Date: Thu, 4 Jun 2015 22:01:00 +0300 From: Kimmo Paasiala <kpaasial@gmail.com> To: Matthias Apitz <guru@unixarea.de>, Kimmo Paasiala <kpaasial@gmail.com>, FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: unknown UDP caused by dhclient Message-ID: <CA%2B7WWSf%2BbbfjYurHuLq6e321ELgdHeCHzVUpvsDt_wyZyCQE3g@mail.gmail.com> In-Reply-To: <20150604182013.GA1841@c720-r276659> References: <20150604073100.GA2012@c720-r276659> <CA%2B7WWSeruDvKRVgSj9xk2OvwQB8rfYrD6PegVsCqdM5GGtpVdg@mail.gmail.com> <20150604182013.GA1841@c720-r276659>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jun 4, 2015 at 9:20 PM, Matthias Apitz <guru@unixarea.de> wrote: > El d=C3=ADa Thursday, June 04, 2015 a las 07:54:35PM +0300, Kimmo Paasial= a escribi=C3=B3: > >> That is how a DHCP client ask for lease renewal from the DHCP server, >> you should allow the traffic if the interface in question is >> configured to use DHCP. > > Thanks for your kind answer. I was wondering why I only see this on the > ue0 interface (which is to my Ubuntu mobile phone when I'm in the > fields) and not on the Wifi wlan0. But, perhaps this is due to the very > short renewal interval of 1800 secs: > > DHCPREQUEST on ue0 to 255.255.255.255 port 67 > DHCPACK from 10.42.0.1 > bound to 10.42.0.83 -- renewal in 1800 seconds. > > I will let pass this traffic from now. > > matthias > -- > Matthias Apitz, guru@unixarea.de, http://www.unixarea.de/ +49-170-4527211= +49-176-38902045 > "Wenn der Mensch von den Umst=C3=A4nden gebildet wird, so mu=C3=9F man di= e Umst=C3=A4nde menschlich bilden." > "Si el hombre es formado por las circunstancias entonces es necesario for= mar humanamente > las circunstancias", Karl Marx in Die heilige Familie / La sagrada famili= a (MEW 2, 138) What you saw there was the most specific way to ask for lease renewal using the last known address of the DHCP server. If that fails the client falls back to broadcasting to 10.41.0.255:67 because the DHCP server might have relocated to a new address in the subnet. If even that fails the client will start over from zero broadcasting to 255.255.255.255:67. DHCP is a bit complicated case for stateful filtering, that's why you should allow all outgoing UDP traffic to port 67 regardless of addresses. -Kimmo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2B7WWSf%2BbbfjYurHuLq6e321ELgdHeCHzVUpvsDt_wyZyCQE3g>