From owner-freebsd-net@FreeBSD.ORG Tue Nov 23 11:53:23 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 31CA5106564A for ; Tue, 23 Nov 2010 11:53:23 +0000 (UTC) (envelope-from rfg@tristatelogic.com) Received: from outgoing.tristatelogic.com (segfault.tristatelogic.com [69.62.255.118]) by mx1.freebsd.org (Postfix) with ESMTP id E2B7B8FC14 for ; Tue, 23 Nov 2010 11:53:21 +0000 (UTC) Received: from segfault-nmh-helo.tristatelogic.com (localhost [127.0.0.1]) by segfault.tristatelogic.com (Postfix) with ESMTP id 5C1F3BDC75 for ; Tue, 23 Nov 2010 03:53:21 -0800 (PST) To: freebsd-net@freebsd.org Date: Tue, 23 Nov 2010 03:53:21 -0800 Message-ID: <41757.1290513201@tristatelogic.com> From: "Ronald F. Guilmette" Subject: Configuring for 1 static and 1 DHCP interface ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Nov 2010 11:53:23 -0000 I just recently re-jigged my main server/workstation so that instead of just having a single interface that talks to the Internet via a single static IP, it now has, in addition to that, one other interface (and card) that's talking to one of those little black&blue Linksys router thingies to which other machines on my local network are connected (all using DHCP which is implemented in the Linksys box). For most stuff the default routing should be out via the original interface (and its static IP) but when the main server/workstation wants to talk to anything in 192.168.1.0/24, it should instead route those packets via the second/newer interface over to the Linksys box, i.e. so that this main machine can talk to other stuff on the local network. So anyway, here's what I have now in my /etc/rc.conf file: defaultrouter="69.62.255.254" network_interfaces="fxp0 rl0 lo0 auto" ifconfig_fxp0="inet 69.62.255.118 netmask 255.255.255.0" ifconfig_rl0="DHCP" This is problematic for several reasons. First, as I have learned, having any interface set to "DHCP" in the /etc/rc.conf file causes all sorts of DHCP magic to happen at startup time, and the end result of all that magic is that two undesirable things happen: 1) The /etc/resolv.conf file gets replaced with something that causes DNS resolutions to go someplace other than where I want them to go, and... 2) the default route that I attempted to set in the /etc/rc.conf file gets clobbered and replaced by a default route obtained from the DHCP negotiation on the second interface. I tried to work around these problems by simply putting code into my /etc/rc.local file that would restore the proper /etc/resolv.conf file and that would also restore the proper default route. That all actually seemed to be working well, _except_ that I just now noticed that, for reasons that are not apparent to me, my ntpd daemon is apparently trying to send its time sync packets out, via the original/ main/default interface, but with the source IP address being the RFC 1918 address that was obtained dynamically for the second interface via DHCP i.e. 192.168.1.101. That creates a definite problem because my IPFW firewall rules were set up to avoid me leaking RFC 1918 IPs out onto the public internet. So anyway, the result is that now my ntpd is utterly failing to communicate with any of the time servers it should be talking to (causing my time to drift slowly out of whack) AND I am now getting a whole lot of message in /var/log/messages like this: Nov 23 03:04:35 segfault kernel: ipfw: 3200 Deny UDP 192.168.1.101:123 128.118.25.3:123 out via fxp0 Nov 23 03:04:35 segfault ntpd[1064]: sendto(128.118.25.3): Permission denied Obviously, none of this is at all good. But where exactly did I go wrong? Why did my ntpd daemon latch on to the 192.168.1.101 IP address? Why is it attempting to originate packets from that IP address, rather than from 69.62.255.118 as it used to do? (And how can I get it to do that Right Thing again?) And why is the kernel now attempting to route those packets out to the net via my main/original interface, fxp0? (THAT is REALLY perplexing!) This is all quite mysterious to me, and I'd appreciate any help. Here is my current routing table, in case that's of any help. The 69.62.255.254 is the gateway address my ISP gave me... you know... to go along with my static IP. P.S. If possible, please answer on-list. Otherwise my geeky spam filter may cause me to miss your reply. Thanks. =================================================================== Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 69.62.255.254 UGS 0 2706435 fxp0 69.62.255.0/24 link#3 UC 0 0 fxp0 69.62.255.118 00:a0:c9:dd:11:7e UHLW 1 123493 lo0 69.62.255.254 00:00:0e:07:ac:00 UHLW 2 9 fxp0 72 127.0.0.1 127.0.0.1 UH 0 11955888 lo0 192.168.1.0/24 link#2 UC 0 0 rl0 192.168.1.1 00:1d:7e:c9:83:03 UHLW 1 1 rl0 1200 192.168.1.101 00:50:bf:43:5a:b9 UHLW 1 8 lo0 Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UHL lo0 fe80::%lo0/64 fe80::1%lo0 U lo0 fe80::1%lo0 link#5 UHL lo0 ff01:5::/32 fe80::1%lo0 UC lo0 ff02::%lo0/32 fe80::1%lo0 UC lo0