Re: pf.conf and cable modem

On Wed, 28 Feb 2007 18:02:15 +0000
RW <fbsd06@xxxxxxxxxxxxxxxxxxx> wrote:

On Wed, 28 Feb 2007 12:44:21 -0500
alex@xxxxxxxxxxxx wrote:

Quoting RW <fbsd06@xxxxxxxxxxxxxxxxxxx>:

When I used DHCP with PF, I found that it just worked without any
rules at all.

That's been my experience as well (admittedly on OpenBSD, but it's
basically the same PF). Remember, your NIC's initialization
sequence, which is where the DHCP request will come, happens before
PF is enabled, so you're essentially at a "pass all" sort of a
state when the request happens.

The one thing to keep in mind is that if you're doing, say, NAT for
some clients behind the box, you can use a rule like this to deal
with any changes in your dynamic IP

Not in my experience.

I was using a half-bridge modem that had a 30 second lease time, which
was definitely renewing. It would also give me a private address when
PPPoA went down, and I saw that happen too.

I added-in some early static rules to log all the DHCP packets. IIRC I
never saw any of the lease renewal packets, just some broadcast
packets. I asked in this list about it but never got a reply.

I suspect that either DHCP sees the packets directly in some way, or
PF has some special handling for DHCP. In either case it would make
sense for PF rules to see the broadcasts, since they might need to be
bridged.

Sorry, I misread what you were saying about the rule, but the point
still remains that it's not simply the case that PF is in pass-all mode
when DHCP start.
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: Vista TCP
    ... DHCP, I don't get a DHCP address allocated to me from the AP. ... DISCOVER broadcast packet and then receiving a DHCP OFFER broadcast back ... the driver's packets filters were setup to handle ... Thinking that perhaps I had a problem with the packet filters, ...
    (microsoft.public.development.device.drivers)
  • Re: pf.conf and cable modem
    ... I was using a half-bridge modem that had a 30 second lease time, ... I added-in some early static rules to log all the DHCP packets. ... never saw any of the lease renewal packets, just some broadcast ...
    (freebsd-questions)
  • Help w/ routing on Cisco 1841...
    ... router successfully making a DHCP request to the cable system and getting ... interface FastEthernet0/0 ... description Outside Interface to Cable Modem ... input packets with dribble condition detected ...
    (comp.dcom.sys.cisco)
  • Re: IP Address
    ... DHCP is used to request an IP address ... NIS mean by the term "loopback"? ... IP also "loop back" packets that are ... DHCP is a superset of BOOTP, ...
    (microsoft.public.windowsxp.newusers)
  • Re: dhclient denied
    ... > not all DHCP messages go out to the IP broadcast address. ... >> so that and the failure of firewall changes to end the message make ... >> me think that the blocked packets aren't getting as far as the firewall. ... and "out xmit" is that "out via" checks both incoming and outgoing packets, ...
    (freebsd-questions)