[Firehol-support] Re: DHCP Log Messages - Please HELP!

Daniel Pittman daniel at rimspace.net
Wed Aug 24 04:43:05 BST 2005


cougar <c0ugar7i8 at comcast.net> writes:
>> cougar <c0ugar7i8 at comcast.net> writes:
>>
>>> I've been using Firehol on Debian for 3-4 weeks and I'm deeply
>>> troubled by this issue.
>>>
>>> I'm using ULOG for my logging. My syslogemu.log is filled up with the
>>> following lines...
>>>
>>> Aug 23 16:13:33 mercury IN-world: IN=eth1 OUT=
>>> MAC=ff:ff:ff:ff:ff:ff:00:01:5c:22:31:c2:08:00  SRC=10.125.144.1
>>> DST=255.255.255.255
>>> LEN=355 TOS=00 PREC=0x00 TTL=64 ID=15592 PROTO=UDP SPT=67 DPT=68
>>> LEN=335
>>>
>>
>> So, firehol logs all the DHCP broadcast messages to your logs.
>>
>> [...]
>>
>>
>>> These requests come every 3-7 seconds.
>>>
>>
>> You might consider setting your DHCP server to have a longer timeout,
>> or if eth1 is connected to your ADSL modem, just adding a 'client
>> dhcp accept' statement and the '255.255.255.255/32' address as a
>> valid target address on that interface.
>
> How do I do this exactly. My eth1 is in fact set up to grab an IP
> automatically from my ISP, which is Comcast. My eth0 is set up to
> distribute IPs to my local machines on my network.

Note:  you shouldn't need to specify the paths to the various tools in
your firehol.conf file under Debian.  They just work out of the box...

Anyway, just add a 'client dhcp accept' and a 'server dhcp drop'
statement under 'interface eth1 ...' in the configuration file.

That should do what you want, in general.

[...]

> If I use 'client dhcp drop', will that prevent my Linux box from  
> grabbing an IP?

Nope - the dhcp client uses "raw sockets" to access the network, so it
bypassed the firewall entirely, for better or worse.

         Daniel






More information about the Firehol-support mailing list