Re: [leaf-user] RE: Stopping DHCPD logging
On Friday 17 January 2003 11:37, Brock Nanson wrote: The correct solution is to specify the 'dhcp' in /etc/shorewall/interfaces for the interface(s) being served by dhcpd. I haven't done this. I'll try it. So far, it seems to be doing its thing. It's gone for 10 minutes without logging a message (whereas it used to do it evert minute before). As for the DHCPD leases... there are a few things that I left out of my original mail. My really big bad. -Two of the machines on my interface are actually statically issued based on the MAC address using the host option. So if I for-sure wanted it to stop, I could change all of my machines that use the static IP to... well, a static IP. However I don't want to do this because I often swap around the network connections on my machines and it's easier to handle the changes if you use DHCP. As for the leases, I had a max lease of 2 weeks but no default lease specified. That will likely make a difference as well. -I am using Bering, so everything that Brock and Tom said has been applicable so far. I have a feeling that the problem will go away now. Thanks everyone! -- -- Arcana Dreams may be in sleep, or may occur waking. In all cases, listen to your dreams. --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] RE: Stopping DHCPD logging
--On Thursday, January 16, 2003 4:52 PM -0800 Brock Nanson [EMAIL PROTECTED] wrote: Googling suggested that this was a firewall issue so I played about with that for a while - finally got it to stop by adjusting the Shorewall rules to ACCEPT UDP 67 and 68 between the Bering box and my LAN. The correct solution is to specify the 'dhcp' in /etc/shorewall/interfaces for the interface(s) being served by dhcpd. -Tom Ah, that might be the problem. I looked at my interfaces file and saw that my LAN interface did NOT have this enabled, however, the note at the beginning of the interfaces file says that the DHCP setting is used if the interface is managed by DHCP. I took the 'managed' term to imply that the interface gets an address via DHCP, not that it serves DHCPD. As well, I was always able to get an IP without this entry - I just got the errors described in the original poster's message when a lease renewal was required. I will try changing this setting tonight, although I'm betting the 'dhcp' entry just does what I did manually...(?) Brock --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] RE: Stopping DHCPD logging
--On Friday, January 17, 2003 8:37 AM -0800 Brock Nanson [EMAIL PROTECTED] wrote: --On Thursday, January 16, 2003 4:52 PM -0800 Brock Nanson [EMAIL PROTECTED] wrote: Googling suggested that this was a firewall issue so I played about with that for a while - finally got it to stop by adjusting the Shorewall rules to ACCEPT UDP 67 and 68 between the Bering box and my LAN. The correct solution is to specify the 'dhcp' in /etc/shorewall/interfaces for the interface(s) being served by dhcpd. -Tom Ah, that might be the problem. I looked at my interfaces file and saw that my LAN interface did NOT have this enabled, however, the note at the beginning of the interfaces file says that the DHCP setting is used if the interface is managed by DHCP. The interfaces file that I release says: # dhcp - interface is managed by DHCP or used by -- #a DHCP server running on the firewall or - #you have a static IP but are on a LAN #segment with lots of Laptop DHCP clients. # What version of Shorewall do you have? I took the 'managed' term to imply that the interface gets an address via DHCP, not that it serves DHCPD. As well, I was always able to get an IP without this entry - I just got the errors described in the original poster's message when a lease renewal was required. I will try changing this setting tonight, although I'm betting the 'dhcp' entry just does what I did manually...(?) It adds those rules but much earlier in the rule gauntlett. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: teastep \ http://shorewall.sf.net ICQ: #60745924 \ [EMAIL PROTECTED] --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] RE: Stopping DHCPD logging
Hi Tom, You asked what version I'm running... Not too sure - I don't have access to the box at the moment. However, the snippet you included in your message to the list jogged my memory. I was working on doing something along the lines of WISP-Dist for a local group a year or so ago and was chasing every bit of disk space possible. I recall editing some configuration files to remove some of the 'wordy' explanatory text... This file must have been one of them and the .lrp must have eventually been added to my home's LEAF compact flash system. So, I apologize for hearing the hoofbeats and going off on a zebra hunt ;-) (and wasting your time to boot). The good news is I solved the problem! ;-) But I still don't know how I was able to get the lease in the first place! Sheepishly, Brock The interfaces file that I release says: # dhcp - interface is managed by DHCP or used by -- #a DHCP server running on the firewall or - #you have a static IP but are on a LAN #segment with lots of Laptop DHCP clients. # What version of Shorewall do you have? I took the 'managed' term to imply that the interface gets an address via DHCP, not that it serves DHCPD. As well, I was always able to get an IP without this entry - I just got the errors described in the original poster's message when a lease renewal was required. I will try changing this setting tonight, although I'm betting the 'dhcp' entry just does what I did manually...(?) It adds those rules but much earlier in the rule gauntlett. -Tom --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] RE: Stopping DHCPD logging
--On Friday, January 17, 2003 01:31:45 PM -0800 Brock Nanson [EMAIL PROTECTED] wrote: The good news is I solved the problem! ;-) But I still don't know how I was able to get the lease in the first place! I don't know either -- sometime when I'm bored, I'll look into it since I've seen similar things before. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline,\ http://www.shorewall.net Washington USA \ [EMAIL PROTECTED] --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] RE: Stopping DHCPD logging
Hello, I get a LOT of the following in my syslog: Jan 16 23:27:38 firewall dhcpd: DHCPREQUEST for 192.168.1.2 from=20 00:80:c6:f8:62:c6 via eth1 Jan 16 23:27:38 firewall dhcpd: DHCPACK on 192.168.1.2 to 00:80:c6:f8:62:c6= =20 via eth1 Jan 16 23:27:38 firewall dhcpd: send_packet: Operation not permitted Jan 16 23:27:59 firewall dhcpd: DHCPREQUEST for 192.168.1.1 from=20 00:e0:29:2c:ba:6d via eth1 Jan 16 23:27:59 firewall dhcpd: DHCPACK on 192.168.1.1 to 00:e0:29:2c:ba:6d= =20 via eth1 Jan 16 23:27:59 firewall dhcpd: send_packet: Operation not permitted Jan 16 23:28:42 firewall dhcpd: DHCPREQUEST for 192.168.1.2 from=20 00:80:c6:f8:62:c6 via eth1 Jan 16 23:28:42 firewall dhcpd: DHCPACK on 192.168.1.2 to 00:80:c6:f8:62:c6= =20 via eth1 Jan 16 23:28:42 firewall dhcpd: send_packet: Operation not permitted I suppose that I could simply change the two target machines to use static = IPs=20 but I'd prefer not to do that, since DHCP is more portable for various=20 network configurations. However my logs are all filled up with this and I'd really like it to stop.= =20 The DHCPD package offers no visible options for logging. The DHCPD man pag= es=20 do mention a little bit about logging: the -d option to log to stdout. Thi= s=20 means that there is one apparent way to stop logging: 1) Edit init.d script 2) In the line to start dhcpd, type: dhcpd -d 21 /dev/null but that doesn't seem so nice. Any other ideas? Thank you, =2D-=20 =2D- Arcana You don't say what LEAF variant you are running. However, I saw this problem with my Bering box (early version, don't recall which one, probably RC2 or 3). Googling suggested that this was a firewall issue so I played about with that for a while - finally got it to stop by adjusting the Shorewall rules to ACCEPT UDP 67 and 68 between the Bering box and my LAN. The workstation that was operating through all the experimentation was trying to renew the IP every 64 seconds, and the message you see was being logged in daemon.log each time. Made for long logs. I tried UDP 67 first without effect, then tried 68 next. The next time the workstation made the attempt the log showed it to be successful and I haven't seen anything from this workstation since except after the normal interval. Odd that an IP is obtained at boot, but the renewal had issues without this rule change... Does anyone know if the original request is dealt with on different ports than the renewal? Brock --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] RE: Stopping DHCPD logging
--On Thursday, January 16, 2003 4:52 PM -0800 Brock Nanson [EMAIL PROTECTED] wrote: Googling suggested that this was a firewall issue so I played about with that for a while - finally got it to stop by adjusting the Shorewall rules to ACCEPT UDP 67 and 68 between the Bering box and my LAN. The correct solution is to specify the 'dhcp' in /etc/shorewall/interfaces for the interface(s) being served by dhcpd. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: teastep \ http://shorewall.sf.net ICQ: #60745924 \ [EMAIL PROTECTED] --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] RE: Stopping DHCPD logging
--On Thursday, January 16, 2003 7:12 PM -0800 Tom Eastep [EMAIL PROTECTED] wrote: The correct solution is to specify the 'dhcp' in /etc/shorewall/interfaces for the interface(s) being served by dhcpd. I of course meant the 'dhcp' option -- -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: teastep \ http://shorewall.sf.net ICQ: #60745924 \ [EMAIL PROTECTED] --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html