Date: Sat, 8 Jan 2005 20:25:39 -0500 From: Bob Hall <rjhjr@cox.net> To: freebsd-questions@freebsd.org Subject: Re: dhclient: send_packet: Permission denied Message-ID: <20050109012539.GA5042@kongemord.krig.net> In-Reply-To: <20050106213433.GA1699@kongemord.krig.net> References: <20050106213433.GA1699@kongemord.krig.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I keep getting the message dhclient: send_packet: Permission denied I try sockstat | grep dhclient and get root dhclient 247 4 udp4 *:68 *:* root dhclient 247 6 dgram -> /var/run/log I utter psgrep dhclient and get root 247 0.0 1.0 1812 1284 ?? Ss 2:13PM 0:00.26 /sbin/dhclient rl0 I've tried setting up special rules in the firewall to catch the dhclient packets, and the firewall doesn't seem to be stopping them. The ipfw rules to pass the packets are allow udp from any 68 to 255.255.255.255 dst-port 67 out via rl0 allow udp from any 67 to 255.255.255.255 dst-port 68 in via rl0 "ipfw show" doesn't register any packets even when dhclient is complaining about not being able to send packets. I can get an IP address, no problem. From the messages log: dhclient: New IP Address (rl0): <ip address> dhclient: New Subnet Mask (rl0): 255.255.254.0 dhclient: New Broadcast Address (rl0): <ip broadcast address> dhclient: New Routers: <ip router address> But even with this, I'm still getting the Permissin denied message. The only DHCP configuration I've done is in the rc.conf file: ifconfig_rl0="DHCP" I'm not using inetd. This has been a problem starting with FBSD 4.4 through 4.8. and with my current system, 5.2.1. I'll upgrade to 5.3 in a month or so when I have the time, but the problem seems to occur on all versions. I've searched the archives and Googled extensively, and I can find messages from other people with the same problem, but I haven't found a solution. I used tcpdump to look at the UDP traffic through the bootp ports. About once an hour, my host would send a UDP packet out the bootpc port to the bootps port at the broadcast address. I would get a reply back from my ISP's router with the DHCP server's IP address. Shortly before it was time to renew the DHCP lease, my host started sending out a boatload of these broadcast packets, with no response from my ISP. This stopped at the time the old lease listed as the renew time. The only thing I received from the DHCP server IP address was an echo request packet, which I didn't respond to. In spite of the fact that there was no evidence of UDP traffic between my host and the DHCP server, my DHCP lease was renewed and my IP address was changed. That's the first time my IP address has been changed when I wasn't off line. Output from ipfw list: 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 deny ip from 192.168.0.240/28 to any in via rl0 00500 deny ip from 68.230.190.0/23 to any in via xl0 00600 deny ip from any to 10.0.0.0/8 via rl0 00700 deny ip from any to 172.16.0.0/12 via rl0 00800 deny ip from any to 192.168.0.0/16 via rl0 00900 deny ip from any to 0.0.0.0/8 via rl0 01000 deny ip from any to 169.254.0.0/16 via rl0 01100 deny ip from any to 192.0.2.0/24 via rl0 01200 deny ip from any to 224.0.0.0/4 via rl0 01300 deny ip from any to 240.0.0.0/4 via rl0 01400 allow ip from any to any via xl0 01500 divert 8668 ip from any to any via rl0 01700 deny ip from 10.0.0.0/8 to any via rl0 01800 deny ip from 172.16.0.0/12 to any via rl0 01900 deny ip from 192.168.0.0/16 to any via rl0 02000 deny ip from 0.0.0.0/8 to any via rl0 02100 deny ip from 169.254.0.0/16 to any via rl0 02200 deny ip from 192.0.2.0/24 to any via rl0 02300 deny ip from 224.0.0.0/4 to any via rl0 02400 deny ip from 240.0.0.0/4 to any via rl0 02500 allow tcp from any to any established 02600 allow ip from any to any frag 02700 deny log tcp from any to any in via rl0 setup 02800 allow tcp from any to any setup 02900 allow udp from 68.230.186.138 to any dst-port 53 keep-state 03000 allow udp from any 123 to any dst-port 123 via rl0 03100 allow icmp from any to any icmptypes 3,4,8 out via rl0 03200 allow icmp from any to any icmptypes 0,3,4,11 in via rl0 03300 allow udp from any to any dst-port 33434-33523 out via rl0 03400 allow udp from any 68 to any dst-port 67 out via rl0 03500 allow udp from any 67 to any dst-port 68 in via rl0 03600 allow udp from any 68 to 255.255.255.255 dst-port 67 out via rl0 03700 allow udp from any 67 to 255.255.255.255 dst-port 68 in via rl0 03800 allow udp from any 68,67 to any dst-port 68,67 via rl0 65535 deny ip from any to any If I set up a specia deny all rule for UDP packets in IPFW (after rules allowing DNS, NTP, and traceroute and Windows ping), nothing triggers it. Nothing triggers the rules that I set up to allow the DHCP packets. Tcpdump doesn't show any UDP traffic between my host and the DHCP server. And yet dhclient is complaining that it doesn't have permission to send packets, and my DHCP lease is being renewed. Can anybody explain to me what is happening? Bob
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050109012539.GA5042>