FreeBSD Home Router Question...or two.

n00balert · Jul 31, 2013

Hi @MisterDX,

Thanks for responding. However, my "router" is a cable modem that connects to the ISP over COAX then connects to the FreeBSD server over ethernet.

I thought the issue would be resolved by firewall rules. However, I upgraded FreeBSD to -HEAD and added all my DHCP clients as static clients in dhcpd.conf - and that seems to have "fixed" my issue.

throAU · Aug 1, 2013

Why do you have a bridge interface configured in FreeBSD?

If I understand your situation correctly, this is not required and most definitely not desirable, as you are trying to use your FreeBSD machine as a router, not a bridge. This is why your clients are seeing the cable modem's DHCP server - you're bridging the traffic to it.

If you're still getting cable modem assigned IPs on your clients after you think you have turned bridging off, then either bridging is still working, or it is an old lease - make sure to flush the leases out on the client with whatever commands are appropriate for the client OS.

There is no way your clients should be hitting the cable modem for DHCP if bridging is not enabled, whether or not you have a firewall or not. I.e., the problem is not firewall rule related.

You should not need to upgrade to -HEAD to fix this, this is basic functionality that I've personally used in FreeBSD 4... I suspect it has started working after the -HEAD upgrade due to lease timeouts or such - not because you're running a different OS.

n00balert · Aug 1, 2013

@throAU, It's puzzling for me too. ISP interface i.e. nfe0 is not part of any bridge. It comes up on its own with DHCP enabled.

throAU · Aug 1, 2013

You have configured a bridge0 interface though.

Why? If it isn't needed, I'd get rid of it entirely.

n00balert · Aug 2, 2013

I'm bridging eth0 wlan0 tap0 for ease of management. (Laziness in other words).

throAU · Aug 2, 2013

n00balert said:
I'm bridging eth0,wlan0,tap0 for ease of management. (Laziness in other words).

LOL, at least you admit it

Pro-tip though: Laziness on initial setup bites you down the track. However, that aside...

If you're definitely still seeing DHCP traffic between your modem and your clients (you should be able to verify this by running wireshark (or equivalent text mode packet capture) on nfe0 and watching for DHCP when you plug in or reboot a client machine) I suspect you may have run into a bug where FreeBSD is still bridging to nfe0 despite not being included in the bridge.

I suspect what you are doing (bridging to some interfaces, but not all) is not a common FreeBSD usage scenario, and it would not surprise me to see a bug in that situation.

MisterDX · Aug 2, 2013

I thought you wanted different IP space (subnets) for WLAN and LAN clients? In that case, you should set up DHCP with specific settings for each NIC em0 and wlan0 (and disable bridging) but I think you need to fix routing first.

Can you post a 'traceroute to google.com' from either your LAN-facing interfaces or better yet your Windows or MAC system? Both from the 10.xx and 192.xx leases if possible, and can you confirm that both leases have internet connectivity simultaneously or is it just one or the other?

The nfe0 needs to be in 'route' mode. In that case, broadcasts from your em0 and wlan0 would not get to your Cisco device and as a result not offer a lease.

n00balert · Aug 3, 2013

@throAU, if what you're saying is true, then I will probably check at some point with Wireshark to see what's really going on.

Hi @MisterDX, I did, correct. But I dropped the idea for laziness/ease of management. With modem lease (192.168.100.x) I don't get Internet connectivity.

traceroute from Mac client;

Code:

 myosx:~ n00b$ traceroute google.ca
 traceroute: Warning: google.ca has multiple addresses; using 173.194.33.31
 traceroute to google.ca (173.194.33.31), 64 hops max, 52 byte packets
  1  myhost.xxxxxxxx.com (10.0.0.254)  1.159 ms  0.669 ms  0.723 ms
  2  * * *
  3  xx.xx.xxx.xxx (xx.xx.xxx.xxx)  15.786 ms  10.752 ms  15.954 ms
  4  rc2bb-tge0-0-0-0.vc.shawcable.net (66.163.69.141)  13.753 ms  17.734 ms    15.820 ms
  5  rc2wt-pos1-0.wa.shawcable.net (66.163.76.142)  17.684 ms  27.036 ms  36.023 ms
  6  72.14.196.254 (72.14.196.254)  15.061 ms  26.132 ms  13.898 ms
  7  66.249.94.212 (66.249.94.212)  16.696 ms  14.867 ms  44.494 ms
  8  209.85.253.24 (209.85.253.24)  23.591 ms  15.107 ms  13.935 ms
  9  sea09s01-in-f31.1e100.net (173.194.33.31)  13.796 ms  14.209 ms  15.259 ms

traceroute from FreeBSD server:

Code:

$ traceroute google.ca
traceroute: Warning: google.ca has multiple addresses; using 173.194.33.23
traceroute to google.ca (173.194.33.23), 64 hops max, 52 byte packets
 1  * * *
 2  xx.xx.xxx.xxx (xx.xx.xxx.xxx)  10.252 ms  14.974 ms  16.105 ms
 3  rc2bb-tge0-4-0-0.vc.shawcable.net (66.163.69.45)  9.403 ms  19.356 ms  15.680 ms
 4  66.163.77.78 (66.163.77.78)  13.431 ms  15.976 ms  14.553 ms
 5  72.14.195.254 (72.14.195.254)  39.550 ms  13.458 ms  13.541 ms
 6  66.249.94.212 (66.249.94.212)  12.040 ms  13.498 ms  17.573 ms
 7  209.85.253.24 (209.85.253.24)  13.361 ms  13.387 ms  28.282 ms
 8  sea09s01-in-f23.1e100.net (173.194.33.23)  13.372 ms  15.431 ms  12.498 ms

I should probably remind you that the issue hasn't happened again, yet.

Thanks for your time and interest!