From owner-freebsd-pf@FreeBSD.ORG Wed Oct 18 14:52:58 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 33AFA16A407 for ; Wed, 18 Oct 2006 14:52:58 +0000 (UTC) (envelope-from marcchabot@marcchabot.com) Received: from mx.caminfo.ca (mx.caminfo.ca [64.15.73.53]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5333443D6B for ; Wed, 18 Oct 2006 14:52:53 +0000 (GMT) (envelope-from marcchabot@marcchabot.com) Received: from modemcable005.251-131-66.mc.videotron.ca [66.131.251.5] by mx.caminfo.ca with SMTP (EHLO [192.168.2.101]) (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.8.8 Pre-Release 1)); Wed, 18 Oct 2006 10:52:51 -0400 Date: Wed, 18 Oct 2006 10:52:24 -0400 From: Marc Chabot To: Martin Turgeon In-Reply-To: <0J7C00A3541CUN90@VL-MH-MR001.ip.videotron.ca> References: <0J7C00A3541CUN90@VL-MH-MR001.ip.videotron.ca> Message-Id: <20061018101558.7B28.MARCCHABOT@marcchabot.com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Becky! ver. 2.25.01 [en] X-ArGoMail-Authenticated: marcchabot@marcchabot.com Cc: freebsd-pf@freebsd.org Subject: Re: Routing with external interface doesn't work after a while X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Oct 2006 14:52:58 -0000 hello Martin Turgeon, On Wed, 18 Oct 2006 09:56:12 -0400 Martin Turgeon wrote: MT> running FreeBSD 6.1 on a Celeron 2.8GHz with 512Mo of RAM. It looks likes MT> after a while (a couple of weeks) the routing isn't working anymore, but MT> only with the external interface (the one connected to my cable modem from MT> Videotron in Montreal). The box is acting as the gateway of the network with MT> PF, OpenVPN 2.0.5-1 and ISC-DHCPd 3.0.3-1 running. The problem also occurred MT> on FreeBSD 6.0 on another box. MT> The solution was to renew the address of the external interface with MT> dhclient fxp0. oh... videotron dynamic modem cable... about 2 years ago, videotron had problems with their dhcp, it took them quite some time to fix it, they had to schrink the lease time to 4 hours, 8 hours and the like. I, friends and the majority of our customers using videotron-dynamic were calling because internet traffic stopped. Many customers were using cheapo nat boxes (dlink, linksys, you name it) of all makes with different firmware versions, a few with cisco pix 501s, etc... The solution? Same as yours: renew the address of the external interface. (or simply power cycle the nat box for end users). And since videotron seems to glue IPs with MAC addresses, users keep their public IP for many months. I have never had one stick for more than 11 months though, but 8 to 9 months is common. Comically, some home user desperate to change IPs had to change NIC or clone mac adress inside their nat boxes and then power cycle the modem cable (clear arp of the modem) to get a different public ip adress. That was quite a while ago. Now, sometimes i see for myself such behavior but just localized, no customers calling en masse. When it happens to me (once every two months?) my mail client beeps and awake me in the middle of the night, and when i go check my mail servers, well, the whole internet is unaccessible, i renew the address of the external interface, and voila. In some cases i had to power cycle the modem cable, it seems to always happend in the middle of the night, at a time that is apropriate for them to play with their equipment and disturb as less customers as possible. Having has my share of they pretty much useless customer service, i didn't bother to call them and confirm this. And I'm not using a *BSD box at home. At first glance, it does not look like a *BSD bug. Drop the videotron home service and call VTL (videotron telecomm limitee) to get a business static ip address, they put a cisco soho91 in between your modem cable and your router to give you a static ip. Besides, the support service of videotron home is just as catastrophicly lousy as sympatico and others, while in some cases i was surprized to hear some employes of VTL have clue. The business side of videotron is more competent then the residential side. -- Best regards, mail to: MarcChabot@MarcChabot.com SysAdmin & MailAdmin for http://www.caminfo.ca I find television very educating. Every time somebody turns on the T.V., I go into the other room and read a book. --Groucho Marx