma.comcast.net [66.30.0.101]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "Iain Michael Butler", Issuer "Protected Networks Certificate Authority" (verified OK)) (Authenticated sender: imb@protected-networks.net) by aaron.protected-networks.net (Postfix) with ESMTP id B416CC407; Thu, 28 Jun 2007 08:48:45 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=protected-networks.net; s=200705; t=1183034925; bh=kgzh3Bzo34C0+N on4u+4vpFrx+xpPIw4ZFZR19rOkF4=; h=DomainKey-Signature:Message-ID: Date:From:User-Agent:MIME-Version:To:CC:Subject:References: In-Reply-To:X-Enigmail-Version:OpenPGP:Content-Type: Content-Transfer-Encoding; b=HN4eR9ZC3Mo9z5yj/W2GAzT3pjbyIDDxFtd8j lSrcsaTi629orlYZlADwyO62htFYWg/9WzsItNiWnG9tHfoyNk/lX5hfrmdYEe+v1Yv 1J8YCcJxBy0y5Sso/JG2cLjZ DomainKey-Signature: a=rsa-sha1; s=200509; d=protected-networks.net; c=nofws; q=dns; h=message-id:date:from:user-agent:mime-version:to:cc:subject: references:in-reply-to:x-enigmail-version:openpgp:content-type:content-transfer-encoding; b=V92QuZyg3XCId8YJLXoUYdc4O02+svQfHlawKD9DbKxfPz3nw4cqQQ4KEFZIUpaEf y8GRx0mRTQO6aILW5axl2MLlZla7RYpX3hUhI8e9gNlvNgZk0Z72uRFbrHlEvRr Message-ID: <4683AE2C.6010709@protected-networks.net> Date: Thu, 28 Jun 2007 08:48:44 -0400 From: Michael Butler User-Agent: Thunderbird 2.0.0.4 (X11/20070615) MIME-Version: 1.0 To: Randall Stewart References: <46839A06.6080408@lakerest.net> In-Reply-To: <46839A06.6080408@lakerest.net> X-Enigmail-Version: 0.95.1 OpenPGP: id=0442D492 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: current@freebsd.org Subject: Re: F/W - dhcpd deamon question X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jun 2007 13:05:21 -0000 Randall Stewart wrote: > I seem to get: > > dhcpd: send_packet: Permission denied > > On my main server quite a bit... like once every 3-5 minutes. > > Now I have a F/W up and I am thinking maybe its a rule I > am missing or something.. These are likely UDP broadcasts to address 255.255.255.255 but, fortunately, with a low TTL. These are responses to the following .. >From the client, dhcp queries are always directed to the bootp port (68) of the server even if it doesn't yet have an appropriate address of its own (it will use a source of 255.255.255.255). What you need is a rule-set which allows both halves of this transaction, Michael