Hello all, I'm trying to reconfigure a more restrictive packet filtering firewall for my home network but am running into some trouble. When I run dhclient dc0 at an attempt to obtain an IP address from my ISP I receive the normal:
DHCPREQUEST on dc0 to 255.255.255.255 port 67 DHCPDISCOVER on dc0 to 255.255.255.255 port 67 DHCPDISCOVER eventually fails after the fourth or fifth try. When I run tcpdump at the same time as dhclient dc0 I receive the following arp requests. The 70.xxx.xxx.x is my gateway I'm trying to communicate with. 14:59 arp who-has 7.x.xxx.xxx tell 70.xxx.xxx.x ... I see about 3-400 of these. Here is a partial excerpt of my pf.conf with what I believe to be the most relevant sections needed to obtain an ISP on the WAN nic. pass out on $ext_if proto tcp from any to x.x.x.x port 53 keep state pass out on $ext_if proto udp from any to x.x.x.x port 53 keep state The above lines are duplicated as I have two nameservers that I am able to use. To contact my ISPs DHCP I use the following pass out on $ext_if proto udp from any to x.x.x.x port 68 keep state pass in on $ext_if from x.x.x.x to any port 68 keep state I also seem to be having a problem with the same NAT directive I've used on less restrictive firewalls. nat on $ext_if from $int_if:network to any -> ($ext_if) Any help is greatly appreciated Reagrds, Gardner _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
