Re: [leaf-user] RE: Stopping DHCPD logging

Fri, 17 Jan 2003 09:21:42 -0800



--On Friday, January 17, 2003 8:37 AM -0800 Brock Nanson <[EMAIL PROTECTED]> wrote:

--On Thursday, January 16, 2003 4:52 PM -0800 Brock Nanson
<[EMAIL PROTECTED]> wrote:

> Googling suggested that this was a firewall issue
> so I played about with that for a while - finally got it to stop by
> adjusting the Shorewall rules to ACCEPT UDP 67 and 68
between the Bering
> box and my LAN.
>

The correct solution is to specify the 'dhcp' in
/etc/shorewall/interfaces
for the interface(s) being served by dhcpd.

-Tom

Ah, that might be the problem.  I looked at my interfaces file and saw
that my LAN interface did NOT have this enabled, however, the note at
the beginning of the interfaces file says that the DHCP setting is used
if the "interface is managed by DHCP".

The interfaces file that I release says:

#             dhcp         - interface is managed by DHCP or used by
                                                         ----------
#                            a DHCP server running on the firewall or
                            -------------------------------------
#                            you have a static IP but are on a LAN
#                            segment with lots of Laptop DHCP clients.
#

What version of Shorewall do you have?


I took the 'managed' term to
imply that the interface gets an address via DHCP, not that it serves
DHCPD.  As well, I was always able to get an IP without this entry - I
just got the errors described in the original poster's message when a
lease renewal was required.

I will try changing this setting tonight, although I'm betting the
'dhcp' entry just does what I did manually...(?)
It adds those rules but much earlier in the rule gauntlett.

-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: teastep \ http://shorewall.sf.net
ICQ: #60745924 \ [EMAIL PROTECTED]


-------------------------------------------------------
This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will
allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to