messages from dhclient

Bob Hall rjhjr at cox.net
Sun Apr 17 07:25:07 PDT 2005 

On Sun, Apr 17, 2005 at 02:50:05PM +0200, Joost van Dijk wrote:
> On Sunday 17 April 2005 14:17, Bob Hall wrote:
> > 
> > My solution is in the archives, here:
> > 
> http://lists.freebsd.org/mailman/htdig/freebsd-questions/2005-January/071412.html
> > Again, I can't promise that it will solve your problem.
> > 
> > Bob Hall
> 
> I had a look at the document, but I am afraid that this is all way above my 
> head. This may also explain why my csvup.<hostname>.FreeBSD.org was finding 
> nothing. Not one single host I tried could be found up and running. It seems 
> that all FreeBSD servers were down. It is probably the firewall which is 
> disabling my machine. I shall see if it is possible to turn it off. 
> 
> Now, it will probably take me 6 hours to find out how to do that. Whew!

Don't turn off the firewall.

Look in /var/db/dhclient.leases, and find the entry for routers. If your
ISP is set up like mine, there will be only one IP address for a router
listed. Put the following rule before any NAT diverts in your firewall,
if you're using NAT. That's important, because IPFW ignores it if it is
placed after a divert rule. 

${fwcmd} add allow udp from ${router} bootps to ${bcast} bootpc in via ${oif}

Replace ${router} with the router IP address. Replace ${bcast} with
255.255.255.255. If I recall correctly, you load new firewall rules by
uttering
	rc.firewall
assuming that "rc.firewall" contains the firewall rules that you are
using. /etc/rc.firewall contains the default rules for IPFW. I recommend
making a backup copy of /etc/rc.firewall before making any changes.

If that works, then you have diagnosed the problem and you can worry
about a more conplicated set of rules. If it doesn't work, then you
haven't found the cause of your problem.

BTW, the firewall rule above is not an obvious test, but it opens a hole
in your firewall for a packet that dhclient expects to get periodically.
When it doesn't get it, it starts trying to send the messages that your
firewall is blocking. Just allowing dhclient to send the messages won't
necessarily solve the problem. It will just make the immediate symptom
go away.

Another test, which I don't recommend, is to set your firewall so that
it defaults to allow. If the messages go away, then your firewall rules
are blocking traffic that dhclient needs.

HTH,
Bob Hall

More information about the freebsd-questions mailing list