On 11/23/10 06:53, Ronald F. Guilmette wrote:
I just recently re-jigged my main server/workstation so that instead
of just having a single interface that talks to the Internet via a
single static IP, it now has, in addition to that, one other interface
(and card) that's talking to one of those little black&blue Linksys
router thingies to which other machines on my local network are connected
(all using DHCP which is implemented in the Linksys box).
For most stuff the default routing should be out via the original interface
(and its static IP) but when the main server/workstation wants to talk
to anything in 192.168.1.0/24, it should instead route those packets
via the second/newer interface over to the Linksys box, i.e. so that
this main machine can talk to other stuff on the local network.
So anyway, here's what I have now in my /etc/rc.conf file:
defaultrouter="69.62.255.254"
network_interfaces="fxp0 rl0 lo0 auto"
ifconfig_fxp0="inet 69.62.255.118 netmask 255.255.255.0"
ifconfig_rl0="DHCP"
This is problematic for several reasons. First, as I have learned,
having any interface set to "DHCP" in the /etc/rc.conf file causes
all sorts of DHCP magic to happen at startup time, and the end result
of all that magic is that two undesirable things happen:
1) The /etc/resolv.conf file gets replaced with something that
causes DNS resolutions to go someplace other than where I want
them to go, and...
2) the default route that I attempted to set in the /etc/rc.conf
file gets clobbered and replaced by a default route obtained
from the DHCP negotiation on the second interface.
I tried to work around these problems by simply putting code into my
/etc/rc.local file that would restore the proper /etc/resolv.conf file
and that would also restore the proper default route.
That all actually seemed to be working well, _except_ that I just now
noticed that, for reasons that are not apparent to me, my ntpd daemon
is apparently trying to send its time sync packets out, via the original/
main/default interface, but with the source IP address being the RFC 1918
address that was obtained dynamically for the second interface via DHCP
i.e. 192.168.1.101. That creates a definite problem because my IPFW
firewall rules were set up to avoid me leaking RFC 1918 IPs out onto
the public internet. So anyway, the result is that now my ntpd is
utterly failing to communicate with any of the time servers it should be
talking to (causing my time to drift slowly out of whack) AND I am now
getting a whole lot of message in /var/log/messages like this:
Nov 23 03:04:35 segfault kernel: ipfw: 3200 Deny UDP 192.168.1.101:123
128.118.25.3:123 out via fxp0
Nov 23 03:04:35 segfault ntpd[1064]: sendto(128.118.25.3): Permission denied
Obviously, none of this is at all good. But where exactly did I go wrong?
Why did my ntpd daemon latch on to the 192.168.1.101 IP address? Why is
it attempting to originate packets from that IP address, rather than from
69.62.255.118 as it used to do? (And how can I get it to do that Right Thing
again?) And why is the kernel now attempting to route those packets out to
the net via my main/original interface, fxp0? (THAT is REALLY perplexing!)
This is all quite mysterious to me, and I'd appreciate any help.
Here is my current routing table, in case that's of any help. The
69.62.255.254 is the gateway address my ISP gave me... you know... to
go along with my static IP.
P.S. If possible, please answer on-list. Otherwise my geeky spam filter
may cause me to miss your reply. Thanks.
===================================================================
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 69.62.255.254 UGS 0 2706435 fxp0
69.62.255.0/24 link#3 UC 0 0 fxp0
69.62.255.118 00:a0:c9:dd:11:7e UHLW 1 123493 lo0
69.62.255.254 00:00:0e:07:ac:00 UHLW 2 9 fxp0 72
127.0.0.1 127.0.0.1 UH 0 11955888 lo0
192.168.1.0/24 link#2 UC 0 0 rl0
192.168.1.1 00:1d:7e:c9:83:03 UHLW 1 1 rl0 1200
192.168.1.101 00:50:bf:43:5a:b9 UHLW 1 8 lo0
Internet6:
Destination Gateway Flags
Netif Expire
::1 ::1 UHL lo0
fe80::%lo0/64 fe80::1%lo0 U lo0
fe80::1%lo0 link#5 UHL lo0
ff01:5::/32 fe80::1%lo0 UC lo0
ff02::%lo0/32 fe80::1%lo0 UC lo0
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Hi. I hypothesize that ntpd is started before your rc.local script is
run, so it uses the NAT IP and default route. Take a look at the
dhclient.conf man page for how to ignore certain DHCP-provided
information for an interface. For example:
# cat /etc/dhclient.conf
...
interface "wlan0" {
supersede domain-name "poly.edu";
supersede domain-name-servers 128.238.9.202;
}
The above overrides any DHCP-provided domain name and DNS servers with
what I have above on the wlan0 interface.
-Boris
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"