Re: dhclient denied
From: Bob Hall (rjhjr_at_cox.net)
Date: 08/22/03
- Previous message: Steve Warwick: "Something rotten in the OS?"
- In reply to: Lowell Gilbert: "Re: dhclient denied"
- Next in thread: Lowell Gilbert: "Re: dhclient denied"
- Reply: Lowell Gilbert: "Re: dhclient denied"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 22 Aug 2003 14:11:14 -0400 To: FreeBSD Questions List <freebsd-questions@freebsd.org>
On Fri, Aug 22, 2003 at 11:39:07AM -0400, Lowell Gilbert wrote:
> "Bob Hall" <rjhjr@cox.net> writes:
>
> > I posted about this a while ago, but I haven't been able to
> > find the cause. I'm getting the following message:
> > Aug 21 13:00:03 kongemord dhclient: send_packet: Permission denied
> >
> > DHCP seems to work fine; I'm getting and maintaining DHCP leases
> > properly. But these messages are filling up my messages file and
> > causing my curiosity to drive me crazy. I initially thought that
> > my firewall was blocking DHCP packets, but I've tried various ipfw
> > rule changes, including some suggested here, with no effect. My
> > current DHCP rules are:
> > ${fwcmd} add allow udp from any bootps to any bootps keep-state out via
> > ${oif}
> > ${fwcmd} add allow udp from any 68 to 255.255.255.255 67 keep-state out
> > via ${oif}
> > I know the second line is redundent. I was grasping at straws when I
> > put it in.
>
> They're not redundant. 67 is bootps and 68 is bootpc.
My error.
> Furthermore,
> not all DHCP messages go out to the IP broadcast address.
>
> > Generally, a failed connection attempt generates a message with
> > the IP address and port at each end. This message doesn't have that,
> > so that and the failure of firewall changes to end the message make
> > me think that the blocked packets aren't getting as far as the firewall.
> >
> > Does anybody have any idea what is causing this?
>
> You don't get IP addresses listed when you don't have one yet.
I have an IP address. I have never received the message at a time
when I didn't have an IP address.
> I'd recommend trying something like this for your DHCP support:
> $fwcmd add pass udp from any to any bootps keep-state out xmit ${oif}
I tried it and it had no effect. The only difference between "out via"
and "out xmit" is that "out via" checks both incoming and outgoing packets,
while "out xmit" checks only outgoing. In theory, there may be a difference
between "from any bootps" and "from any", but in practice it has made
no difference in behaviour. I got the same message either way.
Bob Hall
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
- Previous message: Steve Warwick: "Something rotten in the OS?"
- In reply to: Lowell Gilbert: "Re: dhclient denied"
- Next in thread: Lowell Gilbert: "Re: dhclient denied"
- Reply: Lowell Gilbert: "Re: dhclient denied"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
