Self Assigned IP / DHCP problem : sharing my fix.

Certainly an ipfw rule blocking ports 67 and 68 would disable DHCP, but since this isn't an issue for the vast majority of Mac OS X users, no such rule is created by default.

One possible way something like this can occur is if custom ipfw rules were created for Mac OS X Tiger and the system was updated to Leopard, as (as you noted) both ipfw and the Mac OS X Leopard application firewall run concurrently with ipfw's packet-based firewall taking precedence.

Thanks for sharing that. It is a helpful check for those people with DHCP issues... I would normally check IPFW last - because it defaults to "allow everything" in Leopard.

Cheers,

Rodney

I'm with William on this one... the FW, while obviously producing this problem for you, is not the real culprit or almost all Mac users would have big issues. I've never had DHCP blocked on a Mac.

Given you've had it working flawlessly for that amount of time, points to an issue in something that occurred when you lost the ability to obtain DHCP addresses.

OK, so a little background -

I have an MBP with 10.5.5 (which I downloaded yesterday, so that's not the issue). This year at school they upgraded the wireless system and network control to Foundry routers and Bradford Securities Network Control. Problem is, my computer is intermittently and randomly having a hard time sticking with one IP and staying away from a self-assigned 169 IP. The System Prefs are fine, and even when I change to manual settings for the IP, it doesn't stick. I checked the terminal (tcpdump) and it seemed to be having a tough time accepting one of the two IPs the servers offered (there are two servers for redundancy). It asked for an IP, gets two offers, and then asks again. I was stumped, and so were the IT guys on campus. And it's not just me, many other 10.5 users are having the issue. And it's not the network, because nobody else is having the issue but 10.5 users. Certificate problems are similarly eliminated from possibility.

The IT guy showed my this thread, and I was excited, so I first tried to just shut off the Firewall all together, and that worked, briefly, but now it doesn't matter if the Firewall is on or off, the problem persists. I tried your WaterRoof method, and the similar program NoobProof, but there were no rules relating to ports 67 or 68 at all, let alone denying them. (As a side note, when my FW is off, there's only the rule allowing all IPs in and out, and when it's on (but only allowing specific programs) it gives a second rule that denies "icmp from any to me in imcptypes 8." No idea what that means.) I've been watching tcpdump and the FW logs closely (as well as the console itself), but nothing has changed. The only interesting thing is that when the IP changes from the (good) 137 IP I'm supposed to have to the (bad) 169 IP, often times (in fact, most times) there is no firewall activity. The console says that the en1 link (wireless) is now down, and the tcpdump picks up the computer asking for an IP again, but the firewall logs pick up nothing, neither through the console or through WaterRoof. Which is weird, because I thought it was a FW problem (as did the IT guys), but the logs show that only occasionally when the servers offer me an IP does the FW block the request, but not all the time.

As another point to note, this is not only an issue with the wireless. The wired connection (Ethernet right into the wall, and attempted from many different plug-in sites) also has this issue.

My only conclusion is that the FW is buggy, or that the logs are missing denials, neither of which makes much sense, IMHO.

Any thoughts?

EDIT: Shutting off the FW often solves the problem, but not always. Sometimes I can get a correct IP even with the FW in full swing without anything popping up in the logs. And sometimes I can't.

Message was edited by: kangasaurus

You've stated that your conclusion is that the FW is buggy, and then added a note at the end stating that with the FW on or off you still have intermittent issues, AND with the FW on or off it can also work perfectly... You also state that a wired connection shows the same issues.

At the start of your post you inform us that your school has just upgraded their comms gear...

Given that you have the same issues wired or wireless with the FW on or off, it's clear that the Mac is not the issue. Debugging on the Mac therefore won't yield anything useful (as you've already seen). Talk to your IT guys again - it's their problem.

I have to jump in here. I'm having the same DHCP problem mentioned above and I do believe it is a problem with the OSX Firewall. It is not a network problem. I have determined this by testing on 3 different networks in 3 different locations. 2 wireless, 1 wired. In all cases I got a self-assigned 169 IP address. In all cases I was able to fix the problem (temporarily) by setting the firewall to "allow all incoming connections". Once I do that I can obtain a valid IP. I can then set the firewall back to "set access for specific services..." and it'll continue to work. However, every time I try to get on a new network, I have the problem again.

There is another thread about this issue here:

http://discussions.apple.com/message.jspa?messageID=6240986

That thread suggests trashing 'com.apple.alf.plist' and rebooting. This has worked for me so far (today) but I have only been on one network so I haven't been able to fully test yet.

Now, I've had my Powerbook for over 4 years and never had this problem. It only started when I accidentally let the battery drain all the way down to a point where the date got reset. I don't know if this has anything to do with the issue or not but I suspect that it does. Is this when the problem started for anyone else?

I'm hoping more people can jump in here so we can get to the exact cause of the problem and find a permanent solution.

Like I said previously, I've narrowed it down to OS X. It is not a network issues. I also believe it is a Firewall issue. Any input will be greatly appreciated.

The bottom line is that configd, the daemon that deals with network configration, should always be in the firewall's "exceptions" list.

To check if it is on your system, you can do the following in terminal:

plutil -convert xml1 -o /tmp/1 /Library/Preferences/com.apple.alf.plist

If you then look at the file /tmp/1 with your favorite editor, you should see a section that looks like this:

<key>exceptions</key>
 <array>
 <dict>
 <key>path</key>
 <string>/usr/sbin/configd</string>
 <key>state</key>
 <integer>3</integer>
 </dict>

If you don't, you may want to try deleting the plist in /System/Library:

sudo rm /Library/Preferences/com.apple.alf.plist

and see if it then gets recreated properly.

Don't forget to:

rm /tmp/1

when you're done.

I've had exactly the same self assigning IP problem over the past few days. The IT guys at the company could not resolve the issue, so I ended up traveling some 4 hours to the nearest Apple service centre to watch them turn on my imac and for them to tell me that there was no problem.
Get back to the office, same problem.
After finding this discussion on Apple I decided to get to grip with my firewall, not being so tech minded I was not totally sure how they work.
I run an extra firewall by Netbarrier X5. I opened the application and tried to trace my required IP address, for some unknown reason I find it on the stop list !!!!, I removed it and I get my internet and mail connection back.
Maybe my experience can shed a little more light on this problem.
Thank you

Just to say I have the exact same issue as everyone else on this thread, but only on my MBA (10.5.5) My Mini (10.5.5 - Wireless to Airport Express) and MacPro (Wired LAN) do NOT, so far, show the problem. The only difference I can think of is that the Air moves around networks, the other two don't.

The symptoms are the same as everyone else, a self assigned IP clearable by switching the firewall on and off.

My alf.plist does contain the exception detailed in the comment above.

There was a 10.5.5 Combo update and a security update applied between not having the issue and noticing the issue. I suspect the security update changed something as this is not something that has happened prior to that installation.

Just an update on my version of this problem. My MBA just went to sleep, when it woke up again....no internet and a self assigned IP. Stopping and starting the Firewall cleared the issue and I can make this post.

Edited to list the correct OS in the details section.

Message was edited by: David Greenhalgh

I have the same problem, yet different.

my computer will connect, yet after it falls asleep, and then i wake it back up, it wont connect, and it says "self assigned IP"
after a reset of my router, its good to go again,

although, after a bit of walking, it works, its still inconvenient.
does anyone have any suggestions on how i can fix this?