I have an issue that may or may not be shorewall related but I would like another opinion. My interface connected to the internet is eth2. The IP for this interface is dynamically assigned by my ISP. My current IP on this interface belongs to the 68.106.224.0/19 network. When I look at the IP address of the DHCP server that assigned eth2''s IP I see 172.19.73.31 . What I am wondering is if shorewall is going to block subsequent DHCP renewals attempts because the 172.19.73.31 is non-routable (public) through the interface connected to the internet. I am basically seeing these types of errors in the logs: Mar 8 18:11:05 firewall dhclient: DHCPREQUEST on eth2 to 172.19.73.31 port 67 (xid=0x58ce2d0) Mar 8 18:11:05 firewall dhclient: send_packet: Network is unreachable Mar 8 18:11:06 firewall dhclient: send_packet: please consult README file regarding broadcast address. I am attaching a shorewall dump in case it is helpful. Thank You. Scott ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/
Scott Ruckh wrote:>My interface connected to the internet is eth2. The IP for this >interface is dynamically assigned by my ISP. My current IP on this >interface belongs to the 68.106.224.0/19 network. When I look at >the IP address of the DHCP server that assigned eth2''s IP I see 172.19.73.31 . > >What I am wondering is if shorewall is going to block subsequent >DHCP renewals attempts because the 172.19.73.31 is non-routable >(public) through the interface connected to the internet.Yes. You need to allow traffic out to the server. What will happen in practice is that your connection will work even if you do block traffic to the 172.16/12 network. When your client is unable to renew the lease via unicast packets and the lease is getting close to renewal, then the client should start using broadcast packets. The broadcast packets won''t be blocked and so your client will be able to renew it''s lease. So things will still work, but it''ll be less resilient and you''ll get all those error messages. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/
On 03/09/2012 07:36 AM, Scott Ruckh wrote:> I have an issue that may or may not be shorewall related but I would like another opinion. > > My interface connected to the internet is eth2. The IP for this interface is dynamically assigned by my ISP. My current IP on this interface belongs to the 68.106.224.0/19 network. When I look at > the IP address of the DHCP server that assigned eth2''s IP I see 172.19.73.31 . > > What I am wondering is if shorewall is going to block subsequent DHCP renewals attempts because the 172.19.73.31 is non-routable (public) through the interface connected to the internet. > > I am basically seeing these types of errors in the logs: > > Mar 8 18:11:05 firewall dhclient: DHCPREQUEST on eth2 to 172.19.73.31 port 67 (xid=0x58ce2d0) > Mar 8 18:11:05 firewall dhclient: send_packet: Network is unreachable > Mar 8 18:11:06 firewall dhclient: send_packet: please consult README file regarding broadcast address. > > I am attaching a shorewall dump in case it is helpful. >According to that dump, Shorewall is not blocking the request. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/