From owner-freebsd-questions Wed Jun 5 16:32:24 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mail.27in.tv (roc-24-169-198-248.rochester.rr.com [24.169.198.248]) by hub.freebsd.org (Postfix) with ESMTP id 0470F37B403 for ; Wed, 5 Jun 2002 16:31:37 -0700 (PDT) Received: (from root@localhost) by mail.27in.tv (8.12.3/8.11.6) id g55NVEpp040710; Wed, 5 Jun 2002 19:31:14 -0400 (EDT) (envelope-from cjm2@earthling.net) Received: from maxpower (cjm2@maxpower.lan.27in.tv [10.0.0.20]) by mail.27in.tv (8.12.3/8.11.6av) with SMTP id g55NUrTI040700; Wed, 5 Jun 2002 19:30:53 -0400 (EDT) (envelope-from cjm2@earthling.net) From: "C J Michaels" To: , "Samuel Chow" Cc: "FBSDQ" Subject: RE: dhcp client and cable modem Date: Wed, 5 Jun 2002 19:31:19 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal In-Reply-To: X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Joe & Fhe Barbish > Sent: Wednesday, June 05, 2002 11:36 AM > > Samuel wrote > Are you saying your dhclient cannot get an IP address because > of ipfw? > > I reply > No > I am just trying to determine what some the default deny all > packets belong > to. > Since I just started using dhclient, it was something to check out. > > I have these rules > # Special rules for Adelphia Cable access > $cmd 00174 allow udp from me 68 to $odns1 67 out via rl0 > $cmd 00175 allow udp from $odns1 67 to me 68 in via rl0 > $cmd 00176 allow udp from any 67,68 to 255.255.255.255 67,68 in via rl0 > > I do not understand why dhcp is talking to my ISP's DNS server or DNS server? Oh.. it is probably trying to dynamically update the zone w/ your new ip. It's a newer feature of isc v3. > why it's using 255.255.255.255 for an ip address. Default 'broadcast to the whole world' address. No matter what your IP, subnet, network id. You will always listen to a req that comes in on 255.255.255.255. This is necessary for dhcp to work since many times at the inital req you don't actually have an ip/network id/etc... --Chris > > Is this normal? Yes > > Your example of > # Allow DHCP packets in and out > 3200 add pass udp from any 68 to any 67 out via xl0 > 3200 add pass udp from any 67 to any 68 in via xl0 > > is just way to wide open for my liking. > > > Let me know what you think > Joe > > > > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Samuel Chow > Sent: Wednesday, June 05, 2002 11:07 AM > To: barbish@a1poweruser.com > Cc: FBSDQ > Subject: Re: dhcp client and cable modem > > > > I'm using the FBSD built in dhcp client on the Nic card to the cable > modem. > > My ipfw firewall is denying a bunch of packets which never happened > > with the modem connection. > > > > Could somebody tell me what ipfw rules I need to allow the cable isp > > dhcp server to correspond with my FBSD gateway? > > Are you saying your dhclient cannot get an IP address because > of ipfw? If so, try the following rules (of course, replace > rule number and interface): > > # Allow DHCP packets in and out > 3200 add pass udp from any 68 to any 67 out via xl0 > 3200 add pass udp from any 67 to any 68 in via xl0 > > Hope this helps. > > --- > Samuel Chow > samuelc@samuelstn.dhs.org > > This message is displayed using recycled electrons. > Segmentation Fault (core dumped) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message