It was my IPF rules. I was eating the UDP packets. Thx all! Gerald Combs wrote: >My /var/db/dhclient.leases says: > >lease { > interface "rl1"; > fixed-address 65.26.108.252; > option subnet-mask 255.255.254.0; > option routers 65.26.108.1; > option domain-name-servers 24.94.163.165,24.94.163.113,24.94.163.33; > option host-name "dhcp-291-59"; > option domain-name "kc.rr.com"; > option broadcast-address 255.255.255.255; > option dhcp-lease-time 86400; > option dhcp-message-type 5; > option dhcp-server-identifier 24.94.163.113; > renew 3 2001/12/5 08:10:55; > rebind 3 2001/12/5 17:10:55; > expire 3 2001/12/5 20:10:55; >} > >I have > >pass in quick on rl1 proto udp from 24.0.0.0/8 to any port = bootpc > >in my ipf.rules. I'm also running a DNS server on my firewall, so my >inside machines don't have to worry about Road Runner's DNS server >addresses. > > >On Tue, 4 Dec 2001, Marvin Bellamy wrote: > >>Might be my ipf.rules are blocking DHCP/UDP packets which wouldn't have >>been a problem with DSL. I'll have to confirm this. Anyone know the IP >>of the RR DHCP server? >> >>Marvin Bellamy wrote: >> >>>In-line comments... >>> >>>ndr wrote: >>> >>>>On Tue, 4 Dec 2001, Marvin Bellamy wrote: >>>> >>>>>Setup: >>>>>OpenBSD firewall on a Pentium 133, running IPF and IPNAT >>>>>RedHat 7.2 on my desktop, Pentium 500 >>>>> >>>>Which version of OpenBSD? I have the same setup with RR and it works >>>>fine. >>>> >>> >>>OpenBSD 2.8. How did you configure your external hostname.if file? I >>>just have "dhcp" in mine since I wasn't aware of any other options >>>that I'd need. >>> >>>> >>>>>Hey all. I just moved to Praire Village, but with no DSL access I >>>>>switched to Road Runner. I reconfigured my external NIC to use DHCP >>>>>and the session appears to open successfully. The problem is DNS >>>>>isn't working. The resolv.conf file is rewritten with a "search" >>>>>on the kc.rr.com domain and the three RR DNS servers as >>>>>"nameserver"s. I can ping external IPs, but I just can't resolve >>>>>names. I even tried reconfiguring my desktop to use the old DSL >>>>>nameservers to no avail. Any suggestions? >>>>> >>>>Try doing a tcpdump on the external NIC. Are you seeing the DNS traffic >>>>getting out? How do you have your NAT setup? Any IPF rules? Does an >>>>nslookup timeout or does it return an error immediately? >>>> >>> >>>Running tcpdump produced practically no output, and that output did >>>not appear to be related to my DNS queries. I saw a few dumps with >>>...arp who-has... that usually referenced my gateway address or >>>24.163.154.160, whatever that is. It isn't one of the DNS servers. >>>Are there any different types of packets that DHCP might use that >>>would have been blocked by my ipf.rules? My firewall is essentially >>>unchanged. >>> >>> >>> >>> >>> >>> >> >> >> >> >> >