DHCP coming from WAN when set to a static IP
-
I've been having some troubles with my main internet connection and wanted to ask here to see if someone can point to a resolution to this problem.
I recently contracted in some static IP addresses on my cable connection. Previously, I was just getting DHCP from the cable company, and it always worked like a champ– It rarely even changed IPs, which was of course desired, but I had a need for a few static IPs.
I noticed that when the cable company switched over my account, that I was still able to get DHCP from them. I thought they'd put my connection on a different broadcast domain that didn't have DHCP, but apparently this was not the case. So, awhile later, I eventually configured my WAN interface to one of the static IPs that they gave me, and that's been working fine until recently. Then I use alias IPs for the remaining IPs and NATs, etc....
Somewhat related to this, I've been having some random connectivity drops lately, and I've already engaged the ISP to try to fix this-- I believe it's a cable line quality issue somewhere, so hopefully they are able to find this. But regardless, the issue I'm seeing shouldn't be happening.
What I am seeing is occasionally when the cable connection drops and gets reset, it will try to serve me DHCP, and apparently, my PFsense box is picking this up and actually using this IP. This is confusing to me because that interface is set to static.
Does anyone know why this would be? How is this possible? Shouldn't PFsense not even be looking for DHCP traffic? It certainly shouldn't be sending out DHCPREQUEST messages, but it's very possible it is?
Any ideas how I can correct this behavior? It is causing some fairly annoying problems and "outages" because my static IP isn't actually working until I manually disable the interface, enable the interface, and apply.
I have ideas on how to correct this, but wanted thoughts before I try any:
-
Set WAN to DHCP, and just use virtual IPs for all my static needs, create inbound and NAT rules accordingly. Would this even work as I would expect? Also, not sure if the ISP would like this.
-
Hack the rc.newwanip script that is referenced in the logs to not accept addresses from DHCP on WAN?
I have attached my system logs, with my actual static IP blanked out as XX.XXX.XXX.195. You will see it flapping a bunch and getting a 192.168.100.20 address– this is a local address that the stupid cable modem gives off-- It can serve as a local gateway if you hook-up multiple computers to it, I guess? Once the cable line actually comes back, you then see the "system has detected an ip change 192.168.100.20 -> 72.23.147.248" message. This is the DHCP public address I was given most recently when this happened, and it is not the static IP that I have defined in the WAN interface.
I have looked at the cable modem itself and I cannot modify anything on it. Perhaps I need to talk the the ISP to turn off these DHCP things, since I have no need for DHCP on connection?
Thoughts? Thanks for your help.
TL;DR: Have static IP on WAN, but when cable WAN resets, sometimes get a DHCP lease applied to the interface. Why? And what do I do to fix it? Should I report this as a bug?
pfsenseWANissue.txt -
-
TL;DR: Have static IP on WAN, but when cable WAN resets, sometimes get a DHCP lease applied to the interface. Why? And what do I do to fix it? Should I report this as a bug?
Go to interfaces, wan, dhcp client configuration. Then enter your cable modem ip address in the 'reject leases from' box.
You can also add an OPT interface to pfSense, so clients on the lan can get to the cable modem web management page. IE, my cable modem is at 192.168.100.1, I added OPT1 as 192.168.100.5.
-
TL;DR: Have static IP on WAN, but when cable WAN resets, sometimes get a DHCP lease applied to the interface. Why? And what do I do to fix it? Should I report this as a bug?
Go to interfaces, wan, dhcp client configuration. Then enter your cable modem ip address in the 'reject leases from' box.
You can also add an OPT interface to pfSense, so clients on the lan can get to the cable modem web management page. IE, my cable modem is at 192.168.100.1, I added OPT1 as 192.168.100.5.
Thank you for the reply.
At first I couldn't find what you suggested. But then I switched the interface to DHCP and saw it… but it is not desired for it to be set to DHCP. I'd like it to be a static interface if possible. I'm really thinking this might be a bug in pfsense.
I'm already able to get to the cable modem management interface-- it just doesn't provide anything useful.
-
Hmm, sorry I missed that.
it will try to serve me DHCP, and apparently, my PFsense box is picking this up
The server should not send DHCPOFFER without first seeing a DHCPDISCOVER from you (pfSense), but evidently it does. It does sound like a bug in pfSense, if you've turned DHCP off and pfSense still sends a DHCPREQUEST accepting the ip address.
Can you get a trace of that DHCPDISCOVER, DHCPOFFER, DHCPREQUEST and DHCPACK exchange?
Maybe it's an ARP issue, with your MAC still in a cache?
-
Hmm, sorry I missed that.
it will try to serve me DHCP, and apparently, my PFsense box is picking this up
Can you get a trace of that DHCPDISCOVER, DHCPOFFER, DHCPREQUEST and DHCPACK exchange?
Maybe it's an ARP issue, with your MAC still in a cache?
I can try… should I just capture UDP on port 67 on the WAN port? It isn't readily reproducible, so I might need to capture for a few days before I see it. It might be possible for me to "cause" the failure by unhooking the coax, etc...
Can you elaborate on the ARP issue? Still in the ISP's cache? Do you think if I switch interfaces around it could help with the issue? The IP I get from them is different from what I had from before I switched to static.
If the ISP can find the connection stability problem, I suspect it will greatly improve this situation, but it'd still be something I would want to function correctly. I suppose I can try to track down this issue before the ISP gets the stability problem fixed just so I have a good test bed.
-
Your ISP should be out of the picture, right? Your cable modem is the one issuing the address, if I understand correctly. So, cm notices link to ISP is down, cm hands out a dhcp address for 192.168.100.x.
Or do you have two issues: one being a local address from the cm when the link goes down, and two being an incorrect IP coming from the ISP when the link comes up? Guess I should read the logs you posted before I dig a deeper hole for myself …
Swapping interfaces would be an interesting test.
-
Your ISP should be out of the picture, right? Your cable modem is the one issuing the address, if I understand correctly. So, cm notices link to ISP is down, cm hands out a dhcp address for 192.168.100.x.
I think that is correct– stupid cm trying to be a NAT router or something.
Or do you have two issues: one being a local address from the cm when the link goes down, and two being an incorrect IP coming from the ISP when the link comes up?
I think only one issue– the DHCP being picked up and used by the pfsense when the interface is set to static-- possible sometime in the period of flapping around when the connection resets. Therefore-- exacerbated by the internet connection's current instability.