DHCP with ipfw
Suporte Matik
asstec at matik.com.br
Mon Apr 4 16:25:47 PDT 2005
On Monday 04 April 2005 05:06, Martin wrote:
> ON 5+, you also have to open up the MAC layer FW:
> ipfw add allow mac via xl0
>
Hi
where do you guess this from? Shouldn't make any sense if not loading
bridge and enabling bridge firewalling first, overall this would
matter after dhclient asked for IP
> If the DHCP server is slow and did not reply back before the
> dhclient did continue the boot process, you maybe you do have
> to reload the FW rules once your DHCP connection is established.
your dhcpd should not be sooo slow and ignore several retries
but, may be you check /etc/rc.d/ipfw and tweak it's sub ipfw_precmd()
and add a check for empty or 0.0.0.0 IP address and not loading ipfw
then
don't know why this is not default
then or depending on what you want/need you may
tweak /etc/rc.d/dhclient and running ipfw after getting a lease but
prevent not rerunning unless your IP address did really changed
> >
> >When my machine boots firewall is initialized before DHCP obtains
> > IP address. This results in incomplete firewall configuration.
> > How do I fix this?
> >
you probably have a problem at you dhcpd or your network connection
the timeout is so long you should get the lease always before network
is starting anything else
> >My /etc/rc.firewall initialized with the following commands:
> >
> > net=`ifconfig rl0 | grep "inet " | awk '{print $6}'`
you're probably not awking the value you want here
Hans
> > mask="255.255.255.0"
> > ip=`ifconfig rl0 | grep "inet " | awk '{print $2}'`
--
Infomatik
http://info.matik.com.br
More information about the freebsd-ipfw
mailing list