From owner-freebsd-questions Wed Sep 5 18:52:22 2001 Delivered-To: freebsd-questions@freebsd.org Received: from babel.acu.edu (babel.acu.edu [150.252.167.240]) by hub.freebsd.org (Postfix) with ESMTP id 1A46037B414 for ; Wed, 5 Sep 2001 18:52:03 -0700 (PDT) Received: from localhost (scattered@localhost) by babel.acu.edu (8.9.3/8.8.7) with ESMTP id UAA05016; Wed, 5 Sep 2001 20:52:55 -0500 Date: Wed, 5 Sep 2001 20:52:55 -0500 (CDT) From: Cary To: Dru Cc: Bill Moran , freebsd-questions Subject: Re: dhclient problems (w/ ipfw show) In-Reply-To: <20010905201754.D25332-100000@x1-6-00-50-ba-de-36-33.kico1.on.home.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG 00100 0 0 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 00400 527 36501 allow ip from 150.252.106.57 to 150.252.104.0/21 00500 498 249731 allow ip from 150.252.104.0/21 to 150.252.106.57 00600 13973 1096248 allow tcp from any to any established 00700 0 0 allow ip from any to any frag 00800 0 0 allow tcp from any to 150.252.106.57 25 setup 00900 5 220 allow tcp from 150.252.106.57 to any setup 01000 19 1120 deny tcp from any to any setup 01100 6 478 allow udp from 150.252.106.57 to any 53 keep-state 01200 3894 295944 allow udp from 150.252.106.57 to any 123 keep-state 65535 103876 14505389 deny ip from any to any ## Dynamic rules: 01200 1 76 (T 10, # 82) ty 0 udp, 150.252.106.57 123 <-> 150.252.128.107 123 01200 0 0 (T 17, # 92) ty 0 udp, 150.252.106.57 123 <-> 132.163.4.101 123 01200 3 228 (T 10, # 113) ty 0 udp, 150.252.106.57 123 <-> hope this helps. my computer is 106.57. Cary Mathews Abilene Christian University ACM Chair | Education Committee | System Admin: babel.acu.edu On Wed, 5 Sep 2001, Dru wrote: > > > On Wed, 5 Sep 2001, Bill Moran wrote: > > > On Wednesday 05 September 2001 16:22, Cary wrote: > > > I've had my box up and running for about 2 weeks, no problems. About > > > 5 days ago, I suddenly started getting the following message in my > > > system logs: > > > Sep 4 20:39:54 fledermaus dhclient: send_packet: Permission denied > > > > > > I have the kernel firewall (ipfw) installed and have used the rc.d > > > script to start it up on bootup, as a client computer. But the > > > dhcp.lease is recieved > > > without any problem when I bootup, so I don't think ipfw is the source > > > of the problem. If I turn my computer reboot my computer, it may or > > > may not get the lease at first, but then it will. Afterwards, I can > > > access the network and all, but then these messages start showing up > > > again. My ability to get work done is not affected (that I've noticed) > > > but it is very annoying to have to scroll through the syslogs and > > > seeing this repeated ad infinitum. > > > > I hit this one a little while back with firewalls. If I'm remembering incorrectly, > > someone else feel free to correct me. > > When the machine first boots up, and it doesn't know who the DHCP > > server will be, it does ethernet broadcasts to find a DHCP server and config > > its networking. > > However, once it's been running for a while and it's time to renew the > > DHCP lease, it connects to the server in a different manner - which can > > be adversely affected by firewall rules. > > I don't remember the details (i.e. ports and firewall rules to allow DHCP) > > but the way I figured it out was to run a sniffer (ethereal or tcpdump) and > > see what was actually happening. You can do the same. > > Hi Cary, > > I second what Bill says; though it's hard to see what's blocking what > without a look at your firewall rules. The following article might shed > some light on what DHCP is doing: > > http://www.onlamp.com/pub/a/bsd/2001/06/01/FreeBSD_Basics.html > > If that doesn't help, send the output of "ipfw show" to the list. > > Dru > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message