DHCP with ipfw

Sergei Gnezdov use-reply-to at gnezdov.net
Wed Apr 6 22:23:17 PDT 2005

On 2005-04-06, Suporte Matik <asstec at matik.com.br> wrote:
> On Tuesday 05 April 2005 23:12, Sergei Gnezdov wrote: 
>> In gmane.os.freebsd.devel.ipfw, you wrote:
>> > On Monday 04 April 2005 05:06, Martin wrote:
>> >> If the DHCP server is slow and did not reply back before the
>> >> dhclient did continue the boot process, you maybe you do have
>> >> to reload the FW rules once your DHCP connection is established.
>> >
>> > your dhcpd should not be sooo slow and ignore several retries
>> I don't think dhcp speed matters.  I can say for sure that I see
>> ipfw rules initialization happends before (!) dhcp is initialized. 
>> I can't prove it with dmesg, because it does not capture absolutely
>> everything, but I can see on the console ipfw rules show up first
>> and then a dhcp startup message.
> after boot mounts your partitions the network should be initialized 
> and if you have ifconfig_nic="DHCP" in your rc.conf dhclient should 
> look for a dhcp server first and probably gets an answer. If you 
> didn't daemonized the dhclient process it should stay until timeout 
> or getting the IP address and then run the rest of network setup.
> So almost for sure dhcp goes first but is not getting an answer within 
> time and you do not noticed it.

You are probably right about timeout.  I enabled rc.conf debuging and
captured the following console output:

/etc/rc: DEBUG: run_rc_command: evaluating pccard_start().
/etc/rc: DEBUG: run_rc_command: evaluating network_start().
/etc/rc: DEBUG: Cloned:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
/etc/rc: DEBUG: The following interfaces were not configured:  plip0
/etc/rc.d/ipfilter: DEBUG: checkyesno: ipfilter_enable is set to NO.
/etc/rc: DEBUG: checkyesno: isdn_enable is set to NO.
/etc/rc: DEBUG: checkyesno: ppp_enable is set to NO.
/etc/rc: DEBUG: checkyesno: firewall_enable is set to YES.
/etc/rc: DEBUG: run_rc_command: evaluating ipfw_precmd().
ipfw2 initialized, divert disabled, rule-based forwarding disabled, default to d
eny, logging disabled
/etc/rc: DEBUG: run_rc_command: evaluating ipfw_start().
Executing: /etc/rc
Flushed all rules.
00100 allow ip from any to any via lo0
00200 deny ip from any to
00300 deny ip from to any
ipfw: hostname ``to'' unknown
ipfw: hostname ``'' unknown
ipfw: hostname ``'' unknown
Firewall rules loaded, starting divert daemons:/etc/rc.d/natd: DEBUG: checkyesno
: natd_enable is set to NO.

/etc/rc: DEBUG: checkyesno: firewall_logging is set to YES.
Firewall logging enabled
net.inet.ip.fw.enable: 1 -> 1
/etc/rc: DEBUG: pid file (/var/run/dhclient.pid): not readable.
/etc/rc: DEBUG: run_rc_command: evaluating dhclient_prestart().
/etc/rc: DEBUG: checkyesno: background_dhclient is set to NO.
Starting dhclient.
/etc/rc: DEBUG: run_rc_command: _doit: /sbin/dhclient  rl0
/etc/rc: DEBUG: run_rc_command: evaluating dhclient_poststart().
        inet6 fe80::250:bfff:fe73:50f3%rl0 prefixlen 64 scopeid 0x1
        inet netmask 0xffffff00 broadcast

More information about the freebsd-ipfw mailing list