From owner-freebsd-questions Tue Aug 22 5:31:29 2000 Delivered-To: freebsd-questions@freebsd.org Received: from a99201.mony.com (mail-ext.mony.com [206.67.239.66]) by hub.freebsd.org (Postfix) with ESMTP id EF0FC37B42C for ; Tue, 22 Aug 2000 05:31:25 -0700 (PDT) Received: from twcny.rr.com (ds214027.soc.mony.com [141.191.214.37]) by a99201.mony.com (8.9.1/8.9.1) with ESMTP id IAA06757 for ; Tue, 22 Aug 2000 08:31:24 -0400 (EDT) Message-ID: <39A2729B.A34D5C88@twcny.rr.com> Date: Tue, 22 Aug 2000 08:31:23 -0400 From: Tom Parquette X-Mailer: Mozilla 4.75 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Cannot get dhclient and dhcps to work with ipfw Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have a 4.1-RELEASE machine with two 3Com cards that is acting as my Road Runner firewall. I have dhclient, ISC's dhcp server and ipfw/NATD running on the same machine. The goal of this was to have the dhclient get the Road Runner address and the (ISC) dhcp server issue the 192.168.x.x addresses for the internal network. All this while performing firewall/NATD duties. When the machine comes up, it obtains the external address (the fwrules script has not run yet) without complaining. The fwrules script sets my rules then a homebrew script starts dhcps for the internal interface. Once this happens I get messages to the effect NATD[xxx] Unable to write back packet. Permission denied. (I'm writing this at work so the text may not be quite right.) I also get error messages for the internal interface that I do not remember the exact text but it is something like "sendmsg to ep0 failed: permission denied". From my wife's win98 machine and my obsolete win95 notebook I cannot obtain IP addresses. When I 'open up' the firewall code to allow essentially everything, DHCP on the internal side works flawlessly and the NATD errors appear to disappear as well. I could not get rc.firewall to work with DHCP on Road Runner. I based my fwrules on the work of Marc Silver (see http://www.freebsd.org/tutorials/dialup-firewall/rules.html for the general setup I'm using.) Researching this further, I found a message from Chist J. Clark in the archives that talks about DHCP and how you have to set this up. The Email also referenced another email posted to -stable that I could not locate. If I add the two liner at the bottom to my rules it does not help. (The message number from Christ is: <20000806022335.M66052@184.215.6.64.reflexcom.com> in the mail archives.) When I list the ipfw rule hits, none of the allow udp rules appear to be used. Crist states that setting up ipfw with dhcp can be tricky. Any insights would be appreciated. Cheers... -- Try not. Do or do not. Is no try. -- Yoda To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message