On Mon, 27 Jan 2003, Bill Moran wrote:
> This is crazy. There is no sane way that anyone can give you rules for
> this without knowing the rest of your firewall rules. Amoung other things,
> _where_ you place the rules in the list, and what other rules that may
> match DCHP traffic are critical
$cmd allow 00010 udp from any to me 67 in via $iif
$cmd allow 00020 udp from me 68 to any out via $iif
Assuming that $iif is your interface and that dhcpd is running on the
dhcpd server.
Steve
Warren Block wrote:
Can someone post a set of ipfw rules to allow DHCP to work on the inside
interfac
Warren Block wrote:
On Sun, 26 Jan 2003, Brian McCann wrote:
You need to allow UDP ports 67&68 for full DHCP support, in both
directions...so
"ipfw add allow any 67 to any any via int out"
"ipfw add allow any 67 to any any via int in"
"ipfw add allow any 68 to any any via int out"
"ipfw ad
On Sun, Jan 26, 2003 at 10:00:27PM -0700, Warren Block wrote:
>
> ${fwcmd} add pass udp from any 67,68 to any via ${iif}
>
> But I'm not seeing any counts on that rule when a notebook client tries
> for a DHCP lease, and the client never gets a lease.
What deny rules do you have above that point
On Sun, Jan 26, 2003 at 08:58:08PM -0700, Warren Block wrote:
> Can someone post a set of ipfw rules to allow DHCP to work on the inside
> interface
ipfw add allow udp from any 67-68 to any via ${iif}
for some value of iif
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebs
On Sun, 26 Jan 2003, Brian McCann wrote:
> You need to allow UDP ports 67&68 for full DHCP support, in both
> directions...so
>
> "ipfw add allow any 67 to any any via int out"
> "ipfw add allow any 67 to any any via int in"
> "ipfw add allow any 68 to any any via int out"
> "ipfw add allow an
You need to allow UDP ports 67&68 for full DHCP support, in both
directions...so
"ipfw add allow any 67 to any any via int out"
"ipfw add allow any 67 to any any via int in"
"ipfw add allow any 68 to any any via int out"
"ipfw add allow any 68 to any any via int in"
Something like that should
