It looks like I need to add the dhcp option to eth1 in my Bering rc4? I was running the dhcpd package on my pppoe adsl connection. DHCP ACKs from the server to internal clients were being dropped--yet the DHCP clients were able to release and renew addresses just fine. It's just that these messages were showing up in the log.
Nov 1 21:38:40 firewall kernel: Shorewall:all2all:REJECT:IN= OUT=eth1 SRC=192.168.35.254 DST=192.168.35.1 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=42049 DF PROTO=UDP SPT=67 DPT=68 LEN=308 Nov 1 21:38:45 firewall kernel: Shorewall:all2all:REJECT:IN= OUT=eth1 SRC=192.168.35.254 DST=192.168.35.1 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=54735 DF PROTO=UDP SPT=67 DPT=68 LEN=308 [Yes, I'm the guy who likes to change his default IP address. Doesn't anybody else have VPN routing issues to other networks that use the same default addressing? It seems that everyone and their mother has a broadband modem that defaults to 192.168.1.0/24.] According to http://www.shorewall.net/dhcp.htm, the dhcp option should be used on any interface that is receiving a DHCP address or serving a subnet of DHCP clients. Since I'm running dhcpd on eth1, that would qualify. PPPoE handles eth0 without DHCP. This is not mentioned anywhere in Jacques' user guide under PPPoE Shorewall setup. I am wondering why no one has run across this before. Did I miss something? http://leaf.sourceforge.net/devel/jnilo/bupppoe.html#AEN374 Here's my revised shorewall/interfaces file: #ZONE INTERFACE BROADCAST OPTIONS net ppp0 - routefilter,norfc1918 loc eth1 detect routestopped,dhcp Adding that dhcp option to my loc zone seems to have fixed this problem. I'm just surprised no one has mentioned it before. I've searched the list archives, FAQs, and user/install guides. George ------------------------------------------------------- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
