Re: pf.conf and cable modem

Quoting RW <fbsd06@xxxxxxxxxxxxxxxxxxx>:

On Tue, 27 Feb 2007 14:55:55 -0800
"Josh Carroll" <josh.carroll@xxxxxxxxx> wrote:

> I am converting from DSL to RoadRunner this week and wondering if
> there is anything special I need to do to my pf.conf for passing
> DHCP into my NIC?

I think all you'll need is:

pass in quick on $ext_if proto udp from any port 67 to any port 68
keep state


When I used DHCP with PF, I found that it just worked without any rules
at all.

That's been my experience as well (admittedly on OpenBSD, but it's basically the same PF). Remember, your NIC's initialization sequence, which is where the DHCP request will come, happens before PF is enabled, so you're essentially at a "pass all" sort of a state when the request happens.

The one thing to keep in mind is that if you're doing, say, NAT for some clients behind the box, you can use a rule like this to deal with any changes in your dynamic IP (which should be extremely rare -- on Comcast I've had one IP change in 1.5 years, and that was because I was down for a significant chunk of time):

nat on $ext_if from $int_if:network to any -> (nfe0)

The "(nfe0)" here says "use the IP address of the nfe0 interface, instead of requiring you to specify the address manually.

HTH,
Alex Kirk

_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: pf.conf and cable modem
    ... there is anything special I need to do to my pf.conf for passing ... DHCP into my NIC? ... pass in quick on $ext_if proto udp from any port 67 to any port 68 ...
    (freebsd-questions)
  • Re: New Solaris user, has networking questions...
    ... Strange -- just that I've never seen a 3Com 905C-series chipset ... the only Ethernet port visible under ... ifconfig is the elxl0 port, which is the built-in motherboard port. ... or get it to pull one down via DHCP (if I ...
    (comp.unix.solaris)
  • Re: Static IP outside of router DHCP range
    ... This would avoid the need for DHCP entirely, ... As I recall, the clients that use BootP will pull ... Unfortunately my 8 clients are little $50 boxes with an Ethernet port and yellow, red, and white outputs for composite NTSC video and stereo audio, but no provisions whatsoever to flash their NVRAM. ... I still am wondering if my Netgear switches truly have any "memory" of the ports associated with specific IP addresses of the connected clients, as they have no reset or reboot function as far as I know. ...
    (alt.comp.hardware.pc-homebuilt)
  • Re: routing problem?
    ... DHCP is your friend. ... > understand how is the WAN port different from the LAN ports, ... there's a built-in firewall from WAN to LAN, and they don't give you the ... if you find something with fewer features, ...
    (comp.os.linux.networking)
  • Re: Wireless between two Buffalo WHR-G54S
    ... One is set up as a wireless router. ... DHCP on, wireless enabled, SSID ... The WAN port is plugged into my Ambit cable modem, ... DHCP on downstairs, DHCP off upstairs. ...
    (alt.internet.wireless)