Date: Mon, 4 Apr 2005 20:25:14 -0300 From: Suporte Matik <asstec@matik.com.br> To: freebsd-ipfw@freebsd.org, Martin <bts@iae.nl> Cc: Sergei Gnezdov <use-reply-to@gnezdov.net> Subject: Re: DHCP with ipfw Message-ID: <200504042025.18092.asstec@matik.com.br> In-Reply-To: <20050404090719.F2268544E1F@mail2-new.vianetworks.nl> References: <20050404090719.F2268544E1F@mail2-new.vianetworks.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 04 April 2005 05:06, Martin wrote: > ON 5+, you also have to open up the MAC layer FW: > ipfw add allow mac via xl0 > Hi where do you guess this from? Shouldn't make any sense if not loading bridge and enabling bridge firewalling first, overall this would matter after dhclient asked for IP > If the DHCP server is slow and did not reply back before the > dhclient did continue the boot process, you maybe you do have > to reload the FW rules once your DHCP connection is established. your dhcpd should not be sooo slow and ignore several retries but, may be you check /etc/rc.d/ipfw and tweak it's sub ipfw_precmd() and add a check for empty or 0.0.0.0 IP address and not loading ipfw then don't know why this is not default then or depending on what you want/need you may tweak /etc/rc.d/dhclient and running ipfw after getting a lease but prevent not rerunning unless your IP address did really changed > > > >When my machine boots firewall is initialized before DHCP obtains > > IP address. This results in incomplete firewall configuration. > > How do I fix this? > > you probably have a problem at you dhcpd or your network connection the timeout is so long you should get the lease always before network is starting anything else > >My /etc/rc.firewall initialized with the following commands: > > > > net=`ifconfig rl0 | grep "inet " | awk '{print $6}'` you're probably not awking the value you want here Hans > > mask="255.255.255.0" > > ip=`ifconfig rl0 | grep "inet " | awk '{print $2}'` -- Infomatik http://info.matik.com.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200504042025.18092.asstec>