DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 17th June 2008
xiphias xiphias is offline
Port Guard
 
Join Date: May 2008
Posts: 31
Thanked 2 Times in 2 Posts
Default dhclient.conf: multiple fixed-address statements

Hi

Is there a way to define a number of fixed-address in an alias clause of dhclient.conf? I can't find anything in the man page and everything I've tried just produces unpredictable results. If not, what other options are there for dhclient not to remove alias ips from the network device?
Reply With Quote
  #2   (View Single Post)  
Old 17th June 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,148
Thanked 182 Times in 149 Posts
Default

Which problem are you trying to solve ?
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 17th June 2008
xiphias xiphias is offline
Port Guard
 
Join Date: May 2008
Posts: 31
Thanked 2 Times in 2 Posts
Default

I have a ethernet ADSL (DLink 300T) modem that connects my router to the internet. I have a /29 block of IPs assigned to me by my ISP. I have configured my modem to route traffic for the 6 usable IPs to the router. The router is a normal PC running FreeBSD. The modem doesn't do any nat, just forwards the packets onto the router's public network card.

Anyway, assuming my public IP block is 123.123.123.208/29, then my router obtains the address 123.123.123.209/32 via dhcp. If I manually add aliases for 123.123.123.210/32, 123.123.123.211/32 and so on then everything works I can use pf to forward traffic from the different public IPs to different servers on my lan until the dhcp lease expires, then all the aliases are deleted and I'm left with only 123.123.123.209 assigned to the router's public network card.

The docs from the ISP say I should use dhcp to get the IP for the router, I've tried manually setting it and manually adding routing information but I can't get a workable connection to the internet unless I use dhcp
Reply With Quote
  #4   (View Single Post)  
Old 17th June 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,148
Thanked 182 Times in 149 Posts
Default

I also wonder why you need DHCP if you have a block of fixed IP addresses.

DHCP is usually used to get an IP address, a default route, a hostname and to update /etc/resolv.conf with the correct nameserver entries. The routing info can be inspected with netstat and the resolv.conf file with cat or an editor.

With you configure these things manually in a correct way, you should have a "workable connection to the internet"
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #5   (View Single Post)  
Old 17th June 2008
xiphias xiphias is offline
Port Guard
 
Join Date: May 2008
Posts: 31
Thanked 2 Times in 2 Posts
Default

I'm not completely ignorant of networking, the local side is fine with routing between 3 separate networks, split-horizon dns, etc. But there is something strange (read: I don't understand) going on between the router and the modem. Here is a lease recorded by dhclient:
Code:
lease {
  interface "xl0";
  fixed-address 123.123.123.209;
  option subnet-mask 255.255.255.255;
  option routers 123.123.123.209;
  option domain-name-servers 212.159.6.9;
  option host-name "coppermine";
  option dhcp-lease-time 60;
  option dhcp-message-type 5;
  option dhcp-server-identifier 192.168.1.1;
  renew 2 2008/6/17 21:04:46;
  rebind 2 2008/6/17 21:05:08;
  expire 2 2008/6/17 21:05:16;
}
So, to manually set this up I added to /etc/rc.conf
Code:
defaultrouter="123.123.123.209"
ifconfig_xl0="inet 123.123.123.209 netmask 255.255.255.255"
and then issued:
Code:
/etc/rc.d/netif restart
/etc/rc.d/routing restart
And, I can't connect to any external host. So, what am I missing?

Last edited by xiphias; 17th June 2008 at 09:19 PM.
Reply With Quote
  #6   (View Single Post)  
Old 17th June 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,148
Thanked 182 Times in 149 Posts
Default

If your IP is 123.123.123.209, then 23.123.123.209 cannot be your default route. With a DHCP lease, what is the output of
Code:
$ netstat -rn -f inet
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #7   (View Single Post)  
Old 17th June 2008
xiphias xiphias is offline
Port Guard
 
Join Date: May 2008
Posts: 31
Thanked 2 Times in 2 Posts
Default

I thought exactly the same when I first saw it. However the ip address of the internal port of the router is 192.168.1.1. Setting this as the default route won't work either because the it is on a different subnet to 123.123.123.209/32

The output you asked for, the mac address is that of the modem. This isn't the entire listing, but I've picked out the important ones as long with enough of a sample to see what is happening (hopefully).
Code:
4.71.209.5         00:11:95:b7:e7:81  UHLW        1        8    xl0    153
24.2.31.194        00:11:95:b7:e7:81  UHLW        1        1    xl0    136
24.22.185.116      00:11:95:b7:e7:81  UHLW        1        2    xl0    993
24.77.66.163       00:11:95:b7:e7:81  UHLW        1        1    xl0    748
24.138.26.80       00:11:95:b7:e7:81  UHLW        1        3    xl0   1193
24.192.16.123      00:11:95:b7:e7:81  UHLW        1        1    xl0    140
24.213.60.79       00:11:95:b7:e7:81  UHLW        1        2    xl0    555
24.247.24.38       00:11:95:b7:e7:81  UHLW        1        1    xl0    556
59.3.123.70        00:11:95:b7:e7:81  UHLW        1        1    xl0    508
60.240.51.91       00:11:95:b7:e7:81  UHLW        1        1    xl0    734
61.134.47.190      00:11:95:b7:e7:81  UHLW        1        1    xl0    911
63.203.10.250      00:11:95:b7:e7:81  UHLW        1        2    xl0    468
63.245.208.161     00:11:95:b7:e7:81  UHLW        1        2    xl0    606
63.245.209.10      00:11:95:b7:e7:81  UHLW        1       18    xl0    611
63.245.209.24      00:11:95:b7:e7:81  UHLW        1       10    xl0    607
63.245.209.101     00:11:95:b7:e7:81  UHLW        1        2    xl0    615
63.245.212.22      00:11:95:b7:e7:81  UHLW        1        1    xl0    610
63.245.213.33      00:11:95:b7:e7:81  UHLW        1      526    xl0    620
63.245.213.101     00:11:95:b7:e7:81  UHLW        1        3    xl0    611
63.245.223.10      00:11:95:b7:e7:81  UHLW        1        3    xl0    610
63.251.83.72       00:11:95:b7:e7:81  UHLW        1        8    xl0    567
63.251.83.82       00:11:95:b7:e7:81  UHLW        1        8    xl0    553
64.13.141.6        00:11:95:b7:e7:81  UHLW        1        2    xl0    606
64.34.197.141      00:11:95:b7:e7:81  UHLW        1        1    xl0    554
.....
123.123.123.209/32    link#4             UC          0        0    xl0
123.123.123.210/32    link#4             UC          0        0    xl0
127.0.0.1          127.0.0.1          UH          0        0    lo0
192.168.10.0/24    link#2             UC          0        0    vr0
192.168.11.0/24    link#3             UC          0        0    vr1
192.168.12.0/24    link#1             UC          0        0   ath0
dhclient.conf looks like:
Code:
interface "xl0" {
	prepend domain-name "localnet";
	supersede domain-name-servers 192.168.10.2;
}

alias {
	interface "xl0";
	fixed-address 123.123.123.210;
	option subnet-mask 255.255.255.255;
}
Just to be clear my modem is a DLink 300T and the connection is pppoa
Reply With Quote
  #8   (View Single Post)  
Old 17th June 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,148
Thanked 182 Times in 149 Posts
Default

I see no default route in your posted netstat output.

Does
Code:
$ netstat -an -f inet | grep default
show anything?

Or are you running a routing protocol?
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #9   (View Single Post)  
Old 17th June 2008
xiphias xiphias is offline
Port Guard
 
Join Date: May 2008
Posts: 31
Thanked 2 Times in 2 Posts
Default

No there's no default. I'm not explicitly running a routing protocol, could the dhcpd server on the modem push a config for a routing protocol?

In fact, I think the dhcpd server gives an address of 192.168.1.2 to the router for initial setup. When the modem has connected to the internet using pppd somehow the public address ends up on the router's public network card

Last edited by xiphias; 17th June 2008 at 10:34 PM.
Reply With Quote
Old 17th June 2008
robbak's Avatar
robbak robbak is offline
Real Name: Robert Backhaus
VPN Cryptographer
 
Join Date: May 2008
Location: North Queensland, Australia
Posts: 366
Thanked 40 Times in 39 Posts
Default

I take it your modem is doing the ppp stuff, and is doing a- I think it is called dhcp passthrough - to send you your IP address.

These dhcp passthrough (I think it is also called many other things, so that will make searching difficult) setups in modem/routes are strange beasts, and work in several very poor ways. They do not use the protocols in any standard ways, and hence regularly cause problems.

Switching to using PPPoE might be an answer, but you will have some MTU issue;, or moving to a router that can run one of the open-source linux firmwares, that you can tweak to your heart's content.
__________________
The only dumb question is a question not asked.
The only dumb answer is an answer not given.
Reply With Quote
Old 17th June 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,148
Thanked 182 Times in 149 Posts
Default

Maybe the thread http://readlist.com/lists/openbsd.org/misc/7/36625.html is helpful.
Especially the last post http://readlist.com/lists/openbsd.org/misc/7/36639.html
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Old 18th June 2008
xiphias xiphias is offline
Port Guard
 
Join Date: May 2008
Posts: 31
Thanked 2 Times in 2 Posts
Default

Your a star, that works perfectly. Thanks a lot. It's taken me several attempts over the years to get the routing rules to persist over a shutdown cycle on that modem, I wasn't going to let the FreeBSD router spoil everything.
Just one last niggly little thing. It seems the order in which the routing rules are added matter, and the only way to get everything to work on boot was to alter a line in /etc/rc.d/routing from:
Code:
static_routes="default ${static_routes}"
to
Code:
static_routes="${static_routes} default"
Should I submit this as a feature request/bug, or is it normal behaviour to add the default route first then the others?
Reply With Quote
Old 18th June 2008
xiphias xiphias is offline
Port Guard
 
Join Date: May 2008
Posts: 31
Thanked 2 Times in 2 Posts
Default

It just occured to me, if I changed the local side of the modem from 192.168.1.1/24 to 123.123.123.208/29 and set the main IP of the public side of the router to 123.123.123.209/29. It should work as a normal LAN without any fancy routing rules. The modem does run a form of embedded Linux, not some weird propriety firmware. Ah, well I'll wait till boredom sets in first - it's working at the minute. Thanks again
Reply With Quote
Old 19th June 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,148
Thanked 182 Times in 149 Posts
Default

Your modem is working in bridging mode. I only realized that halfway through our conversation. The route magic
Code:
route add -net 10.0.0.138 -netmask 255.255.255.255 -interface 82.92.239.xx -cloning
route add default 10.0.0.138
from http://readlist.com/lists/openbsd.org/misc/7/36639.html is the proper way to deal with a (A)DSL modem in bridging mode.

RE: default route
If you don't have a default route defined, the order should make no difference.

RE: changing local side of modem from 192.168.1.1/24 to 123.123.123.208/29
That would cost you a public IP address from your /29 pool.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Old 19th June 2008
xiphias xiphias is offline
Port Guard
 
Join Date: May 2008
Posts: 31
Thanked 2 Times in 2 Posts
Default

When I got the details from the ISP it labelled the .208 address as the router's address, so I never used it, if I can use it the same way as .209 though .214 then great.

Since there has been one show stopper though. When the modem sends the public IP to the router it adds a few entries to it's own routing table
Code:
123.123.123.209    *               255.255.255.255 UH    0      0        0 br0
default         *               0.0.0.0         U     0      0        0 ppp0
In the new configuration everything as static on the router, and the modem never adds these entries. I can save an xml file of the devices configuration, and using another entry as an example (for the Multicast block) I've added the entries for all my public IPs, then restored the devices config with the edited XML file. However I've been unable to figure out how to add the default route for ppp0. This is really another problem - it doesn't help matters that the squashfs 1.0 isn't supported by modern versions.

The old combined router/modem handled this no problem, but it didn't support modern ADSL speeds and I had no say in the new modem or router. The new router died and I managed to get a FreeBSD PC in to do the routing.

Anyway, any tips on the Dlink 300T would be welcome

Thanks again, J65nko

Oh, the other thing is the modem every so often loses the connection and renegotiates, and as part of this process it's routing table is reset, so manually adding the routes isn't an option, it has to be fully automated, I lost connectivity to my network yesterday when I was at work.

I think the plan of attack is to install Slackware from circa 2004 along with squashfs-tools from the same period, in a VM, mount the squashfs filesystem, edit an init script, re-squashfs the filesystem and watch myself render the modem useless.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
CARP interface with DHClient xinform3n OpenBSD General 5 22nd July 2009 12:41 PM
dhclient at startup bsdnewbie999 OpenBSD General 3 31st March 2009 03:55 AM
MAC address to IP rex FreeBSD General 9 11th November 2008 07:06 PM
difference between rc.conf and loader.conf disappearedng FreeBSD General 5 3rd September 2008 05:54 AM
dhclient iwi0 "Could not read iwi-bss' error FreeMan OpenBSD General 2 15th May 2008 08:01 PM


All times are GMT. The time now is 12:41 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick