Re: dhclient denied

From: Lowell Gilbert (freebsd-questions-local_at_be-well.no-ip.com)
Date: 08/22/03

Next message: Rick Hoekman: "Cron job question"

Previous message: B. Kellogg: "Re: nVidia nForce2 chipset and on-board ethernet"
In reply to: Bob Hall: "dhclient denied"
Next in thread: Bob Hall: "Re: dhclient denied"
Reply: Bob Hall: "Re: dhclient denied"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: "Bob Hall" <rjhjr@cox.net>
Date: 22 Aug 2003 11:39:07 -0400

"Bob Hall" <rjhjr@cox.net> writes:

> I posted about this a while ago, but I haven't been able to
> find the cause. I'm getting the following message:
> Aug 21 13:00:03 kongemord dhclient: send_packet: Permission denied
>
> DHCP seems to work fine; I'm getting and maintaining DHCP leases
> properly. But these messages are filling up my messages file and
> causing my curiosity to drive me crazy. I initially thought that
> my firewall was blocking DHCP packets, but I've tried various ipfw
> rule changes, including some suggested here, with no effect. My
> current DHCP rules are:
> ${fwcmd} add allow udp from any bootps to any bootps keep-state out via
> ${oif}
> ${fwcmd} add allow udp from any 68 to 255.255.255.255 67 keep-state out
> via ${oif}
> I know the second line is redundent. I was grasping at straws when I
> put it in.

They're not redundant. 67 is bootps and 68 is bootpc. Furthermore,
not all DHCP messages go out to the IP broadcast address.

> Generally, a failed connection attempt generates a message with
> the IP address and port at each end. This message doesn't have that,
> so that and the failure of firewall changes to end the message make
> me think that the blocked packets aren't getting as far as the firewall.
>
> Does anybody have any idea what is causing this?

You don't get IP addresses listed when you don't have one yet.

I'd recommend trying something like this for your DHCP support:
$fwcmd add pass udp from any to any bootps keep-state out xmit ${oif}

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

Next message: Rick Hoekman: "Cron job question"

Previous message: B. Kellogg: "Re: nVidia nForce2 chipset and on-board ethernet"
In reply to: Bob Hall: "dhclient denied"
Next in thread: Bob Hall: "Re: dhclient denied"
Reply: Bob Hall: "Re: dhclient denied"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

Re: Blocking Access to web-based email
... the way I do it is with one Firewall appliance and different HTTP ... you setup DHCP with reservations for their MAC and their IP is ... But you don't want the NAT device assigning the IP, ...
(comp.security.firewalls)
Re: Blocking Suspicious Outbound Traffic
... DHCP IP range as being external to the rest of the library ... since the firewall products I've tried so far are very limited ... >> network for high speed internet access. ... >> started bringing in infected notebooks. ...
(comp.security.firewalls)
Re: What are FSMO roles?
... Hardware firewall as DHCP ... ... SBS2000 is the DNS server, and of course, the DC. ...
(microsoft.public.windows.server.sbs)
Re: welche server-dienste gibt es noch?
... Und natürlich den LanManager/LanServer/peerdienste. ... Bei neueren Versionen sind DDNS, DHCP und NFS ... Eine entsprechende Firewall ...
(de.comp.os.os2.networking)
Re: Verbindung geht nur mit "fester" IP-Adresse
... Es bleibt beim "IP-Adresse beziehen" und kommt ... Bei der FRITZ!Box ist DHCP selbstverständlich aktiviert. ... Es existiert im dortigen LAN nur noch ein Notebook, ... die Firewall hatten wir gestern schon beim Wickel: ...
(microsoft.public.de.german.windowsxp.networking)