DHCP with ipfw
Sergei Gnezdov
use-reply-to at gnezdov.net
Wed Apr 6 22:23:17 PDT 2005
On 2005-04-06, Suporte Matik <asstec at matik.com.br> wrote:
> On Tuesday 05 April 2005 23:12, Sergei Gnezdov wrote:
>
>> In gmane.os.freebsd.devel.ipfw, you wrote:
>> > On Monday 04 April 2005 05:06, Martin wrote:
>> >> If the DHCP server is slow and did not reply back before the
>> >> dhclient did continue the boot process, you maybe you do have
>> >> to reload the FW rules once your DHCP connection is established.
>> >
>> > your dhcpd should not be sooo slow and ignore several retries
>>
>> I don't think dhcp speed matters. I can say for sure that I see
>> ipfw rules initialization happends before (!) dhcp is initialized.
>> I can't prove it with dmesg, because it does not capture absolutely
>> everything, but I can see on the console ipfw rules show up first
>> and then a dhcp startup message.
>
> after boot mounts your partitions the network should be initialized
> and if you have ifconfig_nic="DHCP" in your rc.conf dhclient should
> look for a dhcp server first and probably gets an answer. If you
> didn't daemonized the dhclient process it should stay until timeout
> or getting the IP address and then run the rest of network setup.
>
> So almost for sure dhcp goes first but is not getting an answer within
> time and you do not noticed it.
>
You are probably right about timeout. I enabled rc.conf debuging and
captured the following console output:
/etc/rc: DEBUG: run_rc_command: evaluating pccard_start().
/etc/rc: DEBUG: run_rc_command: evaluating network_start().
/etc/rc: DEBUG: Cloned:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
/etc/rc: DEBUG: The following interfaces were not configured: plip0
/etc/rc.d/ipfilter: DEBUG: checkyesno: ipfilter_enable is set to NO.
/etc/rc: DEBUG: checkyesno: isdn_enable is set to NO.
/etc/rc: DEBUG: checkyesno: ppp_enable is set to NO.
/etc/rc: DEBUG: checkyesno: firewall_enable is set to YES.
/etc/rc: DEBUG: run_rc_command: evaluating ipfw_precmd().
ipfw2 initialized, divert disabled, rule-based forwarding disabled, default to d
eny, logging disabled
/etc/rc: DEBUG: run_rc_command: evaluating ipfw_start().
Executing: /etc/rc
Flushed all rules.
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
ipfw: hostname ``to'' unknown
ipfw: hostname ``'' unknown
[snip...]
ipfw: hostname ``'' unknown
Firewall rules loaded, starting divert daemons:/etc/rc.d/natd: DEBUG: checkyesno
: natd_enable is set to NO.
/etc/rc: DEBUG: checkyesno: firewall_logging is set to YES.
Firewall logging enabled
net.inet.ip.fw.enable: 1 -> 1
/etc/rc: DEBUG: pid file (/var/run/dhclient.pid): not readable.
/etc/rc: DEBUG: run_rc_command: evaluating dhclient_prestart().
/etc/rc: DEBUG: checkyesno: background_dhclient is set to NO.
Starting dhclient.
/etc/rc: DEBUG: run_rc_command: _doit: /sbin/dhclient rl0
/etc/rc: DEBUG: run_rc_command: evaluating dhclient_poststart().
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet6 fe80::250:bfff:fe73:50f3%rl0 prefixlen 64 scopeid 0x1
inet 192.168.2.102 netmask 0xffffff00 broadcast 192.168.2.255
More information about the freebsd-ipfw
mailing list