Date: Tue, 23 Nov 2010 07:02:14 -0500 From: Boris Kochergin <spawk@acm.poly.edu> To: "Ronald F. Guilmette" <rfg@tristatelogic.com> Cc: freebsd-net@freebsd.org Subject: Re: Configuring for 1 static and 1 DHCP interface ? Message-ID: <4CEBAD46.2070301@acm.poly.edu> In-Reply-To: <41757.1290513201@tristatelogic.com> References: <41757.1290513201@tristatelogic.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11/23/10 06:53, Ronald F. Guilmette wrote: > I just recently re-jigged my main server/workstation so that instead > of just having a single interface that talks to the Internet via a > single static IP, it now has, in addition to that, one other interface > (and card) that's talking to one of those little black&blue Linksys > router thingies to which other machines on my local network are connected > (all using DHCP which is implemented in the Linksys box). > > For most stuff the default routing should be out via the original interface > (and its static IP) but when the main server/workstation wants to talk > to anything in 192.168.1.0/24, it should instead route those packets > via the second/newer interface over to the Linksys box, i.e. so that > this main machine can talk to other stuff on the local network. > > So anyway, here's what I have now in my /etc/rc.conf file: > > defaultrouter="69.62.255.254" > network_interfaces="fxp0 rl0 lo0 auto" > ifconfig_fxp0="inet 69.62.255.118 netmask 255.255.255.0" > ifconfig_rl0="DHCP" > > This is problematic for several reasons. First, as I have learned, > having any interface set to "DHCP" in the /etc/rc.conf file causes > all sorts of DHCP magic to happen at startup time, and the end result > of all that magic is that two undesirable things happen: > > 1) The /etc/resolv.conf file gets replaced with something that > causes DNS resolutions to go someplace other than where I want > them to go, and... > > 2) the default route that I attempted to set in the /etc/rc.conf > file gets clobbered and replaced by a default route obtained > from the DHCP negotiation on the second interface. > > I tried to work around these problems by simply putting code into my > /etc/rc.local file that would restore the proper /etc/resolv.conf file > and that would also restore the proper default route. > > That all actually seemed to be working well, _except_ that I just now > noticed that, for reasons that are not apparent to me, my ntpd daemon > is apparently trying to send its time sync packets out, via the original/ > main/default interface, but with the source IP address being the RFC 1918 > address that was obtained dynamically for the second interface via DHCP > i.e. 192.168.1.101. That creates a definite problem because my IPFW > firewall rules were set up to avoid me leaking RFC 1918 IPs out onto > the public internet. So anyway, the result is that now my ntpd is > utterly failing to communicate with any of the time servers it should be > talking to (causing my time to drift slowly out of whack) AND I am now > getting a whole lot of message in /var/log/messages like this: > > > Nov 23 03:04:35 segfault kernel: ipfw: 3200 Deny UDP 192.168.1.101:123 128.118.25.3:123 out via fxp0 > Nov 23 03:04:35 segfault ntpd[1064]: sendto(128.118.25.3): Permission denied > > > Obviously, none of this is at all good. But where exactly did I go wrong? > Why did my ntpd daemon latch on to the 192.168.1.101 IP address? Why is > it attempting to originate packets from that IP address, rather than from > 69.62.255.118 as it used to do? (And how can I get it to do that Right Thing > again?) And why is the kernel now attempting to route those packets out to > the net via my main/original interface, fxp0? (THAT is REALLY perplexing!) > > This is all quite mysterious to me, and I'd appreciate any help. > > Here is my current routing table, in case that's of any help. The > 69.62.255.254 is the gateway address my ISP gave me... you know... to > go along with my static IP. > > P.S. If possible, please answer on-list. Otherwise my geeky spam filter > may cause me to miss your reply. Thanks. > > =================================================================== > Routing tables > > Internet: > Destination Gateway Flags Refs Use Netif Expire > default 69.62.255.254 UGS 0 2706435 fxp0 > 69.62.255.0/24 link#3 UC 0 0 fxp0 > 69.62.255.118 00:a0:c9:dd:11:7e UHLW 1 123493 lo0 > 69.62.255.254 00:00:0e:07:ac:00 UHLW 2 9 fxp0 72 > 127.0.0.1 127.0.0.1 UH 0 11955888 lo0 > 192.168.1.0/24 link#2 UC 0 0 rl0 > 192.168.1.1 00:1d:7e:c9:83:03 UHLW 1 1 rl0 1200 > 192.168.1.101 00:50:bf:43:5a:b9 UHLW 1 8 lo0 > > Internet6: > Destination Gateway Flags Netif Expire > ::1 ::1 UHL lo0 > fe80::%lo0/64 fe80::1%lo0 U lo0 > fe80::1%lo0 link#5 UHL lo0 > ff01:5::/32 fe80::1%lo0 UC lo0 > ff02::%lo0/32 fe80::1%lo0 UC lo0 > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" Hi. I hypothesize that ntpd is started before your rc.local script is run, so it uses the NAT IP and default route. Take a look at the dhclient.conf man page for how to ignore certain DHCP-provided information for an interface. For example: # cat /etc/dhclient.conf ... interface "wlan0" { supersede domain-name "poly.edu"; supersede domain-name-servers 128.238.9.202; } The above overrides any DHCP-provided domain name and DNS servers with what I have above on the wlan0 interface. -Boris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4CEBAD46.2070301>