Sorry, That was the only thing relating to DHCP that I could find in any of the logs. Sorry, I don't know where the DHCP transaction is logged. Is it somewhere is the same place as the syslog file?
What is a WAG? Right. I added my UBRs IP address to the /etc/shorewall/rfc1918 file, shich stops it getting filtered by that. And you are saying that the initial DHCP Lease works because shorewall is not up at that point. So if the UBR is my DHCP Relay then I need to do ACCEPT net:10.70.24.1 fw udp dhcp I guess. Cheers, James. > -----Original Message----- > From: Lynn Avants [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 05, 2003 11:53 PM > To: [EMAIL PROTECTED] > Subject: Re: [leaf-user] Receiving DHCP broadcasts > > On Tuesday 04 March 2003 10:05 am, James Neave wrote: > > Hi James, > > You've sent us little detail and virtually no information other than pump > doesn't seem to receive a dhcp offer after the inital boot and the fact > that someone was scanning your Netbios port. I will however make a WAG. > > After you reboot the box and receive a dhcp lease, look in your logs and > find > the lines indicating the transaction. I believe you will find that your > ISP's > DHCP server is in the rfc1918 range. If this is true, you will need to > allow > these addresses through the firewall as indicated by Tom's excellent > documentation of Shorewall and probably over 100 similar posts with Bering > in the leaf-user archives. > > Now, the reason you receive an dhcp lease during boot is because Shorewall > has not yet started and thus does not block anything until the > /etc/init.d/shorewall script is run during boot. Shorewall will then block > the dhcp server once the system has completely booted. > > > Hi again, > > > > OK, brought some logs in. > > > > When my internet connection stopped on Saturday. At this point eth0 > > still reports having an IP address in the weblet --> Network Setup > > I tried running the pump command, this is the DHCP client, yes?. It > > wrote this to the log > > > > Mar 1 11:45:32 firewall kernel: eth0: Setting Rx mode to 0 addresses. > > Mar 1 11:45:32 firewall kernel: eth0: Setting Rx mode to 1 addresses. > > Mar 1 11:45:32 firewall pumpd[27199]: PUMP: sending discover > > Mar 1 11:45:32 firewall pumpd[27199]: breq: opcode: 1 > > Mar 1 11:45:32 firewall pumpd[27199]: breq: hw: 1 > > Mar 1 11:45:32 firewall pumpd[27199]: breq: hwlength: 6 > > Mar 1 11:45:32 firewall pumpd[27199]: breq: hopcount: 0 > > Mar 1 11:45:32 firewall pumpd[27199]: breq: xid: 0x1ead00e8 > > Mar 1 11:45:32 firewall pumpd[27199]: breq: secs: 0 > > Mar 1 11:45:32 firewall pumpd[27199]: breq: flags: 0x0000 > > Mar 1 11:45:32 firewall pumpd[27199]: breq: ciaddr: 0.0.0.0 > > Mar 1 11:45:32 firewall pumpd[27199]: breq: yiaddr: 0.0.0.0 > > Mar 1 11:45:32 firewall pumpd[27199]: breq: server_ip: 0.0.0.0 > > Mar 1 11:45:32 firewall pumpd[27199]: breq: bootp_gw_ip: 0.0.0.0 > > Mar 1 11:45:32 firewall pumpd[27199]: breq: hwaddr: > > Mar 1 11:45:32 firewall pumpd[27199]: breq: servername: > > Mar 1 11:45:32 firewall pumpd[27199]: breq: bootfile: > > Mar 1 11:45:32 firewall pumpd[27199]: breq: vendor: 0x63 0x53 0x82 0x63 > > Mar 1 11:45:32 firewall pumpd[27199]: breq: vendor: 53 1 0x01 > > Mar 1 11:45:32 firewall pumpd[27199]: breq: vendor: 0xff > > > > Once I do that, ip addr shows that eth0 has no IP address. Internet > > access is still down. > > > > Apart from that, the only things in the log is lots of this... > > > > Mar 1 07:15:01 firewall /USR/SBIN/CRON[16448]: (root) MAIL (mailed 12 > > bytes of output but got status 0x0001 ) > > Mar 1 11:45:01 firewall /USR/SBIN/CRON[2897]: (root) CMD > > (/etc/multicron-p) > > > > Lots of blocked packets, the last of them being this (x3) > > > > Mar 1 09:12:23 firewall kernel: Shorewall:net2all:DROP:IN=eth0 OUT= > > MAC=00:20:af:e1:2d:00:00:05:5f:ee:b0:a8:08:00 SRC=212.241.103.151 > > DST=81.102.124.19 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=1612 DF PROTO=TCP > > SPT=1172 DPT=139 WINDOW=16384 RES=0x00 SYN URGP=0 > > > > I have the rest of the log if anything else is needed... > > > > I read the rest of the shorewall FAQ, but I can't see the problem. The > > only thing I can think of is that it's the cable company, but because > > I'm not using windows they won't give me any support. > > > > I do have sources of information about their network though. > > > > OK, that's it. Thanks! > > > > James > > > > > -----Original Message----- > > > From: James Neave > > > Sent: Monday, March 03, 2003 1:21 PM > > > To: [EMAIL PROTECTED] > > > Subject: RE: [leaf-user] Receiving DHCP broadcasts > > > > > > I *think* I get FAQ#21, thanks Tom. But that problem is gone no, so > > > > not > > > > > a problem. > > > > > > This UBR's IP address is static, no nothing else needs to be done > > > > about > > > > > that. > > > > > > Of course I *still* have to switch everything off/on every now and > > > > then. > > > > > I meant to bring the logs in to post here, but I forgot. I'll bring > > > > them > > > > > in tomorrow... > > > > > > Jim > > > > > > > -----Original Message----- > > > > From: Tom Eastep [mailto:[EMAIL PROTECTED] > > > > Sent: Friday, February 28, 2003 2:42 PM > > > > To: [EMAIL PROTECTED] > > > > Subject: RE: [leaf-user] Receiving DHCP broadcasts > > > > > > > > > > > > > > > > --On Friday, February 28, 2003 10:47:14 AM +0000 James Neave > > > > > > > > <[EMAIL PROTECTED]> wrote: > > > > > but apparently not blocking the UBR is very important. > > > > > > > > > > A few questions about that log entry if I may? > > > > > > > > > > According to the weblet, sorting the denied packets by IP address > > > > > > lists > > > > > > > > all these packets as caused by '81.102.124.19', which is my > > > > external > > > > > IP > > > > > > > > on eth0. Can somebody explain why? > > > > > > > > > > "SRC=10.75.48.1 DST=192.168.1.1" > > > > > > > > > > DST is the local IP for my WinXP box, how come SRC is trying to > > > > send > > > > > it > > > > > > > > packets? > > > > > > > > Jim, Please see Shorewall FAQ #21. That FAQ addresses a similar > > > > > > question. > > > > > > > If after you have read that FAQ you still have questions, then > > > > please > > > > > > re-post. > > > > > > > > > I don't know whether the UBR has a static IP, but I do know the > > > > > > ranges > > > > > > > > it will always be in (10.xxx.xxx.1 or 172.xx.xxx.254). If it turns > > > > > > out > > > > > > > > to be dynamic, is it possible to put those ranges instead of a > > > > > > static IP > > > > > > > > in to /etc/shorewall/rfc1918? > > > > > > > > I don't understand the question. What do you propose to put in the > > > > > > file in > > > > > > > place of static IPs? > > > > > > > > -Tom > > > > -- > > > > Tom Eastep \ Shorewall - iptables made easy > > > > Shoreline, \ http://www.shorewall.net > > > > Washington USA \ [EMAIL PROTECTED] > > > > > > > > > > > > > > > > ------------------------------------------------------- > > > > This sf.net email is sponsored by:ThinkGeek > > > > Welcome to geek heaven. > > > > http://thinkgeek.com/sf > > > > ------------------------------------------------------------------------ > > > > > > leaf-user mailing list: [EMAIL PROTECTED] > > > > https://lists.sourceforge.net/lists/listinfo/leaf-user > > > > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > > > > > > ------------------------------------------------------- > > > This sf.net email is sponsored by:ThinkGeek > > > Welcome to geek heaven. > > > http://thinkgeek.com/sf > > > > ------------------------------------------------------------------------ > > > > > leaf-user mailing list: [EMAIL PROTECTED] > > > https://lists.sourceforge.net/lists/listinfo/leaf-user > > > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > > > > ------------------------------------------------------- > > This SF.net email is sponsored by: Etnus, makers of TotalView, The > debugger > > for complex code. Debugging C/C++ programs can leave you feeling lost > and > > disoriented. TotalView can help you find your way. Available on major > UNIX > > and Linux platforms. Try it free. www.etnus.com > > ------------------------------------------------------------------------ > > leaf-user mailing list: [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/leaf-user > > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > > -- > ~Lynn Avants > Linux Embedded Appliance Firewall developer > http://leaf.sourceforge.net > > > ------------------------------------------------------- > This SF.net email is sponsored by: Etnus, makers of TotalView, The > debugger > for complex code. Debugging C/C++ programs can leave you feeling lost and > disoriented. TotalView can help you find your way. Available on major UNIX > and Linux platforms. Try it free. www.etnus.com > ------------------------------------------------------------------------ > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
