[Shorewall-users] Weird possible shorewall issue (DHCP/ISP)

[Scott Ruckh]

I am not sure this is even a shorewall issue, but I will see if anyone can 
offer any advice.

I have a multi-interface configuration where interface, eth2, is the interface 
connected to ISP and is the default gateway in my environment.  The IP for this 
interface is assigned via dhcpclient from ISP’s DHCP server.  When an IP 
address is successfully assigned, the following messages show up in 
/var/log/messages :

Sep 25 18:46:37 firewall dhclient: DHCPREQUEST on eth2 to 172.19.73.31 port 67 
(xid=0x7620baf8)
Sep 25 18:46:37 firewall dhclient: DHCPACK from 172.19.73.31 (xid=0x7620baf8)
Sep 25 18:46:37 firewall dhclient: bound to a.b.c.d -- renewal in 34555 
seconds.        <--- bound address changed to protect the innocent.

Ok, at this point everything is fine and is working as expected.

In my /var/lib/dhclient/dhclient-eth2.leases I have this in the configuration 
(received from ISP/DHCP server; not my configuration):

option dhcp-server-identifier 172.19.73.31;

The problem is this...

Between the times when a DHCP lease is successfully obtained, like above, the 
following messages show up in /var/log/messages (every minute).

Sep 26 09:54:44 firewall dhclient: DHCPREQUEST on eth2 to 172.19.73.31 port 67 
(xid=0xa2a4686)
Sep 26 09:54:44 firewall dhclient: send_packet: Network is unreachable
Sep 26 09:54:44 firewall dhclient: send_packet: please consult README file 
regarding broadcast address.

These messages do not lead to anything breaking as far as network is concerned, 
but it is definitely flooding the logs and is annoying.

Out in internet-land I came across this as a possible solution 
(http://bit.ly/VJ1yLQ)

iptables -t nat -A OUTPUT -d 10.0.0.0/255.0.0.0 -o eth1 -p udp -m udp --dport 
67 -j DNAT --to-destination 255.255.255.255

Obviously the IPs used above do not match my environment, but this is the line 
the was used in the example.

This comes to why I am posting in the shorewall forum.

I was wondering if this is a solution I should pursue, and if so, what is the 
correct way to add the iptables command using shorewall.

Thank you for reading.

------------------------------------------------------------------------------
How fast is your code?
3 out of 4 devs don\\\'t know how their code performs in production.
Find out how slow your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219672;13503038;z?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users