Date: Tue, 15 May 2001 17:56:16 GMT From: Neil Darlow <neil@darlow.co.uk> To: freebsd-questions@freebsd.org Subject: dhclient-ipfw oddity Message-ID: <20010515.17561600@ideal.darlow.co.uk>
next in thread | raw e-mail | index | archive | help
Hi All,
I've researched this through the mailing list archives and not
found anything relevant.
I'm running freebsd-4.2 using dhclient to request dynamic IPs for
a cable modem driven connection.
I have firewalled the setup using the "simple" settings in the
rc.firewall script with changes to use ${oif} in place of ${oip}.
It is my understanding that dhclient talks on port 67 and listens
on port 68 with the DHCP server doing the reverse.
I am puzzled by two facets of this configuration e.g.:
1) There are no explicit (or implied) rules to allow udp traffic
in/out on ports 68/67 in the "simple" firewall setup but I do see
dynamic IP configuration in /var/log/messages at intervals. How is
this possible?
2) natd is complaining that it can't write back packets due to a
permission denied condition. Replacing the final "deny all" rule in
the firewall with a "deny and log" gives the following output:
3800 deny udp xx.xx.xx.xx:67 xx.xx.xx.xx:68 out via ed0
where xx.xx.xx.xx is my dynamic IP and ed0 is the external NIC.
This gives the impression that dhclient is trying to talk to itself
which seems somewhat odd. Can anyone comment on this?
Regards,
Neil Darlow.
--
1024D/531F9048 1999-09-11 Neil Darlow <neil@darlow.co.uk>
Key fingerprint =3D 359D B8FF 6273 6C32 BEAA 43F9 E579 E24A 531F 9048
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010515.17561600>