Configuring for 1 static and 1 DHCP interface ?

Tue Nov 23 12:29:24 UTC 2010

On 11/23/10 06:53, Ronald F. Guilmette wrote:
> I just recently re-jigged my main server/workstation so that instead
> of just having a single interface that talks to the Internet via a
> single static IP, it now has, in addition to that, one other interface
> (and card) that's talking to one of those little black&blue Linksys
> router thingies to which other machines on my local network are connected
> (all using DHCP which is implemented in the Linksys box).
>
> For most stuff the default routing should be out via the original interface
> (and its static IP) but when the main server/workstation wants to talk
> to anything in 192.168.1.0/24, it should instead route those packets
> via the second/newer interface over to the Linksys box, i.e. so that
> this main machine can talk to other stuff on the local network.
>
> So anyway, here's what I have now in my /etc/rc.conf file:
>
> defaultrouter="69.62.255.254"
> network_interfaces="fxp0 rl0 lo0 auto"
> ifconfig_fxp0="inet 69.62.255.118 netmask 255.255.255.0"
> ifconfig_rl0="DHCP"
>
> This is problematic for several reasons.  First, as I have learned,
> having any interface set to "DHCP" in the /etc/rc.conf file causes
> all sorts of DHCP magic to happen at startup time, and the end result
> of all that magic is that two undesirable things happen:
>
>     1)  The /etc/resolv.conf file gets replaced with something that
>         causes DNS resolutions to go someplace other than where I want
>         them to go, and...
>
>     2)  the default route that I attempted to set in the /etc/rc.conf
>         file gets clobbered and replaced by a default route obtained
>         from the DHCP negotiation on the second interface.
>
> I tried to work around these problems by simply putting code into my
> /etc/rc.local file that would restore the proper /etc/resolv.conf file
> and that would also restore the proper default route.
>
> That all actually seemed to be working well, _except_ that I just now
> noticed that, for reasons that are not apparent to me, my ntpd daemon
> is apparently trying to send its time sync packets out, via the original/
> main/default interface, but with the source IP address being the RFC 1918
> address that was obtained dynamically for the second interface via DHCP
> i.e. 192.168.1.101.  That creates a definite problem because my IPFW
> firewall rules were set up to avoid me leaking RFC 1918 IPs out onto
> the public internet.  So anyway, the result is that now my ntpd is
> utterly failing to communicate with any of the time servers it should be
> talking to (causing my time to drift slowly out of whack) AND I am now
> getting a whole lot of message in /var/log/messages like this:
>
>
> Nov 23 03:04:35 segfault kernel: ipfw: 3200 Deny UDP 192.168.1.101:123 128.118.25.3:123 out via fxp0
> Nov 23 03:04:35 segfault ntpd[1064]: sendto(128.118.25.3): Permission denied
>
>
> Obviously, none of this is at all good.  But where exactly did I go wrong?
> Why did my ntpd daemon latch on to the 192.168.1.101 IP address?  Why is
> it attempting to originate packets from that IP address, rather than from
> 69.62.255.118 as it used to do? (And how can I get it to do that Right Thing
> again?)  And why is the kernel now attempting to route those packets out to
> the net via my main/original interface, fxp0?  (THAT is REALLY perplexing!)
>
> This is all quite mysterious to me, and I'd appreciate any help.
>
> Here is my current routing table, in case that's of any help.  The
> 69.62.255.254 is the gateway address my ISP gave me... you know... to
> go along with my static IP.
>
> P.S.  If possible, please answer on-list.   Otherwise my geeky spam filter
> may cause me to miss your reply.  Thanks.
>
> ===================================================================
> Routing tables
>
> Internet:
> Destination        Gateway            Flags    Refs      Use  Netif Expire
> default            69.62.255.254      UGS         0  2706435   fxp0
> 69.62.255.0/24     link#3             UC          0        0   fxp0
> 69.62.255.118      00:a0:c9:dd:11:7e  UHLW        1   123493    lo0
> 69.62.255.254      00:00:0e:07:ac:00  UHLW        2        9   fxp0     72
> 127.0.0.1          127.0.0.1          UH          0 11955888    lo0
> 192.168.1.0/24     link#2             UC          0        0    rl0
> 192.168.1.1        00:1d:7e:c9:83:03  UHLW        1        1    rl0   1200
> 192.168.1.101      00:50:bf:43:5a:b9  UHLW        1        8    lo0
>
> Internet6:
> Destination                       Gateway                       Flags      Netif Expire
> ::1                               ::1                           UHL         lo0
> fe80::%lo0/64                     fe80::1%lo0                   U           lo0
> fe80::1%lo0                       link#5                        UHL         lo0
> ff01:5::/32                       fe80::1%lo0                   UC          lo0
> ff02::%lo0/32                     fe80::1%lo0                   UC          lo0
>
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"

Hi. I hypothesize that ntpd is started before your rc.local script is 
run, so it uses the NAT IP and default route. Take a look at the 
dhclient.conf man page for how to ignore certain DHCP-provided 
information for an interface. For example:

# cat /etc/dhclient.conf
...
interface "wlan0" {
   supersede domain-name "poly.edu";
   supersede domain-name-servers 128.238.9.202;
}

The above overrides any DHCP-provided domain name and DNS servers with 
what I have above on the wlan0 interface.

-Boris