[RESOLVED] Problem with Cox cable-modem and pfSense with IPv6 routing on pfSense LAN side

Derelict

Thanks for that info.

You do need to make sure pfSense is not blocking Private Networks, RFC 1918 & 4193 (bottom of the Interfaces settings page) as Cox appears to use some of the private ranges (v4 and v6)  for their internal network.

That would only matter if you are trying to accept inbound connections from those networks. Nobody should be doing that.

stan-qaz

Cox doesn't seem to work right for me if I check the block 1918 box. This came up several years ago in this topic:

https://forum.pfsense.org/index.php?topic=66289.msg361564#msg361564

The Cox Cable tech support folks position is that they are within the RFC 1918 rules with these addresses as they stay on the private Cox Cable system and are not passed to the Internet.

and a quote from the link to DSL Reports Cox forum, the Cox Tech rep there:

CoxTech1

That' correct.  These IP's are being used within the Cox network and not being used for routing across the public Internet.

I can't break anything until late tonight but if you want me to try some testing tell me what you'd like to see and I'll try doing it then.

Derelict

I am merely stating what rules that checkbox puts in place and their effect.

Unless you are receiving inbound connections into WAN from those addresses they have zero effect, regardless of what an ISP thinks. If they tell you you need to allow that, you should be asking many more questions.

block anything from private networks on interfaces with the option set

block in log quick on $WAN from 10.0.0.0/8 to any tracker 12000 label "Block private networks from WAN block 10/8"
block in log quick on $WAN from 127.0.0.0/8 to any tracker 12000 label "Block private networks from WAN block 127/8"
block in log quick on $WAN from 172.16.0.0/12 to any tracker 12000 label "Block private networks from WAN block 172.16/12"
block in log quick on $WAN from 192.168.0.0/16 to any tracker 12000 label "Block private networks from WAN block 192.168/16"
block in log quick on $WAN from fc00::/7 to any tracker 12000 label "Block ULA networks from WAN block fc00::/7"

stan-qaz

Edited to change Bogons to Private Networks which is what I meant to say.

Derelict, I just took my network down for a few minutes to play with this again.

If I have (not Bogons) private networks blocked I can't connect to the Cox DHCP server to get IP addresses for my WAN if I attempt to renew them.

If I allow (not Bogons) private networks I have no issues getting a response from the Cox DHCP server and both v4 and v6 IP addresses for my WAN.

Cox does things their way and there is nothing we customers can do to change that so we just have to puzzle out the problems they cause and hopefully solutions. They don't even warn us about the strange stuff, tripping over it is your first indication there is something wrong.

Other topics discussing this:

https://www.dslreports.com/forum/r30380140-RFC1918-DHCP-servers-on-COX-network

Had a fun one today. COX is using 10.0.0.0/8 addresses and 172.16.0.0/12 addresses on their WAN. This causes a headache for the end subscriber if one is blocking RFC1918 addresses on their WAN interface, as it may break DHCP.

http://www.techexams.net/forums/off-topic/114996-cox-using-rfc1918-addresses-their-wan.html

When setting up my router a few weeks ago I found I had to unblock 10.36.96.1 on my WAN interface for DHCP client and server.

Derelict

I have Cox IPv4 and IPv6 and I have to do no such thing.

I would be curious to see what was logged in the filter log when it failed.

stan-qaz

With Private Networks blocked I'm seeing the Status_Interfaces browser activity spinner just continue to spin after I press the "Release" button until the page times out.

No IPs are shown on the pfSense home/status page and both gateways, v4 and v6 offline.

If I allow the private networks, save and apply, then I'm getting IPs and the gateways come up. See the second set of logs.

System Log snips: (private networks blocked)

May 16 20:36:21	kernel		arpresolve: can't allocate llinfo for 68.0.155.1 on igb0
May 16 20:36:21	kernel		arpresolve: can't allocate llinfo for 68.0.155.1 on igb0
May 16 20:36:20	kernel		arpresolve: can't allocate llinfo for 68.0.155.1 on igb0
May 16 20:36:19	kernel		arpresolve: can't allocate llinfo for 68.0.155.1 on igb0
May 16 20:36:19	kernel		arpresolve: can't allocate llinfo for 68.0.155.1 on igb0
May 16 20:36:18	kernel		arpresolve: can't allocate llinfo for 68.0.155.1 on igb0
May 16 20:36:17	kernel		arpresolve: can't allocate llinfo for 68.0.155.1 on igb0

May 16 20:36:02	kernel		cannot forward src fe80:2::de4a:3eff:fe4b:589, dst 2600:8800:2d81:5700:208:a2ff:fe0a:6b62, nxt 58, rcvif igb1, outif igb0

May 16 20:35:43	kernel		cannot forward src fe80:2::1a66:daff:fe29:6fd0, dst 2600:8800:2d81:5700:208:a2ff:fe0a:6b62, nxt 58, rcvif igb1, outif igb0
May 16 20:35:43	kernel		arpresolve: can't allocate llinfo for 68.0.155.1 on igb0
May 16 20:35:41	php-fpm	325	/rc.newipsecdns: IPsec ERROR: Could not find phase 1 source for connection . Omitting from configuration file.
May 16 20:35:41	check_reload_status		Reloading filter
May 16 20:35:41	php-fpm	325	/rc.newipsecdns: IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing.

May 16 20:35:27	kernel		arpresolve: can't allocate llinfo for 68.0.155.1 on igb0
May 16 20:35:26	php-fpm	326	/rc.dyndns.update: Dynamic DNS (all.dnsomatic.com) There was an error trying to determine the public IP for interface - wan (igb0 ).
May 16 20:35:26	kernel		arpresolve: can't allocate llinfo for 68.0.155.1 on igb0
May 16 20:35:25	check_reload_status		Reloading filter
May 16 20:35:25	check_reload_status		Restarting OpenVPN tunnels/interfaces
May 16 20:35:25	check_reload_status		Restarting ipsec tunnels
May 16 20:35:25	check_reload_status		updating dyndns WAN_DHCP
May 16 20:35:25	rc.gateway_alarm	94721	>>> Gateway alarm: WAN_DHCP (Addr:68.0.155.1 Alarm:1 RTT:7899ms RTTsd:2017ms Loss:21%)
May 16 20:35:21	kernel		arpresolve: can't allocate llinfo for 68.0.155.1 on igb0

Firewall log doesn't show any new entries.

DHCP Log:

May 16 20:35:10	dhcp6c	20230	exiting
May 16 20:35:10	dhcp6c	20230	status code: success
May 16 20:35:10	dhcp6c	20230	dhcp6c Received RELEASE
May 16 20:35:10	dhcp6c	20230	status code: success
May 16 20:35:10	dhcp6c	20230	dhcp6c Received RELEASE
May 16 20:35:10	dhcp6c	20230	remove an address 2600:8800:2d81:5702:208:a2ff:fe0a:6b64/64 on igb3
May 16 20:35:10	dhcp6c	20230	remove an address 2600:8800:2d81:5701:208:a2ff:fe0a:6b63/64 on igb2
May 16 20:35:10	dhcp6c	20230	remove an address 2600:8800:2d81:5700:208:a2ff:fe0a:6b62/64 on igb1
May 16 20:35:10	dhcp6c	20230	Sending Release
May 16 20:35:10	dhcp6c	20230	Start address release
May 16 20:35:10	dhcp6c	20230	remove an address 2600:8800:ff06:1b00:509d:6ce5:a640:8277/128 on igb0
May 16 20:35:10	dhcp6c	20230	Sending Release
May 16 20:35:10	dhcp6c	20230	Start address release
May 16 20:35:10	dhclient	10757	exiting.
May 16 20:35:10	dhclient	10757	connection closed
May 16 20:35:10	dhclient		FAIL
May 16 20:35:10	dhclient		Deleting old routes
May 16 20:35:10	dhclient		RELEASE
May 16 20:35:10	dhclient		DHCPRELEASE on igb0 to 172.19.73.165 port 67
May 16 20:35:10	dhclient		Sending on Socket/fallback
May 16 20:35:10	dhclient		Sending on BPF/igb0/00:08:a2:0a:6b:61
May 16 20:35:10	dhclient		Listening on BPF/igb0/00:08:a2:0a:6b:61
May 16 20:35:10	dhclient		For info, please visit https://www.isc.org/software/dhcp/
May 16 20:35:10	dhclient		All rights reserved.
May 16 20:35:10	dhclient		Copyright 2004-2018 Internet Systems Consortium.
May 16 20:35:10	dhclient		Internet Systems Consortium DHCP Client 4.3.6-P1

=================

System Log: (private networks allowed)

May 16 20:46:39	php-fpm	3193	/rc.start_packages: Restarting/Starting all packages.
May 16 20:46:38	check_reload_status		Starting packages
May 16 20:46:38	php-fpm	6468	/rc.newwanipv6: pfSense package system has detected an IP change or dynamic WAN reconnection - 2600:8800:ff06:1b00:7526:f882:524d:f48b -> 2600:8800:ff06:1b00:545c:6314:4295:8fbf - Restarting packages.
May 16 20:46:38	php-fpm	6468	/rc.newwanipv6: Creating rrd update script
May 16 20:46:38	php-fpm	6468	/rc.newwanipv6: Resyncing OpenVPN instances for interface WAN.
May 16 20:46:38	php-fpm	6468	/rc.newwanipv6: Ignoring IPsec reload since there are no tunnels on interface wan
May 16 20:46:37	php-fpm	6468	/rc.newwanipv6: phpDynDNS (all.dnsomatic.com): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry.
May 16 20:46:36	php-cgi		notify_monitor.php: Message sent to pfsense@stanmiller.info OK
May 16 20:46:35	dhcpleases		kqueue error: unkown
May 16 20:46:34	dhcpleases		Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process.
May 16 20:46:34	php-fpm	325	/rc.start_packages: Restarting/Starting all packages.
May 16 20:46:34	dhcpleases		/etc/hosts changed size from original!
May 16 20:46:34	php-fpm	325	/rc.newipsecdns: IPsec ERROR: Could not find phase 1 source for connection . Omitting from configuration file.
May 16 20:46:34	check_reload_status		Reloading filter
May 16 20:46:34	php-fpm	325	/rc.newipsecdns: IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing.
May 16 20:46:33	check_reload_status		Starting packages
May 16 20:46:33	php-fpm	326	/rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - 68.0.155.238 -> 68.0.159.52 - Restarting packages.
May 16 20:46:32	php-fpm	6468	/rc.newwanipv6: The command '/sbin/ifconfig igb0 inet6 2600:8800:ff06:1b00:7526:f882:524d:f48b delete' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
May 16 20:46:32	check_reload_status		Reloading filter
May 16 20:46:32	php-fpm	6468	/rc.newwanipv6: Removing static route for monitor fe80::242:5aff:fe9e:ac19 and adding a new route through fe80::242:5aff:fe9e:ac19%igb0
May 16 20:46:32	php-fpm	6468	/rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::242:5aff:fe9e:ac19%igb0
May 16 20:46:32	php-fpm	6468	/rc.newwanipv6: ROUTING: setting default route to 68.0.159.1
May 16 20:46:31	php-fpm	326	/rc.newwanip: Creating rrd update script
May 16 20:46:31	php-fpm	326	/rc.newwanip: Resyncing OpenVPN instances for interface WAN.
May 16 20:46:31	php-fpm	326	/rc.newwanip: Ignoring IPsec reload since there are no tunnels on interface wan
May 16 20:46:31	dhcpleases		kqueue error: unkown
May 16 20:46:30	dhcpleases		Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process.
May 16 20:46:30	dhcpleases		/etc/hosts changed size from original!
May 16 20:46:30	php-fpm	326	/rc.newwanip: phpDynDNS (all.dnsomatic.com): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry.
May 16 20:46:30	php-fpm	30881	/rc.dyndns.update: DNS-O-Matic (all.dnsomatic.com): (Success) IP Address Changed Successfully! (68.0.159.52)
May 16 20:46:30	php-fpm	30881	/rc.dyndns.update: phpDynDNS: updating cache file /conf/dyndns_wandnsomatic'all.dnsomatic.com'0.cache: 68.0.159.52
May 16 20:46:28	dhcpleases		kqueue error: unkown
May 16 20:46:28	dhcpleases		Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process.
May 16 20:46:28	dhcpleases		/etc/hosts changed size from original!
May 16 20:46:25	dhcpleases		kqueue error: unkown
May 16 20:46:25	dhcpleases		Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process.
May 16 20:46:25	php-fpm	3193	/interfaces.php: Creating rrd update script
May 16 20:46:25	check_reload_status		Reloading filter
May 16 20:46:24	dhcpleases		/etc/hosts changed size from original!
May 16 20:46:24	php-fpm	3193	/interfaces.php: Removing static route for monitor fe80::242:5aff:fe9e:ac19 and adding a new route through fe80::242:5aff:fe9e:ac19%igb0
May 16 20:46:24	dhcpleases		Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process.
May 16 20:46:24	dhcpleases		Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process.
May 16 20:46:22	check_reload_status		updating dyndns wan
May 16 20:46:22	php-fpm	6468	/rc.newwanipv6: rc.newwanipv6: on (IP address: 2600:8800:ff06:1b00:545c:6314:4295:8fbf) (interface: wan) (real interface: igb0).
May 16 20:46:22	php-fpm	6468	/rc.newwanipv6: rc.newwanipv6: Info: starting on igb0.
May 16 20:46:21	dhcpleases		kqueue error: unkown
May 16 20:46:21	php-fpm	326	/rc.newwanip: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '[1526528781] unbound[19892:0] error: bind: address already in use [1526528781] unbound[19892:0] fatal error: could not open ports'
May 16 20:46:20	dhcpleases		kqueue error: unkown
May 16 20:46:20	rtsold		Starting dhcp6 client for interface wan(igb0)
May 16 20:46:20	rtsold		Received RA specifying route fe80::242:5aff:fe9e:ac19 for interface wan(igb0)
May 16 20:46:19	dhcpleases		Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process.
May 16 20:46:19	dhcpleases		/etc/hosts changed size from original!
May 16 20:46:19	dhcpleases		Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process.
May 16 20:46:19	dhcpleases		/etc/hosts changed size from original!
May 16 20:46:18	check_reload_status		Restarting ipsec tunnels
May 16 20:46:18	php-fpm	3193	/interfaces.php: ROUTING: setting default route to 68.0.159.1
May 16 20:46:17	php-fpm	326	/rc.newwanip: ROUTING: setting default route to 68.0.159.1
May 16 20:46:17	php-fpm	326	/rc.newwanip: IP Address has changed, killing states on former IP Address 68.0.155.238.
May 16 20:46:17	dhcpleases		/etc/hosts changed size from original!
May 16 20:46:17	php-fpm	326	/rc.newwanip: rc.newwanip: on (IP address: 68.0.159.52) (interface: WAN[wan]) (real interface: igb0).
May 16 20:46:17	php-fpm	326	/rc.newwanip: rc.newwanip: Info: starting on igb0.
May 16 20:46:16	php-fpm	3193	/interfaces.php: Starting rtsold process
May 16 20:46:16	php-fpm	3193	/interfaces.php: Accept router advertisements on interface igb0
May 16 20:46:16	php-fpm	3193	/interfaces.php: calling interface_dhcpv6_configure.
May 16 20:46:16	check_reload_status		rc.newwanip starting igb0
May 16 20:46:10	check_reload_status		Syncing firewall

Firewall log is still empty.

DHCP Log:

May 16 20:46:37	dhcpd		Server starting service.
May 16 20:46:37	dhcpd		Sending on Socket/5/igb1/2600:8800:2d81:5700::/64
May 16 20:46:37	dhcpd		Listening on Socket/5/igb1/2600:8800:2d81:5700::/64
May 16 20:46:37	dhcpd		Sending on Socket/5/igb2/2600:8800:2d81:5701::/64
May 16 20:46:37	dhcpd		Listening on Socket/5/igb2/2600:8800:2d81:5701::/64
May 16 20:46:37	dhcpd		Sending on Socket/5/igb3/2600:8800:2d81:5702::/64
May 16 20:46:37	dhcpd		Listening on Socket/5/igb3/2600:8800:2d81:5702::/64
May 16 20:46:37	dhcpd		Bound to *:547
May 16 20:46:37	dhcpd		Wrote 0 NA, 0 TA, 0 PD leases to lease file.
May 16 20:46:37	dhcpd		Wrote 0 new dynamic host decls to leases file.
May 16 20:46:37	dhcpd		Wrote 0 deleted host decls to leases file.
May 16 20:46:37	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
May 16 20:46:37	dhcpd		All rights reserved.
May 16 20:46:37	dhcpd		Copyright 2004-2018 Internet Systems Consortium.
May 16 20:46:37	dhcpd		Internet Systems Consortium DHCP Server 4.3.6-P1
May 16 20:46:37	dhcpd		PID file: /var/run/dhcpdv6.pid
May 16 20:46:37	dhcpd		Database file: /var/db/dhcpd6.leases
May 16 20:46:37	dhcpd		Config file: /etc/dhcpdv6.conf
May 16 20:46:37	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
May 16 20:46:37	dhcpd		All rights reserved.
May 16 20:46:37	dhcpd		Copyright 2004-2018 Internet Systems Consortium.
May 16 20:46:37	dhcpd		Internet Systems Consortium DHCP Server 4.3.6-P1
May 16 20:46:36	dhcpleases		Sending HUP signal to dns daemon(83690)
May 16 20:46:36	dhcpd		Server starting service.
May 16 20:46:36	dhcpleases		Sending HUP signal to dns daemon(83690)
May 16 20:46:36	dhcpd		Sending on Socket/fallback/fallback-net
May 16 20:46:36	dhcpd		Sending on BPF/igb1/00:08:a2:0a:6b:62/172.16.0.0/24
May 16 20:46:36	dhcpd		Listening on BPF/igb1/00:08:a2:0a:6b:62/172.16.0.0/24
May 16 20:46:36	dhcpd		Sending on BPF/igb2/00:08:a2:0a:6b:63/172.16.1.0/24
May 16 20:46:36	dhcpd		Listening on BPF/igb2/00:08:a2:0a:6b:63/172.16.1.0/24
May 16 20:46:36	dhcpd		Sending on BPF/igb3/00:08:a2:0a:6b:64/172.16.2.0/24
May 16 20:46:36	dhcpd		Listening on BPF/igb3/00:08:a2:0a:6b:64/172.16.2.0/24
May 16 20:46:36	dhcpd		Wrote 1 leases to leases file.
May 16 20:46:36	dhcpd		Wrote 0 new dynamic host decls to leases file.
May 16 20:46:36	dhcpd		Wrote 0 deleted host decls to leases file.
May 16 20:46:36	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
May 16 20:46:36	dhcpd		All rights reserved.
May 16 20:46:36	dhcpd		Copyright 2004-2018 Internet Systems Consortium.
May 16 20:46:36	dhcpd		Internet Systems Consortium DHCP Server 4.3.6-P1
May 16 20:46:36	dhcpd		PID file: /var/run/dhcpd.pid
May 16 20:46:36	dhcpd		Database file: /var/db/dhcpd.leases
May 16 20:46:36	dhcpd		Config file: /etc/dhcpd.conf
May 16 20:46:36	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
May 16 20:46:36	dhcpd		All rights reserved.
May 16 20:46:36	dhcpd		Copyright 2004-2018 Internet Systems Consortium.
May 16 20:46:36	dhcpd		Internet Systems Consortium DHCP Server 4.3.6-P1
May 16 20:46:35	dhcpleases		Sending HUP signal to dns daemon(83690)
May 16 20:46:35	dhcpleases		kqueue error: unkown
May 16 20:46:34	dhcpleases		Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process.
May 16 20:46:34	dhcpleases		Sending HUP signal to dns daemon(27486)
May 16 20:46:34	dhcpleases		/etc/hosts changed size from original!
May 16 20:46:32	dhcpd		Server starting service.
May 16 20:46:32	dhcpd		Sending on Socket/5/igb1/2600:8800:2d81:5700::/64
May 16 20:46:32	dhcpd		Listening on Socket/5/igb1/2600:8800:2d81:5700::/64
May 16 20:46:32	dhcpd		Sending on Socket/5/igb2/2600:8800:2d81:5701::/64
May 16 20:46:32	dhcpd		Listening on Socket/5/igb2/2600:8800:2d81:5701::/64
May 16 20:46:32	dhcpd		Sending on Socket/5/igb3/2600:8800:2d81:5702::/64
May 16 20:46:32	dhcpd		Listening on Socket/5/igb3/2600:8800:2d81:5702::/64
May 16 20:46:32	dhcpd		Bound to *:547
May 16 20:46:32	dhcpd		Wrote 0 NA, 0 TA, 0 PD leases to lease file.
May 16 20:46:32	dhcpd		Wrote 0 new dynamic host decls to leases file.
May 16 20:46:32	dhcpd		Wrote 0 deleted host decls to leases file.
May 16 20:46:32	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
May 16 20:46:32	dhcpd		All rights reserved.
May 16 20:46:32	dhcpd		Copyright 2004-2018 Internet Systems Consortium.
May 16 20:46:32	dhcpd		Internet Systems Consortium DHCP Server 4.3.6-P1
May 16 20:46:32	dhcpd		PID file: /var/run/dhcpdv6.pid
May 16 20:46:32	dhcpd		Database file: /var/db/dhcpd6.leases
May 16 20:46:32	dhcpd		Config file: /etc/dhcpdv6.conf
May 16 20:46:32	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
May 16 20:46:32	dhcpd		All rights reserved.
May 16 20:46:32	dhcpd		Copyright 2004-2018 Internet Systems Consortium.
May 16 20:46:32	dhcpd		Internet Systems Consortium DHCP Server 4.3.6-P1
May 16 20:46:31	dhcpleases		Sending HUP signal to dns daemon(27486)
May 16 20:46:31	dhcpleases		kqueue error: unkown
May 16 20:46:30	dhcpleases		Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process.
May 16 20:46:30	dhcpleases		Sending HUP signal to dns daemon(4931)
May 16 20:46:30	dhcpleases		/etc/hosts changed size from original!
May 16 20:46:29	dhcpd		Server starting service.
May 16 20:46:29	dhcpd		Sending on Socket/5/igb1/2600:8800:2d81:5700::/64
May 16 20:46:29	dhcpd		Listening on Socket/5/igb1/2600:8800:2d81:5700::/64
May 16 20:46:29	dhcpd		Sending on Socket/5/igb2/2600:8800:2d81:5701::/64
May 16 20:46:29	dhcpd		Listening on Socket/5/igb2/2600:8800:2d81:5701::/64
May 16 20:46:29	dhcpd		Sending on Socket/5/igb3/2600:8800:2d81:5702::/64
May 16 20:46:29	dhcpd		Listening on Socket/5/igb3/2600:8800:2d81:5702::/64
May 16 20:46:29	dhcpd		Bound to *:547
May 16 20:46:29	dhcpd		Wrote 0 NA, 0 TA, 0 PD leases to lease file.
May 16 20:46:29	dhcpd		Wrote 0 new dynamic host decls to leases file.
May 16 20:46:29	dhcpd		Wrote 0 deleted host decls to leases file.
May 16 20:46:29	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
May 16 20:46:29	dhcpd		All rights reserved.
May 16 20:46:29	dhcpd		Copyright 2004-2018 Internet Systems Consortium.
May 16 20:46:29	dhcpd		Internet Systems Consortium DHCP Server 4.3.6-P1
May 16 20:46:29	dhcpd		PID file: /var/run/dhcpdv6.pid
May 16 20:46:29	dhcpd		Database file: /var/db/dhcpd6.leases
May 16 20:46:29	dhcpd		Config file: /etc/dhcpdv6.conf
May 16 20:46:29	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
May 16 20:46:29	dhcpd		All rights reserved.
May 16 20:46:29	dhcpd		Copyright 2004-2018 Internet Systems Consortium.
May 16 20:46:29	dhcpd		Internet Systems Consortium DHCP Server 4.3.6-P1
May 16 20:46:28	dhcpleases		Sending HUP signal to dns daemon(4931)
May 16 20:46:28	dhcpleases		kqueue error: unkown
May 16 20:46:28	dhcpleases		Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process.
May 16 20:46:28	dhcpleases		Sending HUP signal to dns daemon(68537)
May 16 20:46:28	dhcpleases		/etc/hosts changed size from original!
May 16 20:46:26	dhcpd		Server starting service.
May 16 20:46:26	dhcpd		Sending on Socket/5/igb1/2600:8800:2d81:5700::/64
May 16 20:46:26	dhcpd		Listening on Socket/5/igb1/2600:8800:2d81:5700::/64
May 16 20:46:26	dhcpd		Sending on Socket/5/igb2/2600:8800:2d81:5701::/64
May 16 20:46:26	dhcpd		Listening on Socket/5/igb2/2600:8800:2d81:5701::/64
May 16 20:46:26	dhcpd		Sending on Socket/5/igb3/2600:8800:2d81:5702::/64
May 16 20:46:26	dhcpd		Listening on Socket/5/igb3/2600:8800:2d81:5702::/64
May 16 20:46:26	dhcpd		Bound to *:547
May 16 20:46:26	dhcpd		Wrote 0 NA, 0 TA, 0 PD leases to lease file.
May 16 20:46:26	dhcpd		Wrote 0 new dynamic host decls to leases file.
May 16 20:46:26	dhcpd		Wrote 0 deleted host decls to leases file.
May 16 20:46:26	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
May 16 20:46:26	dhcpd		All rights reserved.
May 16 20:46:26	dhcpd		Copyright 2004-2018 Internet Systems Consortium.
May 16 20:46:26	dhcpd		Internet Systems Consortium DHCP Server 4.3.6-P1
May 16 20:46:26	dhcpd		PID file: /var/run/dhcpdv6.pid
May 16 20:46:26	dhcpd		Database file: /var/db/dhcpd6.leases
May 16 20:46:26	dhcpd		Config file: /etc/dhcpdv6.conf
May 16 20:46:26	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
May 16 20:46:26	dhcpd		All rights reserved.
May 16 20:46:26	dhcpd		Copyright 2004-2018 Internet Systems Consortium.
May 16 20:46:26	dhcpd		Internet Systems Consortium DHCP Server 4.3.6-P1
May 16 20:46:25	dhcpleases		Sending HUP signal to dns daemon(68537)
May 16 20:46:25	dhcpleases		kqueue error: unkown
May 16 20:46:25	dhcpd		Server starting service.
May 16 20:46:25	dhcpd		Sending on Socket/5/igb1/2600:8800:2d81:5700::/64
May 16 20:46:25	dhcpd		Listening on Socket/5/igb1/2600:8800:2d81:5700::/64
May 16 20:46:25	dhcpd		Sending on Socket/5/igb2/2600:8800:2d81:5701::/64
May 16 20:46:25	dhcpd		Listening on Socket/5/igb2/2600:8800:2d81:5701::/64
May 16 20:46:25	dhcpd		Sending on Socket/5/igb3/2600:8800:2d81:5702::/64
May 16 20:46:25	dhcpd		Listening on Socket/5/igb3/2600:8800:2d81:5702::/64
May 16 20:46:25	dhcpd		Bound to *:547
May 16 20:46:25	dhcpd		Wrote 0 NA, 0 TA, 0 PD leases to lease file.
May 16 20:46:25	dhcpd		Wrote 0 new dynamic host decls to leases file.
May 16 20:46:25	dhcpd		Wrote 0 deleted host decls to leases file.
May 16 20:46:25	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
May 16 20:46:25	dhcpd		All rights reserved.
May 16 20:46:25	dhcpd		Copyright 2004-2018 Internet Systems Consortium.
May 16 20:46:25	dhcpd		Internet Systems Consortium DHCP Server 4.3.6-P1
May 16 20:46:25	dhcpd		PID file: /var/run/dhcpdv6.pid
May 16 20:46:25	dhcpd		Database file: /var/db/dhcpd6.leases
May 16 20:46:25	dhcpd		Config file: /etc/dhcpdv6.conf
May 16 20:46:25	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
May 16 20:46:25	dhcpd		All rights reserved.
May 16 20:46:25	dhcpd		Copyright 2004-2018 Internet Systems Consortium.
May 16 20:46:25	dhcpd		Internet Systems Consortium DHCP Server 4.3.6-P1
May 16 20:46:25	dhcpleases		Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process.
May 16 20:46:25	dhcpleases		Sending HUP signal to dns daemon(11710)
May 16 20:46:24	dhcpleases		/etc/hosts changed size from original!
May 16 20:46:24	dhcpleases		Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process.
May 16 20:46:24	dhcpleases		Sending HUP signal to dns daemon(11710)
May 16 20:46:24	dhcpd		Server starting service.
May 16 20:46:24	dhcpleases		Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process.
May 16 20:46:24	dhcpleases		Sending HUP signal to dns daemon(11710)
May 16 20:46:24	dhcpd		Sending on Socket/fallback/fallback-net
May 16 20:46:24	dhcpd		Sending on BPF/igb1/00:08:a2:0a:6b:62/172.16.0.0/24
May 16 20:46:24	dhcpd		Listening on BPF/igb1/00:08:a2:0a:6b:62/172.16.0.0/24
May 16 20:46:24	dhcpd		Sending on BPF/igb2/00:08:a2:0a:6b:63/172.16.1.0/24
May 16 20:46:24	dhcpd		Listening on BPF/igb2/00:08:a2:0a:6b:63/172.16.1.0/24
May 16 20:46:24	dhcpd		Sending on BPF/igb3/00:08:a2:0a:6b:64/172.16.2.0/24
May 16 20:46:24	dhcpd		Listening on BPF/igb3/00:08:a2:0a:6b:64/172.16.2.0/24
May 16 20:46:24	dhcpd		Wrote 1 leases to leases file.
May 16 20:46:24	dhcpd		Wrote 0 new dynamic host decls to leases file.
May 16 20:46:24	dhcpd		Wrote 0 deleted host decls to leases file.
May 16 20:46:24	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
May 16 20:46:24	dhcpd		All rights reserved.
May 16 20:46:24	dhcpd		Copyright 2004-2018 Internet Systems Consortium.
May 16 20:46:24	dhcpd		Internet Systems Consortium DHCP Server 4.3.6-P1
May 16 20:46:24	dhcpd		PID file: /var/run/dhcpd.pid
May 16 20:46:24	dhcpd		Database file: /var/db/dhcpd.leases
May 16 20:46:24	dhcpd		Config file: /etc/dhcpd.conf
May 16 20:46:24	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
May 16 20:46:24	dhcpd		All rights reserved.
May 16 20:46:24	dhcpd		Copyright 2004-2018 Internet Systems Consortium.
May 16 20:46:24	dhcpd		Internet Systems Consortium DHCP Server 4.3.6-P1
May 16 20:46:22	dhcpd		Server starting service.
May 16 20:46:22	dhcpd		Sending on Socket/5/igb1/2600:8800:2d81:5700::/64
May 16 20:46:22	dhcpd		Listening on Socket/5/igb1/2600:8800:2d81:5700::/64
May 16 20:46:22	dhcpd		Sending on Socket/5/igb2/2600:8800:2d81:5701::/64
May 16 20:46:22	dhcpd		Listening on Socket/5/igb2/2600:8800:2d81:5701::/64
May 16 20:46:22	dhcpd		Sending on Socket/5/igb3/2600:8800:2d81:5702::/64
May 16 20:46:22	dhcpd		Listening on Socket/5/igb3/2600:8800:2d81:5702::/64
May 16 20:46:22	dhcpd		Bound to *:547
May 16 20:46:22	dhcpd		Wrote 0 NA, 0 TA, 0 PD leases to lease file.
May 16 20:46:22	dhcpd		Wrote 0 new dynamic host decls to leases file.
May 16 20:46:22	dhcpd		Wrote 0 deleted host decls to leases file.
May 16 20:46:22	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
May 16 20:46:22	dhcpd		All rights reserved.
May 16 20:46:22	dhcpd		Copyright 2004-2018 Internet Systems Consortium.
May 16 20:46:22	dhcpd		Internet Systems Consortium DHCP Server 4.3.6-P1
May 16 20:46:22	dhcpd		PID file: /var/run/dhcpdv6.pid
May 16 20:46:22	dhcpd		Database file: /var/db/dhcpd6.leases
May 16 20:46:22	dhcpd		Config file: /etc/dhcpdv6.conf
May 16 20:46:22	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
May 16 20:46:22	dhcpd		All rights reserved.
May 16 20:46:22	dhcpd		Copyright 2004-2018 Internet Systems Consortium.
May 16 20:46:22	dhcpd		Internet Systems Consortium DHCP Server 4.3.6-P1
May 16 20:46:22	dhcp6c	11182	add an address 2600:8800:ff06:1b00:545c:6314:4295:8fbf/128 on igb0
May 16 20:46:22	dhcp6c	11182	status code for NA-0: success
May 16 20:46:22	dhcp6c	11182	add an address 2600:8800:2d81:5702:208:a2ff:fe0a:6b64/64 on igb3
May 16 20:46:22	dhcp6c	11182	add an address 2600:8800:2d81:5701:208:a2ff:fe0a:6b63/64 on igb2
May 16 20:46:22	dhcp6c	11182	add an address 2600:8800:2d81:5700:208:a2ff:fe0a:6b62/64 on igb1
May 16 20:46:22	dhcp6c	11182	status code for PD-0: success
May 16 20:46:22	dhcp6c	11182	dhcp6c Received REQUEST
May 16 20:46:22	dhcp6c	11182	duplicated DNS address (2001:578:3f:1::30)
May 16 20:46:22	dhcp6c	11182	duplicated DNS address (2001:578:3f::30)
May 16 20:46:22	dhcp6c	11182	Sending Request
May 16 20:46:21	dhcpleases		Sending HUP signal to dns daemon(11710)
May 16 20:46:21	dhcpd		Server starting service.
May 16 20:46:21	dhcpd		Sending on Socket/fallback/fallback-net
May 16 20:46:21	dhcpd		Sending on BPF/igb1/00:08:a2:0a:6b:62/172.16.0.0/24
May 16 20:46:21	dhcpd		Listening on BPF/igb1/00:08:a2:0a:6b:62/172.16.0.0/24
May 16 20:46:21	dhcpleases		Sending HUP signal to dns daemon(11710)
May 16 20:46:21	dhcpd		Sending on BPF/igb2/00:08:a2:0a:6b:63/172.16.1.0/24
May 16 20:46:21	dhcpd		Listening on BPF/igb2/00:08:a2:0a:6b:63/172.16.1.0/24
May 16 20:46:21	dhcpd		Sending on BPF/igb3/00:08:a2:0a:6b:64/172.16.2.0/24
May 16 20:46:21	dhcpd		Listening on BPF/igb3/00:08:a2:0a:6b:64/172.16.2.0/24
May 16 20:46:21	dhcpd		Wrote 1 leases to leases file.
May 16 20:46:21	dhcpd		Wrote 0 new dynamic host decls to leases file.
May 16 20:46:21	dhcpd		Wrote 0 deleted host decls to leases file.
May 16 20:46:21	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
May 16 20:46:21	dhcpd		All rights reserved.
May 16 20:46:21	dhcpd		Copyright 2004-2018 Internet Systems Consortium.
May 16 20:46:21	dhcpd		Internet Systems Consortium DHCP Server 4.3.6-P1
May 16 20:46:21	dhcpd		PID file: /var/run/dhcpd.pid
May 16 20:46:21	dhcpd		Database file: /var/db/dhcpd.leases
May 16 20:46:21	dhcpd		Config file: /etc/dhcpd.conf
May 16 20:46:21	dhcpd		For info, please visit https://www.isc.org/software/dhcp/
May 16 20:46:21	dhcpd		All rights reserved.
May 16 20:46:21	dhcpd		Copyright 2004-2018 Internet Systems Consortium.
May 16 20:46:21	dhcpd		Internet Systems Consortium DHCP Server 4.3.6-P1
May 16 20:46:21	dhcpleases		Sending HUP signal to dns daemon(11710)
May 16 20:46:21	dhcpleases		kqueue error: unkown
May 16 20:46:21	dhcp6c	11182	duplicated DNS address (2001:578:3f:1::30)
May 16 20:46:21	dhcp6c	11182	duplicated DNS address (2001:578:3f::30)
May 16 20:46:21	dhcp6c	11182	Sending Solicit
May 16 20:46:20	dhcpleases		Sending HUP signal to dns daemon(11710)
May 16 20:46:20	dhcpleases		kqueue error: unkown
May 16 20:46:20	dhcp6c	11116	skip opening control port
May 16 20:46:20	dhcp6c	11116	failed initialize control message authentication
May 16 20:46:20	dhcp6c	11116	failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
May 16 20:46:19	dhcpleases		Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process.
May 16 20:46:19	dhcpleases		Sending HUP signal to dns daemon(51712)
May 16 20:46:19	dhcpleases		/etc/hosts changed size from original!
May 16 20:46:19	dhcpleases		Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process.
May 16 20:46:19	dhcpleases		Sending HUP signal to dns daemon(51712)
May 16 20:46:19	dhcpleases		/etc/hosts changed size from original!
May 16 20:46:17	dhcpleases		Sending HUP signal to dns daemon(51712)
May 16 20:46:17	dhcpleases		/etc/hosts changed size from original!
May 16 20:46:16	dhclient	66389	bound to 68.0.159.52 -- renewal in 43200 seconds.
May 16 20:46:16	dhclient		Creating resolv.conf
May 16 20:46:16	dhclient		/sbin/route add default 68.0.159.1
May 16 20:46:16	dhclient		Adding new routes to interface: igb0
May 16 20:46:16	dhclient		New Routers (igb0): 68.0.159.1
May 16 20:46:16	dhclient		New Broadcast Address (igb0): 68.0.159.255
May 16 20:46:16	dhclient		New Subnet Mask (igb0): 255.255.255.0
May 16 20:46:16	dhclient		New IP Address (igb0): 68.0.159.52
May 16 20:46:16	dhclient		ifconfig igb0 inet 68.0.159.52 netmask 255.255.255.0 broadcast 68.0.159.255
May 16 20:46:16	dhclient		Starting add_new_address()
May 16 20:46:16	dhclient		Deleting old routes
May 16 20:46:16	dhclient		BOUND
May 16 20:46:16	dhclient	66389	DHCPACK from 10.48.32.1
May 16 20:46:16	dhclient	66389	DHCPREQUEST on igb0 to 255.255.255.255 port 67
May 16 20:46:16	dhclient		ARPCHECK
May 16 20:46:14	dhclient		ARPSEND
May 16 20:46:14	dhclient	66389	DHCPOFFER from 10.48.32.1
May 16 20:46:14	dhclient	66389	DHCPDISCOVER on igb0 to 255.255.255.255 port 67 interval 2
May 16 20:46:14	dhclient		PREINIT
May 16 20:46:14	dhclient		Deleting old routes
May 16 20:46:14	dhclient		EXPIRE
May 16 20:46:14	dhclient		PREINIT

I'm far from an expert at this so I don't have any real idea what is going wrong other than what I found on other topics about it being a DCHP server access issue.

If I can provide you any information that might help I'll be glad to try, just tell me what you need.

Derelict

Interesting. Public address from a private-addressed server on WAN.

You wouldn't happen to have the firewall filter logs from when you have the RFC1918 block enabled would you?

Derelict

In that unique case you can make an RFC1918 alias and:

Pass the DHCP traffic in on WAN
Block the RFC1918 in on WAN
Rest of your WAN rules

Disable the checkbox for RFC1918 on WAN.

The ISP should not be expecting you to accept that traffic into WAN. I would open a ticket with them.

stan-qaz

The firewall logs always show as empty with the private block enabled or disabled.

I've talked to Cox tech support by phone and via their DSL Reports rep and no information is public about their use of the private network space within the Cox system. Not even a simple list of "we use these ranges, pick something else for your use" which has bitten folks for some time now when they have duplicates.

I'll skip trying to create firewall rules, want to keep the pfSense setup as basic as possible.

obitori

@stan-qaz @Derelict

I believe the problem was my rental ASSUS cable-modem/router-wifi. It was not passing the prefix subnet information, only individual ipv6 ip addresses for the one /64 subnet that it was using for direct connections to its LAN side. It was not sharing the rest of the /60 block that was showing up on the WAN side.

When I swapped it out for a NETGEAR CM700 and plugged the pfsense firewall into the NETGEAR CM700 ethernet out, the pfsense fw picked up the proper IPv6 information to distribute IPv6 addresses on the LAN side. That's what I wanted. I am going to mark this as resolved.

martywise

@obitori , I know this is pretty old at this point, But I'm also a Cox customer, battling my way through a similar setup with pfSense and a netgear CM1000 cable modem.. Any chance you could provide some details on your pfSense config to get it to use the ISP provided block of addresses?
Thanks for any info you can provide.

stan-qaz

@martywise Nothing fancy, my WAN page has these set:

Use DHCP6 to configure
use /56 prefix and send a hint to the ISP
reject leases from your modem's internal IP address
don't block private networks (once working you can try blocking)

martywise

@stan-qaz -- Thanks for the info. Going through my settings again I see what I'm missing. I am currently only asking for a /64 and that's what I'm getting... And, it changes each router reboot.

With your config, do you get a static block? Have you seen the prefix change over time? If so, how frequently?

Thanks again.

stan-qaz

@martywise No reason to only ask for a /64 but it should work if you have only one internal LAN.

Try checking: "Do not allow PD/Address release" to see if it helps stabilize the prefix.

You do not get a static block, you get whatever Cox wants to hand out. Some times and some areas you'll be on the same prefix for a long time, other times and areas (like Phoenix last year) you'll get a different prefix every couple months. As long as you avoid hard coding the prefix into some rule or DNS entry you will never notice it changing.

JKnott

@martywise said in [RESOLVED] Problem with Cox cable-modem and pfSense with IPv6 routing on pfSense LAN side:

And, it changes each router reboot.

Check Do not allow PD/Address release on the WAN page. Also, no harm in requesting more /64s than you need. The IPv6 address space is huge, with gazillions of addresses. I get a /56 from my ISP and currently use 4 /64s.

martywise

@stan-qaz Fabulous! Thanks. This is definitely working. Now, I get a LAN IPv6 address and a /56 prefix that does not change each reboot. As you say, it will likely change periodically. I've had Cox for over 20 years. In that time, my IPv4 has changed only infrequently... I expect this will probably be similar.
Thanks again for your help!

martywise

@jknott I now have the "Do not allow PD/Address release" option checked and overall, things seem to be working.
As for address space -- that's about what I'm after too... I only want to create a few subnets, with at most a few dozen nodes on each.
Thanks for the assistance.

JKnott

@martywise

My IPv4 address is virtually static, but my host name is based on modem and router MAC addresses. If I change hardware, the host name will change. If I change my router or it's NIC, my address will change. On IPv6, my prefix has survived modem and complete replacement of the box I run pfsense on. I suspect it might take a nuke or two, to change it.