Last night, we picked up Elina’s computer home from the Apple store; they replaced a faulty motherboard. As part of the pick-up process, the Apple service representative boots up the computer and demonstrates that it works fine; and it did. When we brought it home, though, we had a perplexing problem: the network connection seemed to work fine at first, but after the first time Elina put the computer to sleep, and then woke it up, it couldn’t obtain an IP address.

I was really stumped – it just seemed as though DHCP just wouldn’t work, no matter what. I could successfully connect the wifi to a few different networks, and a direct ethernet connection worked as well. And if I manually entered an IP address and the other pertinent TCP/IP settings, the connections worked just fine. But no matter what I did, OS X couldn’t get an IP address from our router (an Apple Airport Extreme Base Station); the connection status in Network Preferences just kept saying that it had a self-assigned IP address.

I tried a lot of things: upgrading the firmware, rebooting in safe mode, creating a new network location, deactivating and reactivating the connections — nothing worked. In the end, I found the answer with a combination of Google and sheer luck. As I was troubleshooting, all along I was searching with Google for some clue to what was going on — using phrases like “OS X DHCP won’t work”, “Mac can’t get IP address”, etc. Google usefully displays snippets of text from each search result below the result title. Luckily, in one of those, I noticed the name “configd”. That tickled my memory, so I searched for “configd”. The man page starts with “The configd daemon is responsible for many configuration aspects of the local system.” And after skimming this page, I developed a theory that configd was responsible for obtaining an IP address via DHCP. And I suddenly remembered that when we had first booted up the laptop when we brought it home, I had changed the Firewall mode to Set access for specific services and applications – and that it had immediately popped up a dialog asking whether we wanted to allow or deny incoming connections to configd! I surmised that we must have clicked “deny”, which must have broken configd.

The hypothesis was easy to test: I just turned the firewall off (the setting labeled Allow all incoming connections) and tried to obtain an IP address, and it worked. Problem solved! As usual, there was a reason — me!

So the moral of the story is: don’t deny incoming connections to configd.

A useful tip, found here: to reset the OS X 10.5 Leopard firewall back to factory settings, enter the following command in the Terminal: sudo cp /usr/libexec/ApplicationFirewall/com.apple.alf.plist /Library/Preferences/com.apple.alf.plist

Finally, I just want to say: the Leopard firewall confuses me. I have issues with it. Maybe it’s just me. But maybe it isn’t.