[Firewall] (1.8.8o) DSL modem doing DHCP: broadcasts are blocked

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Tue Mar 17 11:00:15 CET 2009


I've just fixed this in the new modem plugin, give the one that comes 
with the upcoming 1.9.0c a try.... (or grab it from the development-section)

a.

d9s9e-aif at yahoo.de wrote:
> Sorry, been busy...
> 
> Anyway, MODEM_IF="eth1", MODEM_IP not set (the Modem ought to do DHCP) and the cases are:
> 
> A) MODEM_INTERNAL_NET is set, MODEM_IF_IP not
> 
> Generated Rules:
> -A INPUT -i eth1 -j ACCEPT 
> -A INPUT -i eth1 -m limit --limit 1/sec -j LOG --log-prefix "Dropped MODEM packet: " --log-level 6 
> -A INPUT -i eth1 -j DROP 
> 
> -> No Log message
> 
> B) Both set (MODEM_IF_IP="XXX.XXX.XXX.XXX")
> 
> Rules:
> -A INPUT -d XXX.XXX.XXX.XXX/32 -i eth1 -j ACCEPT 
> -A INPUT -i eth1 -m limit --limit 1/sec -j LOG --log-prefix "Dropped MODEM packet: " --log-level 6 
> -A INPUT -i eth1 -j DROP 
> 
> -> Log messages:
> 
> Dropped MODEM packet: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:XX:XX:XX:XX:XX:XX:XX:XX SRC=0.0.0.0 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=0 PROTO=UDP SPT=68 DPT=67 LEN=556 
> 
> Does this help?
> 
> Dirk.
> 
> 
> --- Arno van Amersfoort <arnova at rocky.eld.leidenuniv.nl> schrieb am Mo, 23.2.2009:
> 
>> Von: Arno van Amersfoort <arnova at rocky.eld.leidenuniv.nl>
>> Betreff: Re: [Firewall] (1.8.8o) DSL modem doing DHCP: broadcasts are blocked
>> An: d9s9e-aif at yahoo.de, "Arno's IPTABLES firewall script" <firewall at rocky.eld.leidenuniv.nl>
>> Datum: Montag, 23. Februar 2009, 20:45
>> Could you please provide a snippet of
>> the log showing the problem? Fixing it should be trivial in
>> that way....
>>
>> a.
>>
>> d9s9e-aif at yahoo.de
>> wrote:
>>> Hi,
>>>
>>> I have version 1.8.8o installed (from Debian Lenny)
>> and my modem is trying to do DHCP using the broadcast
>> address 255.255.255.255 but the firewall blocks it (Dropped
>> MODEM packed). I'd like to use the MODEM_IF_IP and
>> MODEM_INTERNAL_NET settings (which cause this 'problem')
>> because providers already had misconfigured their stuff so
>> you could eventually see your neighbours PCs on the DSL
>> interface.
>>> If you could consider this case in some future
>> version, I'd be gratefull.
>>> Thanks,
>>> Dirk.
>>>
>>>
>>>    
>>    _______________________________________________
>>> Firewall mailing list
>>> Firewall at rocky.eld.leidenuniv.nl
>>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>>> Arno's (Linux IPTABLES Firewall) Homepage:
>>> http://rocky.eld.leidenuniv.nl
>>>
>> -- Arno van Amersfoort
>> E-mail    : arnova at rocky.eld.leidenuniv.nl
>> Donations are welcome through Paypal!
>> ---------------------------------------------------------------------------
>> Arno's (Linux IPTABLES Firewall) Homepage:
>> http://rocky.eld.leidenuniv.nl
>>
> 
> 
>       
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
> 

-- 
Arno van Amersfoort
E-mail    : arnova at rocky.eld.leidenuniv.nl
Donations are welcome through Paypal!
---------------------------------------------------------------------------
Arno's (Linux IPTABLES Firewall) Homepage:
http://rocky.eld.leidenuniv.nl


More information about the Firewall mailing list