Configuring for 1 static and 1 DHCP interface ?

Ronald F. Guilmette rfg at tristatelogic.com
Tue Nov 23 11:53:23 UTC 2010 

I just recently re-jigged my main server/workstation so that instead
of just having a single interface that talks to the Internet via a
single static IP, it now has, in addition to that, one other interface
(and card) that's talking to one of those little black&blue Linksys
router thingies to which other machines on my local network are connected
(all using DHCP which is implemented in the Linksys box).

For most stuff the default routing should be out via the original interface
(and its static IP) but when the main server/workstation wants to talk
to anything in 192.168.1.0/24, it should instead route those packets
via the second/newer interface over to the Linksys box, i.e. so that
this main machine can talk to other stuff on the local network.

So anyway, here's what I have now in my /etc/rc.conf file:

defaultrouter="69.62.255.254"
network_interfaces="fxp0 rl0 lo0 auto"
ifconfig_fxp0="inet 69.62.255.118 netmask 255.255.255.0"
ifconfig_rl0="DHCP"

This is problematic for several reasons.  First, as I have learned,
having any interface set to "DHCP" in the /etc/rc.conf file causes
all sorts of DHCP magic to happen at startup time, and the end result
of all that magic is that two undesirable things happen:

   1)  The /etc/resolv.conf file gets replaced with something that
       causes DNS resolutions to go someplace other than where I want
       them to go, and...

   2)  the default route that I attempted to set in the /etc/rc.conf
       file gets clobbered and replaced by a default route obtained
       from the DHCP negotiation on the second interface.

I tried to work around these problems by simply putting code into my
/etc/rc.local file that would restore the proper /etc/resolv.conf file
and that would also restore the proper default route.

That all actually seemed to be working well, _except_ that I just now
noticed that, for reasons that are not apparent to me, my ntpd daemon
is apparently trying to send its time sync packets out, via the original/
main/default interface, but with the source IP address being the RFC 1918
address that was obtained dynamically for the second interface via DHCP
i.e. 192.168.1.101.  That creates a definite problem because my IPFW
firewall rules were set up to avoid me leaking RFC 1918 IPs out onto
the public internet.  So anyway, the result is that now my ntpd is
utterly failing to communicate with any of the time servers it should be
talking to (causing my time to drift slowly out of whack) AND I am now
getting a whole lot of message in /var/log/messages like this:


Nov 23 03:04:35 segfault kernel: ipfw: 3200 Deny UDP 192.168.1.101:123 128.118.25.3:123 out via fxp0
Nov 23 03:04:35 segfault ntpd[1064]: sendto(128.118.25.3): Permission denied


Obviously, none of this is at all good.  But where exactly did I go wrong?
Why did my ntpd daemon latch on to the 192.168.1.101 IP address?  Why is
it attempting to originate packets from that IP address, rather than from
69.62.255.118 as it used to do? (And how can I get it to do that Right Thing
again?)  And why is the kernel now attempting to route those packets out to
the net via my main/original interface, fxp0?  (THAT is REALLY perplexing!)

This is all quite mysterious to me, and I'd appreciate any help.

Here is my current routing table, in case that's of any help.  The
69.62.255.254 is the gateway address my ISP gave me... you know... to
go along with my static IP.

P.S.  If possible, please answer on-list.   Otherwise my geeky spam filter
may cause me to miss your reply.  Thanks.

===================================================================
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            69.62.255.254      UGS         0  2706435   fxp0
69.62.255.0/24     link#3             UC          0        0   fxp0
69.62.255.118      00:a0:c9:dd:11:7e  UHLW        1   123493    lo0
69.62.255.254      00:00:0e:07:ac:00  UHLW        2        9   fxp0     72
127.0.0.1          127.0.0.1          UH          0 11955888    lo0
192.168.1.0/24     link#2             UC          0        0    rl0
192.168.1.1        00:1d:7e:c9:83:03  UHLW        1        1    rl0   1200
192.168.1.101      00:50:bf:43:5a:b9  UHLW        1        8    lo0

Internet6:
Destination                       Gateway                       Flags      Netif Expire
::1                               ::1                           UHL         lo0
fe80::%lo0/64                     fe80::1%lo0                   U           lo0
fe80::1%lo0                       link#5                        UHL         lo0
ff01:5::/32                       fe80::1%lo0                   UC          lo0
ff02::%lo0/32                     fe80::1%lo0                   UC          lo0

More information about the freebsd-net mailing list