dhclient send_packet: Permission denied

[natharran]

Hi guys,

I'm having an odd issue. My ipfw() script contains:

...
ipfw -q add 1110 allow udp from $dhcp 67,68 to any in via $outer keep-state
...
ipfw -q add 2210 allow udp from any to $dhcp out via $outer keep-state
...

but dmesg -a shows:

Oct 15 01:24:32 universe dhclient[686]: send_packet: Permission denied
Oct 15 01:28:03 universe last message repeated 11 times
Oct 15 01:38:50 universe last message repeated 7 times

every ca. 9 minutes. The Internet connection works OK all the time event after a reboot - I get an IP address without problems but I don't understand what dhclient() is still trying to do, nor how to prevent this.

Could you help please?

 

[SirDice]

It looks like it doesn't accept any broadcasts. The initial DHCP request is sent to 255.255.255.255 and your rules don't seem to allow that.

 

[natharran]

The initial DHCP request is sent to 255.255.255.255

Thank you for your reply. I added

ipfw -q add 2208 allow udp from any to 255.255.255.255 67,68 out via $outer keep-state

but the log still says

Oct 15 01:24:32 universe dhclient[686]: send_packet: Permission denied

from time to time.

When setting firewall rules, I followed the documentation, specifically

# Allow access to ISP's DHCP server for cable/DSL configurations.
# Use the first rule and check log for IP address.
# Then, uncomment the second rule, input the IP address, and delete the first rule
$cmd 00120 allow log udp from any to any 67 out via $pif keep-state
#$cmd 00120 allow udp from any to x.x.x.x 67 out via $pif keep-state

I believe the documentation doesn't say anything about broadcast needed to be allowed all the time. Does this mean I'll be getting those messages forever? Or should I just not log them?

 

[adrian@]

Which version of FreeBSD? There's a recent fix to FreeBSD -HEAD that fixed an issue with RAW IP injection and it was noticed because of dhclient errors.