From owner-freebsd-current@freebsd.org  Sat Jan  7 14:58:29 2017
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B920CCA4C79
 for <freebsd-current@mailman.ysv.freebsd.org>;
 Sat,  7 Jan 2017 14:58:29 +0000 (UTC)
 (envelope-from ohartmann@walstatt.org)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 1FD6B1B39
 for <freebsd-current@freebsd.org>; Sat,  7 Jan 2017 14:58:28 +0000 (UTC)
 (envelope-from ohartmann@walstatt.org)
Received: from thor.intern.walstatt.dynvpn.de ([85.179.133.93]) by
 mail.gmx.com (mrgmx003 [212.227.17.190]) with ESMTPSA (Nemesis) id
 0M7HGA-1cex7y2ufO-00x3IJ for <freebsd-current@freebsd.org>; Sat, 07 Jan 2017
 15:58:20 +0100
Date: Sat, 7 Jan 2017 15:58:14 +0100
From: "O. Hartmann" <ohartmann@walstatt.org>
To: FreeBSD CURRENT <freebsd-current@freebsd.org>
Subject: VLAN issues with DHCP and routing on recent CURRENT
Message-ID: <20170107155814.7f51e535@thor.intern.walstatt.dynvpn.de>
Organization: WALSTATT
User-Agent: OutScare 3.1415926
X-Operating-System: ImNotAnOperatingSystem 3.141592527
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 boundary="Sig_/GeI4o0jqrrPvZ29+HtKYRmi"; protocol="application/pgp-signature"
X-Provags-ID: V03:K0:H2KP7zETASiSdgzjBvBRAEtL8xZ6G2O6Ms16dmUUvxe7kl/zXCA
 Wy29ZOcJdrfBFoQ1mmrpeMj2dXvnW0/TaIohnDmfytfSkOhYeJE2eg55eJ+y9RYYlFxRcFz
 03dBmotftZ9J7Sg/RID2XT4jPYO+8+HUUqawAg21qofrRSdgSg6atTX2bXch+MGpL80deu1
 QCGsrRO7/IGq/zKeq2HSg==
X-UI-Out-Filterresults: notjunk:1;V01:K0:gunuINF5OlI=:p/mVZuvKNtPwRXJ4Kpz4iD
 mhYFFnx2glhaPGitQHRtbpnCH8dm9gtxM81bV1i7ZdPYV/5P27OqA2T8BsQXyoD+wk3lkuuoS
 4ne6vbmAXEQcy6wtb0PlPm1AkCMPHK8npCEXjr66oQOowFDcJ6U2EjR1aF+bVrmAf4ICIk4Zd
 6563JxqNNU1/5rxHgG1x0VC55vDpbMM47NCuLtIjXwDG7Wz8uyuXhtV5+78hJsSn3l0CwneSm
 cgvBL1n922wtSWxvNHvIHn0bowS9sCu5iHzadE8HsC+o0EjDwCshQk8/k5afVJ1LgMkmmn6oO
 CkzG/CmHTuEJe5BYm2YICWlveDLXcninJjrw4kmyM5Y0mZk0dCN96eCX2KsZEGUnS6NtpfcRf
 b/226ShcyvsGJ6KBT9gC7eh5qPE9vjYMadwluI7e1XZQZV2f9WRVNCT6hRPbdltZwHdyOcx2k
 yn6pUJMKcnIRK96mqSpyZI6dyoO9dDV6gXLa4FoL24eMDZLcuPr2d7CfQKpUAc02pnfJXe8FU
 iJ21+3S/2gpGU9Hjy8cRA/xYsc+Ij+oZHNYpbYM/msIopT1XvKXsHjX4fOnthrP4iNy7CO3WK
 ogpKnpZ9K8v+cHJeMoYvlKUXNXE9NDIIx8m5gMea0xE7D0ssP7hf/z9tFGxcwIYeRFEsKIYQq
 EFFKsap2dSDmW7vSHaZ+JInUDGwFHJCOBUcnWnVY2SMXBmNDyPKWpz4jUvhHibskZ6nrJrhje
 hU/8UUUEyiUP50vTFL78HDeWk6xowthN9onDBUXRTdX7SdLqftoKceXgKTM=
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Jan 2017 14:58:29 -0000

--Sig_/GeI4o0jqrrPvZ29+HtKYRmi
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Utilising a PCengine APU 2C4 as a router/gateway/firewall with IPFW running=
 recent
CURRENT (FreeBSD 12.0-CURRENT #24 r311637: Sat Jan  7 11:03:15 CET 2017 amd=
64) I ran out
of the sudden into serious trouble.

I'm running a VoIP wired telephone on a VLAN, tagged with "2". The router p=
rovides on the
same NIC (igb1) a usual LAN with some hosts on a network, say designated 10=
.0.0.0/24. On
the same interface, the VLAN 2 is designated with 10.0.200.0/24. On this ga=
teway, there
is IPFW as default firewalling instance and net/isc-dhcp DHCP Server 4.3.5 =
as DHCP server.

Since around the end of the week two weeks before after an update of the AP=
U to the
recent CURRENT, DHCP stopped serving IPs on all subnets and it wasn't possi=
ble to ping
the LAN 10.0.200.0/24 any more (routing is done via static routes) from 10.=
0.0.0/24. I
can ping all subnets from the gateway/router APU itself without problems.

The fun part is that I didn't change much in the meanwhile, but I did some
reconfigurations on IPFW, but even when completely openingen the IPFW by a =
allow all rule
doesn't solve the problem.=20

It is driving me crazy, since even with the configs it worked before, I don=
't stand a
chance with the recent CURRENT as shown above to restore functionality.

I guess I have a major problem in my configurations and need some advice.

Thanks in advance,

oh

--=20
O. Hartmann

Ich widerspreche der Nutzung oder =C3=9Cbermittlung meiner Daten f=C3=BCr
Werbezwecke oder f=C3=BCr die Markt- oder Meinungsforschung (=C2=A7 28 Abs.=
 4 BDSG).

--Sig_/GeI4o0jqrrPvZ29+HtKYRmi
Content-Type: application/pgp-signature
Content-Description: OpenPGP digital signature

-----BEGIN PGP SIGNATURE-----

iLUEARMKAB0WIQQZVZMzAtwC2T/86TrS528fyFhYlAUCWHECBgAKCRDS528fyFhY
lCfOAf45Ydm2oMxXtkb5V4spntJMviz9EjG/aDvuAwqe7htNmFBfSRxDZ9z4cOQu
RlStGWiRhShI9RbVOZWuHlO8zjsCAgCq2TMFMJTv19mXfdEw2teP3hSedjk75eQ5
w22afC9cQWkJC/w02XRZFjl28OkaLPr6iOOxHPIv4grvJxknvKKv
=/nVY
-----END PGP SIGNATURE-----

--Sig_/GeI4o0jqrrPvZ29+HtKYRmi--