Date: Wed, 26 Sep 2001 19:15:08 -0700 From: Parker Brown <phbrown@charter.net> To: David Kelly <dkelly@hiwaay.net> Cc: Edwin Groothuis <edwin@mavetju.org>, BSDQuestions <freebsd-questions@FreeBSD.ORG> Subject: Re: dhclient: send_packet: Permission Denied Message-ID: <3BB28BAC.84AD1E00@charter.net> References: <200109270100.f8R10ow26641@grumpy.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. --------------ADB79F89B76803DB95963A30 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit No, I set it to 4, and the /dev/bp*'s are there, too. I don't know whether you've seen my dmesg output, so I will include it here. Right after filesystem checkout, it says "unknown keyword (ipfw)" so it ignored the following two statements (one within rc.firewall (there's also a firewall6 since I selected ipv6) and these statements constitute /etc/ip.rules): ipfw add allow udp from any to any 67 out ipfw add allow udp from www.xxx.yyy.zzz to any 68 in ...where www.*... is my ISP's dhcp server's bang address Thanks. Pb David Kelly wrote: > Parker Brown writes: > > OK, reread what you were asking. ipfw -a l gives about three screens of > > firewall statements (allow this, deny that) and ends with deny all (?). I > > grepped for udp and it looks like the firewall statements I added to > > rc.firewall are not being honored. I also created /etc/ip.rules and put > > those two statements in there, too, exactly as in rc.firewall (because > > /etc/defaults/rc.conf made reference to that file). > > > > Any ideas? > > I tuned in this thread late. > > By any chance have you removed bpf from your kernel config? dhclient > needs it. Found out the hard way so I annotated my kernel config so that > I don't forget, again. > > # The `bpf' pseudo-device enables the Berkeley Packet Filter. > # Be aware of the administrative consequences of enabling this! > # required for dhclient DHCP (dmk 10/16/2000) > pseudo-device bpf #Berkeley packet filter > > -- > David Kelly N4HHE, dkelly@hiwaay.net > ===================================================================== > The human mind ordinarily operates at only ten percent of its > capacity -- the rest is overhead for the operating system. --------------ADB79F89B76803DB95963A30 Content-Type: text/plain; charset=us-ascii; name="dmesg-a" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="dmesg-a" Copyright (c) 1992-2001 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 4.3-RELEASE #27: Sat Sep 22 14:34:35 PDT 2001 pb@V719X8.CharterPipeline.com:/usr/src/sys/compile/PBKERNEL Timecounter "i8254" frequency 1193182 Hz CPU: Pentium II/Pentium II Xeon/Celeron (300.01-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x634 Stepping = 4 Features=0x80f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,MMX> real memory = 201326592 (196608K bytes) avail memory = 192892928 (188372K bytes) Preloaded elf kernel "kernel" at 0xc02fc000. Pentium Pro MTRR support enabled md0: Malloc disk npx0: <math processor> on motherboard npx0: INT 16 interface pcib0: <Intel 82443LX (440 LX) host to PCI bridge> on motherboard pci0: <PCI bus> on pcib0 pcib1: <Intel 82443LX (440 LX) PCI-PCI (AGP) bridge> at device 1.0 on pci0 pci1: <PCI bus> on pcib1 pci1: <NVidia/SGS-Thomson Riva128 graphics accelerator> at 0.0 irq 9 isab0: <Intel 82371AB PCI to ISA bridge> at device 7.0 on pci0 isa0: <ISA bus> on isab0 pci0: <Intel PIIX4 ATA controller> at 7.1 pci0: <Intel 82371AB/EB (PIIX4) USB controller> at 7.2 irq 11 chip1: <Intel 82371AB Power management controller> port 0x7000-0x700f at device 7.3 on pci0 ahc0: <Adaptec 2940 Ultra SCSI adapter> port 0xf800-0xf8ff mem 0xfedff000-0xfedfffff irq 9 at device 14.0 on pci0 aic7880: Wide Channel A, SCSI Id=7, 16/255 SCBs dc0: <ADMtek AN985 10/100BaseTX> port 0xf400-0xf4ff mem 0xfedfec00-0xfedfefff irq 10 at device 15.0 on pci0 dc0: chip is in D3 power mode -- setting to D0 dc0: Ethernet address: 00:04:5a:4a:7e:34 miibus0: <MII bus> on dc0 ukphy0: <Generic IEEE 802.3u media interface> on miibus0 ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto pci0: <unknown card> (vendor=0x12eb, dev=0x0001) at 16.0 irq 11 fdc0: <NEC 72065B or clone> at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0 fdc0: FIFO enabled, 8 bytes threshold fd0: <1440-KB 3.5" drive> on fdc0 drive 0 atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0 atkbd0: <AT Keyboard> flags 0x1 irq 1 on atkbdc0 kbd0 at atkbd0 psm0: <PS/2 Mouse> irq 12 on atkbdc0 psm0: model IntelliMouse, device ID 3 vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 sc0: <System console> at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 sio0: type 16550A (ahc0:A:5:0): refuses WIDE negotiation. Using 8bit transfers (ahc0:A:6:0): refuses WIDE negotiation. Using 8bit transfers (ahc0:A:6:0): refuses synchronous negotiation. Using asynchronous transfers (ahc0:A:5:1): refuses WIDE negotiation. Using 8bit transfers (ahc0:A:6:1): refuses WIDE negotiation. Using 8bit transfers (ahc0:A:6:1): refuses synchronous negotiation. Using asynchronous transfers (ahc0:A:5:2): refuses WIDE negotiation. Using 8bit transfers (ahc0:A:6:2): refuses WIDE negotiation. Using 8bit transfers (ahc0:A:6:2): refuses synchronous negotiation. Using asynchronous transfers (ahc0:A:5:3): refuses WIDE negotiation. Using 8bit transfers (ahc0:A:6:3): refuses WIDE negotiation. Using 8bit transfers (ahc0:A:6:3): refuses synchronous negotiation. Using asynchronous transfers (ahc0:A:5:4): refuses WIDE negotiation. Using 8bit transfers (ahc0:A:6:4): refuses WIDE negotiation. Using 8bit transfers (ahc0:A:6:4): refuses synchronous negotiation. Using asynchronous transfers (ahc0:A:5:5): refuses WIDE negotiation. Using 8bit transfers (ahc0:A:6:5): refuses WIDE negotiation. Using 8bit transfers (ahc0:A:6:5): refuses synchronous negotiation. Using asynchronous transfers (ahc0:A:5:6): refuses WIDE negotiation. Using 8bit transfers (ahc0:A:6:6): refuses WIDE negotiation. Using 8bit transfers (ahc0:A:6:6): refuses synchronous negotiation. Using asynchronous transfers (ahc0:A:5:7): refuses WIDE negotiation. Using 8bit transfers (ahc0:A:6:7): refuses WIDE negotiation. Using 8bit transfers (ahc0:A:6:7): refuses synchronous negotiation. Using asynchronous transfers Mounting root from ufs:/dev/da0s3a cd0 at ahc0 bus 0 target 5 lun 0 cd0: <NEC CD-ROM DRIVE:465 1.03> Removable CD-ROM SCSI-2 device cd0: 10.000MB/s transfers (10.000MHz, offset 15) cd0: Attempt to query device size failed: NOT READY, Medium not present da1 at ahc0 bus 0 target 6 lun 0 da1: <IOMEGA ZIP 100 J.02> Removable Direct Access SCSI-2 device da1: 3.300MB/s transfers da1: Attempt to query device size failed: NOT READY, Medium not present da0 at ahc0 bus 0 target 0 lun 0 da0: <WDIGTL WDE4360-1807A3 1.80> Fixed Direct Access SCSI-2 device da0: 20.000MB/s transfers (10.000MHz, offset 8, 16bit) da0: 4095MB (8388314 512 byte sectors: 255H 63S/T 522C) swapon: adding /dev/da0s3b as swap device Automatic boot in progress... /dev/da0s3a: FILESYSTEM CLEAN; SKIPPING CHECKS /dev/da0s3a: clean, 65005 free (293 frags, 8089 blocks, 0.3% fragmentation) /dev/da0s3f: FILESYSTEM CLEAN; SKIPPING CHECKS /dev/da0s3f: clean, 550193 free (72393 frags, 59725 blocks, 5.5% fragmentation) /dev/da0s3e: FILESYSTEM CLEAN; SKIPPING CHECKS /dev/da0s3e: clean, 18843 free (131 frags, 2339 blocks, 0.7% fragmentation) Doing initial network setup: hostname ipfilter open device: Device not configured ioctl(SIOCIPFFL): Bad file descriptor open device: Device not configured 1: unknown keyword (ipfw) 2: unknown keyword (ipfw) open device: Device not configured SIOCFRENB: Bad file descriptor . dhclient: New IP Address(dc0): 63.151.74.117 dhclient: New Subnet Mask (dc0): 255.255.255.0 dhclient: New Broadcast Address(dc0): 255.255.255.255 dhclient: New Routers: 63.151.74.1 dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet6 fe80::204:5aff:fe4a:7e34%dc0 prefixlen 64 scopeid 0x1 inet 63.151.74.117 netmask 0xffffff00 broadcast 255.255.255.255 ether 00:04:5a:4a:7e:34 media: autoselect (100baseTX <full-duplex>) status: active supported media: autoselect 100baseTX <full-duplex> 100baseTX 10baseT/UTP <full-duplex> 10baseT/UTP none lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 IP packet filtering initialized, divert disabled, rule-based forwarding disabled, default to deny, logging disabled Kernel firewall module loaded Flushed all rules. ip_fw_ctl: invalid command ipfw: getsockopt(IP_FW_ADD) : Invalid argument 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0 /8 01000 allow ip from 10.10.10.0 /24 to 10.10.10.0 /24 01100 allow ip from 10.10.10.0 /24 to 255.255.255.255 via dc0 02000 deny log ip from 10.10.10.0 /24 to any in recv dc0 02100 deny log ip from 255.255.0.0 /16 to any in recv dc0 02200 deny log ip from 172.16.0.0 /12 to any via dc0 02300 deny log ip from any to 172.16.0.0 /12 in recv dc0 02400 deny log ip from 192.168.0.0 /16 to any via dc0 02500 deny log ip from any to 192.168.0.0 /16 in recv dc0 03000 deny log ip from 0.0.0.0 /8 to any via dc0 03100 deny log ip from any to 0.0.0.0 /8 in recv dc0 03200 deny log ip from 169.254.0.0 /16 to any via dc0 03300 deny log ip from any to 169.254.0.0 /16 in recv dc0 03400 deny log ip from 192.0.2.0 /24 to any via dc0 03500 deny log ip from any to 192.0.2.0 /24 in recv dc0 03600 deny log ip from 224.0.0.0 /4 to any via dc0 03700 deny log ip from any to 224.0.0.0 /4 in recv dc0 03800 deny log ip from 240.0.0.0 /4 to any via dc0 03900 deny log ip from any to 240.0.0.0 /4 in recv dc0 05000 allow tcp from any to any established 05100 allow ip from any to any frag 05200 allow tcp from any to 63.151.74.117 25 setup 05300 allow tcp from any 20 to any 06000 allow tcp from any to 63.151.64.83 53 setup 06100 allow udp from any to 63.151.64.83 53 06200 allow udp from 63.151.64.83 53 to any 06300 allow tcp from any to 63.151.64.18 53 setup 06400 allow udp from any to 63.151.64.18 53 06500 allow udp from 63.151.64.18 53 to any 06600 allow tcp from any to 63.151.74.117 80 setup 06700 allow tcp from 24.213.60.74 110 to any 07000 allow log tcp from any to any 6699 in recv dc0 07100 allow log tcp from any to any 5555 in recv dc0 07200 allow log tcp from any to any 7777 in recv dc0 07300 allow log tcp from any to any 8888 in recv dc0 08000 deny log tcp from any to any in recv dc0 setup 08100 allow tcp from any to any setup 08200 allow udp from any 123 to 63.151.74.117 08300 allow udp from 63.151.74.117 to any 123 08400 allow udp from any to any 33434 -33523 out xmit dc0 10000 allow icmp from any to any via dc0 10100 allow icmp from any to any out xmit dc0 icmptype 8 10200 allow icmp from any to any in recv dc0 icmptype 0 10300 allow icmp from any to any via dc0 icmptype 3 ,4 ,11 ,12 10400 deny log icmp from any to any 60000 deny log ip from any to 0.0.0.255 : 0.0.0.255 in recv dc0 61000 deny log udp from any to any 137 -139 via dc0 61100 allow udp from 10.10.10.0 /24 to 10.10.10.0 /24 137 -139 via dc0 61200 deny log udp from any to any 137 -139 via dc0 62000 deny log ip from 10.0.0.0 /8 to any via dc0 62100 deny log ip from any to 10.0.0.0 /8 via dc0 65000 deny log ip from any to any via dc0 65100 allow log ip from any to any Firewall rules loaded, starting divert daemons: natd . route: writing to routing socket : File exists add net default: gateway 63.151.174.1: File exists Additional routing options: tcp extensions=NO IP gateway=YES TCP keepalive=YES . Routing daemons: . Doing IPv6 network setup: add net ::ffff:0.0.0.0: gateway ::1 add net ::0.0.0.0: gateway ::1 net.inet6.ip6.forwarding: 0 -> 0 net.inet6.ip6.accept_rtadv: 0 -> 0 net.inet6.ip6.accept_rtadv: 0 -> 1 add net fe80::: gateway ::1 add net ff02::: gateway fe80::204:5aff:fe4a:7e34%dc0 ND default interface = dc0 IPv4 mapped IPv6 address support=YES . Additional daemons: syslogd . Doing additional network setup: portmap . Starting final network daemons: . ELF ldconfig path: /usr/lib /usr/lib/compat /usr/X11R6/lib /usr/local/lib a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout /usr/X11R6/lib/aout Starting standard daemons: inetd cron sendmail sshd . Initial rc.i386 initialization: . Configuring syscons: blank_time moused . Additional ABI support: linux . Local package initialization: . Additional TCP options: log_in_vain=YES . Wed Sep 26 13:49:58 PDT 2001 Sep 26 13:50:03 V719X8 login: ROOT LOGIN (root) ON ttyv0 Sep 26 13:54:36 V719X8 dhclient: send_packet: Permission denied Sep 26 13:55:11 V719X8 last message repeated 4 times Sep 26 13:57:14 V719X8 last message repeated 7 times --------------ADB79F89B76803DB95963A30-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3BB28BAC.84AD1E00>