Solved dhcpd? error

[Ishayahu]

I have a new router with freebsd 14.0-RELEASE with

re0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        options=60241b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,LRO,WOL_MAGIC,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 78:98:e8:c1:f8:a1
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
re1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=60251b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,LRO,WOL_MAGIC,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 50:91:e3:c9:08:b2
        media: Ethernet autoselect
        status: no carrier
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
re2: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        options=60251b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,LRO,WOL_MAGIC,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 74:56:3c:e3:47:ca
        inet X.X.X.X netmask 0xffffff00 broadcast X.X.X.X
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

(re1 is a pci-e card, which I thought make a problem, but the same problem is with another card)

for some reason, at least once a week, his dhcpd stops working, that is, it does not issue addresses. Moreover, restarting dhcpd does not help, and restarting netif hangs ssh and it’s impossible to connect back. Only reboot helps
I found this in the logs

Feb 23 02:38:40 alperin dhcpd[1012]: send_packet: Host is down
Feb 23 02:38:40 alperin dhcpd[1012]: dhcp.c:4131: Failed to send 300 byte long packet over fallback interface.
Feb 23 02:38:41 alperin dhcpd[1012]: send_packet: Host is down
Feb 23 02:38:41 alperin dhcpd[1012]: dhcp.c:4131: Failed to send 300 byte long packet over fallback interface.
Feb 23 02:38:43 alperin dhcpd[1012]: send_packet: Host is down
Feb 23 02:38:43 alperin dhcpd[1012]: dhcp.c:4131: Failed to send 300 byte long packet over fallback interface.
Feb 23 02:38:47 alperin dhcpd[1012]: send_packet: Host is down
Feb 23 02:38:47 alperin dhcpd[1012]: dhcp.c:4131: Failed to send 300 byte long packet over fallback interface.
Feb 23 02:38:56 alperin dhcpd[1012]: send_packet: Host is down
Feb 23 02:38:56 alperin dhcpd[1012]: dhcp.c:4131: Failed to send 300 byte long packet over fallback interface.
Feb 23 02:39:13 alperin dhcpd[1012]: send_packet: Host is down
Feb 23 02:39:13 alperin dhcpd[1012]: dhcp.c:4131: Failed to send 300 byte long packet over fallback interface.
Feb 23 02:39:46 alperin dhcpd[1012]: send_packet: Host is down
Feb 23 02:39:46 alperin dhcpd[1012]: dhcp.c:4131: Failed to send 300 byte long packet over fallback interface.
Feb 23 02:40:53 alperin dhcpd[1012]: send_packet: Host is down
Feb 23 02:40:53 alperin dhcpd[1012]: dhcp.c:4131: Failed to send 300 byte long packet over fallback interface.

I tried to use in /boot/loader.conf

if_re_load="YES"
if_re_name="/boot/modules/if_re.ko"
hw.re.max_rx_mbuf_sz="2048"

What can be wrong?

 

[VladiBG]

re1:
status: no carrier

Interface is down. Maybe the cable or other end device (switch/router) issue.

If you don't use re1 then config your dhcpd to only listen on specific lan interface.

 

[SirDice]

if_re_load="YES" 
if_re_name="/boot/modules/if_re.ko"

if_re(4) is included with the GENERIC kernel, or are you trying to use net/realtek-re-kmod?

GENERIC « conf « amd64 « sys - src - FreeBSD source tree

cgit.freebsd.org

 

[Ishayahu]

If you don't use re1 then config your dhcpd to only listen on specific lan interface.

I'm using re0 for LAN and re2 for WAN, so I don't use re1 at all

/etc/rc.conf

...
# WAN
ifconfig_re2="inet X.X.X.X netmask 255.255.255.0"
defaultrouter="X.X.X.X"

# LAN
ifconfig_re0="inet 192.168.1.1 netmask 255.255.255.0"

firewall_enable="YES" # enabling ipfw
firewall_nat_enable="YES"
gateway_enable="YES"
firewall_script="/usr/local/etc/ipfw/rc.firewall" # path for ipfw settings

dhcpd_enable="YES"
dhcpd_ifaces="re0"

...

/usr/local/etc/dhcpd.conf

option domain-name-servers 8.8.8.8;
# 3 days
default-lease-time 259200;
# one week
max-lease-time 604800;

#default-lease-time 600;
#max-lease-time 7200;

log-facility local7;

subnet 192.168.1.0 netmask 255.255.255.0 {
  option routers 192.168.1.1;
  range 192.168.1.10 192.168.1.254;
}

/usr/local/etc/ipfw/rc.firewall

ipfw -q -f flush

cmd="ipfw -q add"

wan="re2"
wan_ip="X.X.X.X"
lan="re0"
ks="keep-state"

# ipfw disable one_pass
ipfw -q nat 1 config if $wan same_ports unreg_only reset

$cmd 5 allow all from any to any via $lan

# No restrictions on Loopback Interface
$cmd 10 allow all from any to any via lo0

# NAT
$cmd 105 reass all from any to any in

$cmd 110 check-state

# ssh
$cmd 120 allow tcp from any to $wan_ip 4322 in via $wan $ks
# dns
$cmd 130 allow all from $wan_ip to 8.8.8.8 53  out via $wan $ks


$cmd 1000 nat 1 ip from any to any via $wan

 

[Ishayahu]

if_re(4) is included with the GENERIC kernel, or are you trying to use net/realtek-re-kmod?

GENERIC « conf « amd64 « sys - src - FreeBSD source tree

cgit.freebsd.org

first I used build in if_re
after reading man I tried to switch to net/realtek-re-kmod (this is a current state) but it didn't help

 

[VladiBG]

When this happen can you check if your LAN interface (re0) has connection to some internal client for example to try to ping some host on internal lan so you can verify the interface is working.

Also check the output of dmesg

The error means that something is blocking your interface of sending packets it may be firewall rule or switch policy (dhcp snooping) but your rules looks fine to me so it's either interface issue (faulty nic/driver/cable ...etc) or the switch is blocking the port that your re0 is connected to.

You can add the following counter in your firewall right before the default deny rule to see if any packets from udp port 68 are blocked. There should be zero hits when viewed via ipfw show

65000 count udp from any 68 to any

 

[Ishayahu]

When this happen can you check if your LAN interface (re0) has connection to some internal client for example to try to ping some host on internal lan so you can verify the interface is working.

I can ping local clients. The only problem - clients can't get ip from dhcp until server reboot. I also changed switch to another and that didn't help.

 

[VladiBG]

Are they free IP addresses? You can try to reduce the lease-time to 1day.

 

[Ishayahu]

I don't know, but it looks like the problem disappeared

 

[mack3457]

With realtek network cards, I had similar problems every once in a while.

As soon as they face heavy load, they stopped working and a reboot was necessary. It was about once or twice a month on a router.

Since I switched to Intel cards, the problem never reappeared. Try Intel cards, Realtek network cards are not a good choice for FreeBSD.

DHCP Server should not have high network load, but maybe the problem occurs on some other rare occasion as well.

 

[Cath O'Deray]

… Only reboot helps …

… it looks like the problem disappeared …

If symptoms recur, you can try something less disruptive than `reboot`:

1. service netif stop
2. /etc/netstart

 

[nxjoseph]

If symptoms recur, you can try something less disruptive than `reboot`:

1. service netif stop
2. /etc/netstart

They stated that they connect through ssh and only reboot helps. You might be overlooked it, no problem.

and restarting netif hangs ssh and it’s impossible to connect back. Only reboot helps

 

[Cath O'Deray]

Oh right, I assumed a display attached to the router computer. Thanks.