Turn off dhclient reversibly

Bill Evans at Mariposa

Bill Evans at Mariposa

I have a DSL modem which I use on a FreeBSD host to access the Internet; I use dhclient for this with no problem. But there's a wrinkle. The wrinkle is that I want to have, say, bge0 always have a purely local IP address, and sometimes have access to the Internet with an IP address provided by dhclient.

When FreeBSD first comes up, the host in question has non-DSL ip address 10.0.0.5, just as I want it.

Then, when I want to add access to the Internet, I do:
Code: 
dhclient bge0
... and I have Internet access, and ifconfig shows addresses 10.0.0.5 and 192.68.8.113 associated with bge0. This is just fine.

Then, later, I wish to remove bge0's access to the Internet. So when I do:
Code: 
ifconfig bge0 192.168.8.113 -alias
... things are exactly as I want: I no longer have access to the Internet, and 10.0.0.5 still remains.

But I also have to kill dhclient, because if I don't, then later when I want to do dhclient bge0 again, I get an error message patiently explaining to me that dhclient is already running.

Just doing the -alias is not sufficient. Just killing (HUP, TERM, KILL, it doesn't matter which) dhclient is not sufficient, because ifconfig shows, and experimentation confirms, that Internet access is still present.

So, to summarize:

  1. When FreeBSD comes up, bge0 is always associated with local address 10.0.0.5.
  2. When I want to add Internet connectivity to bge0, I say dhclient bge0.
  3. When I want to remove Internet connectivity from bge0, I say ifconfig bge0 192.168.8.113 -alias, followed by killing the dhclient process by hand.

And the question is this: is there a more, um, canonical, more correct, less klugey way than the two-step step 3 above to remove Internet access in such a way that I can do steps 2 and 3 repeatedly?

EDIT: (The interface name and the IP addresses shown in this question are simplified for clarity.)
 
You could write your own rc.d script that would enable you to parcel up whatever actions you want, with status checking as necessary, and integrate it with the standard service management in FreeBSD These scripts can be very flexible. Have a look at the guide to Practical rc.d scripting in BSD.

You didn't mention exactly what your end goal is, but it sounds like you want to be able to turn on and off connectivity to the Internet but retain connectivity to your network through the same interface. Rather than changing your network interface address configuration, you could consider using a firewall with rules that you can change on-the-fly to block or allow traffic from your DSL modem. For this approach, you might find it useful to have a read of the dhclient.conf(5) man page in addition to the Firewalls chapter in the FreeBSD handbook. dhclient(8) allows you to configure a static IP in addition to the one assigned by DHCP; look at the example.

In the configuration I'm suggesting, dhclient(8) would always be running to receive an address from your DSL modem, but traffic to/from the Internet would be filtered out by your firewall rules when you didn't want connectivity and allowed by your firewall rules when you did want connectivity.

In your configuration, contrary to Zare's suggestion, I would suggest allowing dhclient(8) to run asynchronously (default if you have DHCP as part of your ifconfig_bge0 line in /etc/rc.conf) as when your machine is not connected to your DSL modem, the start up process will continue, rather than wait for a dynamic IP address that will never arrive.
 
Zare said:
Try setting

Code: 
synchronous_dhclient="YES"

in /etc/rc.conf
Click to expand...
That would help if I wanted to use DHCP from the get-go, starting just after boot. But I want actually just the opposite: no DHCP until I ask for it, DHCP when I do, no DHCP again when I ask it to go away, and back and forth like that. I can do that with the three steps outlined in the original post. But my question was whether there was a more canonical or customary way to do step 3, rather than with the ungainly two-step of ifconfig ... -alias and killing dhclient.
 
asteriskRoss said:
You didn't mention exactly what your end goal is, but it sounds like you want to be able to turn on and off connectivity to the Internet but retain connectivity to your network through the same interface.
Click to expand...
Exactly. And there are legacy hosts on the local network ("legacy" meaning "I don't have time to change and test the characteristics of each of them) which are too knowledgeable about hard-wired IP addresses in the 10.0.0.* range, and know nothing of DHCP.

Lacking an elegant one-step solution, it looks like my two-step kluge is the way to go. But when I can get around to changing those legacy hosts, your suggestions have great merit.
 
My suggestion of writing an rc.d script was intended to parcel up your kludge into something you could run again and again without affecting your legacy hosts. A simpler script that didn't integrate with the service management stuff would work fine too, of course. You might also need to consider handling changes to your routing tables and /etc/resolv.conf for name resolution.

My suggestion of setting up a local firewall would also only affect your FreeBSD host. Personally, I prefer the firewall option as it gives you a consistent routing configuration and explicitly blocks traffic rather than relying on being unaddressable whilst remaining physically connected (unless you disconnect the cable to your DSL modem) to the Internet .
 
STUPIDITY ALERT

The following is a stupidity alert, for the sake of any who stumble upon this thread.

My initial observation was incorrect. It seems that when I do the ifconfig bge0 192.168.8.113 -alias dance, then dhclient notices this, removes the pid file from directory /var/run, and goes away, thus making this the elegant one-step process I was looking for. This whole thread is therefore useless, except that I got useful recommendations from asteriskRoss for future study.
 
Adding another network card would allow you to separate the different networks, and use still be able to use the firewall.
 
wblock@ said:
Adding another network card would allow you to separate the different networks, and use still be able to use the firewall.
Click to expand...
True, but since I sorted out my stupidity, I think it's cool that I can do everything I need to without adding hardware. I'll look at the firewall suggestions more closely later, but for now, I'm happy.
 
Bill Evans at Mariposa said:
My initial observation was incorrect. It seems that when I do the ifconfig bge0 192.168.8.113 -alias dance, then dhclient notices this, removes the pid file from directory /var/run, and goes away, thus making this the elegant one-step process I was looking for.
Click to expand...
Except when it doesn't. Sometimes it does, sometimes it doesn't. The answer, obviously, is to adopt a defensive posture when coding a script which brings a dhcp connection up or down.
 
You must log in or register to reply here.
Back
Top