Shorewall users - Jun 2002 - DHCP problem

Hi there !

After uppgrading to version 1.3.1 (with errata) I notice strange problem...
Firewall block some kind of DHCP traffic, not all because DHCP works, new 
stations receive IPs.  I suppose it is when renewing lease. DHCP serwer is 
complain about "Operation not permitted"

#Sample from /var/log/messages
Jun 15 18:45:35 firebat dhcpd: DHCPREQUEST for 192.168.1.12 from 
00:02:b3:48:ae:4c via eth1
Jun 15 18:45:35 firebat dhcpd: DHCPACK on 192.168.1.12 to 00:02:b3:48:ae:4c 
via eth1
Jun 15 18:45:35 firebat dhcpd: send_packet: Operation not permitted
Jun 15 18:45:35 firebat kernel: Shorewall:all2all:REJECT:IN= OUT=eth1 
SRC=192.168.1.1 DST=192.168.1.12 LEN=336 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF 
PROTO=UDP SPT=67 DPT=68 LEN=316
Jun 15 18:45:56 firebat kernel: Shorewall:all2all:REJECT:IN=eth1 OUT= 
MAC=00:04:76:1a:98:0c:00:02:b3:95:a0:3e:08:00 SRC=192.168.1.20 
DST=192.168.1.1 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=55469 PROTO=UDP SPT=68 
DPT=67 LEN=556

Of course in interfaces file i have option dhcp on

#Here is sample
inplast eth2            192.168.2.255   dhcp
isp     eth3            192.168.3.255   dhcp
-       eth4            192.168.6.255   multi
loc     eth1            192.168.1.255   dhcp,routestopped
#

I''m using ISC DHCP version 3.0pl1

Before works uppgrade fine -- in version 1.2.9

Any suggestions ?

Raf

--
Rafa³ Dutko
MCCNet Sp. z o.o.
email: rafal.dutko@mccnet.pl

On Sat, 15 Jun 2002, [iso-8859-2] Rafa³ Dutko wrote:
> Hi there !
> 
> After uppgrading to version 1.3.1 (with errata) I notice strange problem...
> Firewall block some kind of DHCP traffic, not all because DHCP works, new 
> stations receive IPs.  I suppose it is when renewing lease. DHCP serwer is 
> complain about "Operation not permitted"
> 
> #Sample from /var/log/messages
> Jun 15 18:45:35 firebat dhcpd: DHCPREQUEST for 192.168.1.12 from 
> 00:02:b3:48:ae:4c via eth1
> Jun 15 18:45:35 firebat dhcpd: DHCPACK on 192.168.1.12 to 00:02:b3:48:ae:4c
> via eth1
> Jun 15 18:45:35 firebat dhcpd: send_packet: Operation not permitted
> Jun 15 18:45:35 firebat kernel: Shorewall:all2all:REJECT:IN= OUT=eth1 
> SRC=192.168.1.1 DST=192.168.1.12 LEN=336 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF 
> PROTO=UDP SPT=67 DPT=68 LEN=316
> Jun 15 18:45:56 firebat kernel: Shorewall:all2all:REJECT:IN=eth1 OUT= 
> MAC=00:04:76:1a:98:0c:00:02:b3:95:a0:3e:08:00 SRC=192.168.1.20 
> DST=192.168.1.1 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=55469 PROTO=UDP SPT=68
> DPT=67 LEN=556
> 
> Of course in interfaces file i have option dhcp on
> 
> #Here is sample
> inplast eth2            192.168.2.255   dhcp
> isp     eth3            192.168.3.255   dhcp
> -       eth4            192.168.6.255   multi
> loc     eth1            192.168.1.255   dhcp,routestopped
> #
> 
> I''m using ISC DHCP version 3.0pl1
> 
> Before works uppgrade fine -- in version 1.2.9
> 
> Any suggestions ?
> 
> Raf
Please send me the output from "shorewall status".

Thanks,
-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net