From owner-freebsd-stable@FreeBSD.ORG Fri Dec 7 14:06:23 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id ECD354EE for ; Fri, 7 Dec 2012 14:06:23 +0000 (UTC) (envelope-from freebsd@damnhippie.dyndns.org) Received: from duck.symmetricom.us (duck.symmetricom.us [206.168.13.214]) by mx1.freebsd.org (Postfix) with ESMTP id 9A7E08FC14 for ; Fri, 7 Dec 2012 14:06:23 +0000 (UTC) Received: from damnhippie.dyndns.org (daffy.symmetricom.us [206.168.13.218]) by duck.symmetricom.us (8.14.5/8.14.5) with ESMTP id qB7E6Gnt026103 for ; Fri, 7 Dec 2012 07:06:16 -0700 (MST) (envelope-from freebsd@damnhippie.dyndns.org) Received: from [172.22.42.240] (revolution.hippie.lan [172.22.42.240]) by damnhippie.dyndns.org (8.14.3/8.14.3) with ESMTP id qB7E5rL5050888; Fri, 7 Dec 2012 07:05:53 -0700 (MST) (envelope-from freebsd@damnhippie.dyndns.org) Subject: Re: Using dhclient on WAN if on a box serving DHCP to LAN if From: Ian Lepore To: Tom Evans In-Reply-To: References: Content-Type: text/plain; charset="us-ascii" Date: Fri, 07 Dec 2012 07:05:53 -0700 Message-ID: <1354889153.87661.267.camel@revolution.hippie.lan> Mime-Version: 1.0 X-Mailer: Evolution 2.32.1 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit Cc: FreeBSD Stable X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Dec 2012 14:06:24 -0000 On Fri, 2012-12-07 at 11:38 +0000, Tom Evans wrote: > Hi all > > Using 9.0-STABLE #1 r230946 - I found it out as I rebooted to prepare > for 9.1, but I think it should be largely irrelevant of version. > > I have a freebsd router that provides all the things a soho router > should on its LAN iface - DNS, DHCP, NAT (via pf). The WAN iface > connects to a ADSL modem operating in bridge mode. > > My ISP has recently forced a change on to me, in order to get service > I have to connect via DHCP, in order for them to give me my static IP. > Apparently this makes their lives a lot easier. Even knowing the IP, > netmask, broadcast and router is not enough, no service will flow > unless a DHCP request has been registered. > > Relevant rc.conf, ale0 is the WAN, em0 is the LAN > > ifconfig_ale0="DHCP" > ifconfig_em0="inet 192.168.1.1 netmask 255.255.255.0" > gateway_enable="YES" > > dhcpd_enable="YES" > dhcpd_flags="-q" > dhcpd_ifaces="em0" > dhcpd_conf="/usr/local/etc/dhcpd.conf" > > With this configuration, the default route is over the LAN iface. This > causes the dhclient for ale0 to get a response from the local dhcpd > server, not the ISP dhcpd server. This drove me potty! Can anyone > explain why dhcpd, having been told only to listen for DHCP on em0, > responds to ale0? Could this be related to my pf rules, or is it down > to the default route being incorrect? > > Changing rc.conf to this allows the network to come up correctly: > > ifconfig_ale0="inet xx.xx.110.172 netmask 255.255.255.0 broadcast > xx.xx.110.255 DHCP" > defaultrouter="xx.xx.110.1" > > This relies on me knowing that these are the values that dhclient on > the WAN iface will receive from my ISP's DHCP server. How would I > achieve this setup if this information was dynamic or otherwise > unknowable? My ISP could easily change my gateway IP, the only > guarantee I have is that my allocated IP is static. > > So: > > 1) Why does the LAN dhcpd respond to the WAN dhclient?dhcpd_ifaces="sk0" > 2) Is there a better way of specifying this setup, so that it does not > have hard coded addresses in there? > > Thanks in advance for any pointers. > > Tom I've been running this exact setup for years (although it's still running on freebsd 7.x because I've been too lazy to update a setup that works so well). Make sure you're telling dhcpd to only listen for broadcasts on the lan interface. You can do this in rc.conf with dhcpd_ifaces="sk0" Also, I found that dhcpd (at least the old version I'm running) whines if you don't have a subnet statement for the wan interface in the config even if it's not serving on that interface, so my dhcpd.conf has this # The subnet that should be active via the cable modem. # We don't serve it (no range statement). # I don't remember why I need the broadcast-address thing here. # It might be to match what comcast sets via their dhcp. subnet 24.6.2.0 netmask 255.255.254.0 { not authoritative; option routers 24.6.2.1; option broadcast-address 255.255.255.255; } -- Ian