Re: pflog0 question

2006-08-04 Thread Bill Moran 
In response to Beni [EMAIL PROTECTED]:

 Hi all,
 
 Does pflog0 need to get an ip-address from dhcp ? From what I can see in 
 dmesg, pflog0 can't get one (vr0 does) but pflog0 seems to be up and running 
 (same for pf and pflogd).
 
 So how do I get an address for pflog0 (if needed) ? I'm using 6.1-STABLE.

I'm confused as to why you would _want_ to have an IP on pflog0.

It's just a pseudo-interface for using tcpdump to view pflogd's activity.
I can't see any benefit to assigning an IP to it.

If you do have a legit need to do so, you're going to have to assign it
a static.  Since it's not a real interface, it has no network connectivity,
and thus can't talk to any DHCP servers.

-- 
Bill Moran
Collaborative Fusion Inc.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: pflog0 question

2006-08-04 Thread Alex Zbyslaw 

Beni wrote:


Hi all,

Does pflog0 need to get an ip-address from dhcp ? From what I can see in 
dmesg, pflog0 can't get one (vr0 does) but pflog0 seems to be up and running 
(same for pf and pflogd).


So how do I get an address for pflog0 (if needed) ? I'm using 6.1-STABLE.

From dmesg :

[...]
DHCPREQUEST on vr0 to 255.255.255.255 port 67
DHCPNAK from 192.168.1.1
DHCPDISCOVER on vr0 to 255.255.255.255 port 67 interval 5
DHCPOFFER from 192.168.1.1
DHCPREQUEST on vr0 to 255.255.255.255 port 67
DHCPACK from 192.168.1.1
bound to 192.168.1.100 -- renewal in 86400 seconds.
DHCPDISCOVER on pflog0 to 255.255.255.255 port 67 interval 5
send_packet: Input/output error
DHCPDISCOVER on pflog0 to 255.255.255.255 port 67 interval 14
send_packet: Input/output error
DHCPDISCOVER on pflog0 to 255.255.255.255 port 67 interval 18
send_packet: Input/output error
DHCPDISCOVER on pflog0 to 255.255.255.255 port 67 interval 18
send_packet: Input/output error
DHCPDISCOVER on pflog0 to 255.255.255.255 port 67 interval 6
send_packet: Input/output error
No DHCPOFFERS received.
No working leases in persistent database - sleeping.

lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384
   inet6 ::1 prefixlen 128
   inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
   inet 127.0.0.1 netmask 0xff00
vr0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
   inet6 fe80::20c:76ff:fec2:2cb7%vr0 prefixlen 64 scopeid 0x1
   inet 192.168.1.100 netmask 0xff00 broadcast 192.168.1.255
   ether 00:0c:76:c2:2c:b7
   media: Ethernet autoselect (100baseTX full-duplex)
   status: active
pflog0: flags=41UP,RUNNING mtu 33208
   inet 0.0.0.0 netmask 0xff00
Enabling pflogd
.
Aug  4 12:00:04 pflogd[310]: [priv]: msg PRIV_OPEN_LOG received
Enabling pf.
pf enabled
[...]


In my /etc/pf.conf I have :
pass in quick on $ext_if inet proto udp from any to any port { 67, 68 }

The /var/db/dhclient.leases.pflog0 is an empty file, 0 bytes whereas 
dhclient.leases.vr0 is 730 kb.
 


Disclaimer, I do not use pflog.  But the manual page just says to do:

# ifconfig pflog0 up
# tcpdump -n -e -ttt -i pflog0

No mention of IP addresses at all, let alone DHCP.

I also have 
ifconfig_pflog0=DHCP 
in my /etc/rc.conf.


 

It's trying to get a DHCP address because you have told it to, right 
here.  Try commenting this line out and rebooting (yes, there probably 
is a way to do it with rc scripts; feel free to investigate :-).  Or 
just try ifconfig pflog0 down; ifconfig pflog0 up but it may try and 
remember your DHCP setting).


--Alex





___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: pflog0 question

2006-08-04 Thread Darrin Chandler 
On Fri, Aug 04, 2006 at 02:26:49PM +0200, Beni wrote:
 Hi all,
 
 Does pflog0 need to get an ip-address from dhcp ? From what I can see in 
 dmesg, pflog0 can't get one (vr0 does) but pflog0 seems to be up and running 
 (same for pf and pflogd).
 
 So how do I get an address for pflog0 (if needed) ? I'm using 6.1-STABLE.

You can't have an address on pflog0, and shouldn't be trying. It is just
a pseudo device to let you use tcpdump in real time (or close to it) on
what is logged by pflogd.

-- 
Darrin Chandler|  Phoenix BSD Users Group
[EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]