On Wed, Sep 16, 2009 at 4:21 PM, Charles Curley <[email protected]> wrote: > I use Ubuntu 9.04 and virt-manager-0.6.1-1ubuntu4--i386 to run > virtual machines using kvm and ubuntu 9.10 alpha 5 and finix 93. I have > both virtual machines running nicely, with one exception. If I have > firestarter's firewall running, the VMs cannot get DHCP offers. I can > run "dhclient eth0" manually, and see the dhcp discover packets logged > to the console. If I then remove all the firewalling (ctl-p in the > firestarter GUI), the VM immediately gets an offer. Internet connection > sharing is enabled. I have tried adding a rule to admit packets on the > two DHCP ports for network 255.255.255.0/24, but that has not worked. > > I use firestarter on other machines on my network, two of which are > DHCP servers for the network. The main difference between those and the > VMs is that they operate DHCP over eth0, and the VMs use a virtual > network. The host sees that network on device virbr0.
DHCP Offer packets come from the DHCP server, not from the broadcast address. It is best to simply allow all traffic going out on port udp/67, and all traffic coming in on port udp/68. I'm not sure how firestarter works, but if you must specify a source IP/network, it should be "any", "all", or 0.0.0.0/0. You could use your local network for the overly conservative, or only the DHCP server itself for the ultra paranoid that like to do unnecessary maintenance and troubleshooting. --lonnie /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
