First, the "bootpc and bootps packets" are themselves the DHCP request and response packets. bootp is an older protocol used for remote address assignment, and DHCP uses the same ports (the c and s suffixes just signify client and server).
Second, I am not familiar with ReplayTV hosts, except from reading about them. But if, as you say, they "work most reliably when configured for a static IP", why not just assign 192.168.1.1 to the host as a static address? (Or even 192.168.1.201, so you don't have to fiddle with your LEAF settings at all.)
Third, the "Operation not permitted" is sometimes a bit tricky to interpret, but in this case it almost surely means that the iptables firewall is blocking sending of the packets. Why it is doing so is not apparent; possibly you didn't tell Shorewall you are running a DHCP server, so they get caught by a rule that blocks DHCP packets. The truly odd thing is that, from your report, it only happens *sometimes* ... and the miscellany of log messages you included seem to confirm the "sometimes"-ness of the behavior. A Shorewall expert is going to have to comment on that one.
At 09:10 PM 7/31/2003 -0400, Sean Vincent wrote:
Maybe I don't have a problem, but at the very least, I hope my firewall logs don't have to fill up with rejected packets due to this issue. I have a replayTV 4k. These things have an awful dhcp implementation. They work most reliably when configured for a static IP but they still send out dhcp requests and sometimes forget their ip address or even appear to assume two different ip addresses at times. LEAF has actually been a godsend in that I can put a host line in dhcp.conf:
host replay (hardware ethernet 00:80:45:31:16:26; fixed-address 192.168.1.1;}
to force the replay to maintain it's address. I also remove 192.168.1.1 from the range of available dhcp addresses to assign. (the default range statement is changed to 192.168.1.2 192.168.1.199)
But it looks like something isn't quite right.
daemon.log looks like this sometimes:
Jul 31 15:37:24 firewall dhcpd: DHCPREQUEST for 192.168.1.1 from 00:80:45:31:16:26 via eth1
Jul 31 15:37:24 firewall dhcpd: DHCPACK on 192.168.1.1 to 00:80:45:31:16:26 via eth1
Jul 31 15:37:24 firewall dhcpd: send_packet: Operation not permitted
[repeat last three lines ~30 times], and then:
Jul 31 21:37:43 firewall dhcpd: DHCPDISCOVER from 00:80:45:31:16:26 via eth1
Jul 31 21:37:43 firewall dhcpd: DHCPOFFER on 192.168.1.1 to 00:80:45:31:16:26 via eth1
Jul 31 21:37:48 firewall dhcpd: DHCPREQUEST for 192.168.1.1 from 00:80:45:31:16:26 via eth1
Jul 31 21:37:48 firewall dhcpd: DHCPACK on 192.168.1.1 to 00:80:45:31:16:26 via eth1
Jul 31 21:39:40 firewall dhcpd: DHCPDISCOVER from 00:80:45:31:16:26 via eth1
Jul 31 21:39:40 firewall dhcpd: DHCPOFFER on 192.168.1.1 to 00:80:45:31:16:26 via eth1
Jul 31 21:39:45 firewall dhcpd: DHCPREQUEST for 192.168.1.1 from 00:80:45:31:16:26 via eth1
Jul 31 21:39:45 firewall dhcpd: DHCPACK on 192.168.1.1 to 00:80:45:31:16:26 via eth1
Jul 31 21:39:46 firewall dhcpd: DHCPRELEASE of 192.168.1.1 from 00:80:45:31:16:26 via eth1 (not found)
and shorewall.log has lots of these:
Jul 31 06:59:26 firewall Shorewall:all2all:REJECT: IN=eth1 OUT= MAC=00:10:b5:0d:ff:b8:00:80:45:31:16:26:08:00 SRC=192.168.1.1 DST=192.168.1.254 LEN=280 TOS=00 PREC=0x00 TTL=64 ID=7166 PROTO=UDP SPT=68 DPT=67 LEN=260
Jul 31 06:59:36 firewall Shorewall:all2all:REJECT: IN= OUT=eth1 MAC=08:00:2b:e6:e4:3d:00:04:28:27:24:54:08:00 SRC=192.168.1.254 DST=192.168.1.1 LEN=328 TOS=00 PREC=0x00 TTL=64 ID=30051 DF PROTO=UDP SPT=67 DPT=68 LEN=308
I think I can figure out how to add a rule to stop shorewall from rejecting the bootpc and bootps packets. I just want to be sure they are safe to ignore. Are "operation not permitted" and "not found" just annoying or a sign of something bad?
------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
