HELP! Seemingly bizarre dhclient behavior on WAN

Phil.Scarr

The event I reported previously where the dhclient seemed to lose its mind happened again so I went and snatched the dhclient logs. What's really strange is that there appears to be a DHCP offer on the WAN side for a 192.168.100.1 DHCP server. There is no such server that I'm aware of, unless that's my cable modem…

So you can see the reboot last night in blue, then the binding to the correct DHCP server from Charter but this this morning, this very strange interraction with a DHCP server on 192.168.100.1 in red.

Jan 15 19:54:23 dhclient REBOOT
Jan 15 19:54:24 dhclient 8638 bound to 96.42.26.125 – renewal in 9974 seconds.
Jan 15 22:40:36 dhclient Creating resolv.conf
Jan 15 22:40:36 dhclient RENEW
Jan 16 02:40:36 dhclient Creating resolv.conf
Jan 16 02:40:36 dhclient RENEW
Jan 16 06:40:36 dhclient Creating resolv.conf
Jan 16 06:40:36 dhclient RENEW
Jan 16 07:24:28 dhclient 9468 exiting.
Jan 16 07:24:28 dhclient 9468 connection closed
Jan 16 07:24:50 dhclient PREINIT
Jan 16 07:24:51 dhclient 91520 DHCPREQUEST on cpsw0 to 255.255.255.255 port 67
Jan 16 07:24:52 dhclient 91520 DHCPREQUEST on cpsw0 to 255.255.255.255 port 67
Jan 16 07:24:54 dhclient 91520 DHCPDISCOVER on cpsw0 to 255.255.255.255 port 67 interval 1
Jan 16 07:24:54 dhclient 91520 DHCPNAK from 192.168.100.1 <–--- WTF is this???
Jan 16 07:24:54 dhclient 91520 DHCPREQUEST on cpsw0 to 255.255.255.255 port 67
Jan 16 07:24:55 dhclient 91520 DHCPDISCOVER on cpsw0 to 255.255.255.255 port 67 interval 2
Jan 16 07:24:56 dhclient 91520 DHCPOFFER already seen.
Jan 16 07:24:56 dhclient 91520 DHCPOFFER from 192.168.100.1
Jan 16 07:24:56 dhclient ARPSEND
Jan 16 07:24:56 dhclient 91520 DHCPOFFER from 192.168.100.1
Jan 16 07:24:58 dhclient 91520 bound to 192.168.100.10 – renewal in 30 seconds.
Jan 16 07:24:58 dhclient Creating resolv.conf
Jan 16 07:24:58 dhclient /sbin/route add default 192.168.100.1
Jan 16 07:24:58 dhclient Adding new routes to interface: cpsw0
Jan 16 07:24:58 dhclient New Routers (cpsw0): 192.168.100.1
Jan 16 07:24:58 dhclient New Broadcast Address (cpsw0): 192.168.100.255
Jan 16 07:24:58 dhclient New Subnet Mask (cpsw0): 255.255.255.0
Jan 16 07:24:58 dhclient New IP Address (cpsw0): 192.168.100.10 <–--- And now this is the WAN IP
Jan 16 07:24:58 dhclient ifconfig cpsw0 inet 192.168.100.10 netmask 255.255.255.0 broadcast 192.168.100.255
Jan 16 07:24:58 dhclient Starting add_new_address()
Jan 16 07:24:58 dhclient BOUND
Jan 16 07:24:58 dhclient 91520 DHCPACK from 192.168.100.1
Jan 16 07:24:58 dhclient 91520 DHCPREQUEST on cpsw0 to 255.255.255.255 port 67
Jan 16 07:24:58 dhclient ARPCHECK
Jan 16 07:25:28 dhclient 1073 DHCPREQUEST on cpsw0 to 192.168.100.1 port 67
Jan 16 07:25:30 dhclient 1073 DHCPREQUEST on cpsw0 to 192.168.100.1 port 67
Jan 16 07:25:32 dhclient 1073 DHCPREQUEST on cpsw0 to 192.168.100.1 port 67
Jan 16 07:25:35 dhclient 1073 DHCPREQUEST on cpsw0 to 192.168.100.1 port 67
Jan 16 07:25:41 dhclient 1073 DHCPREQUEST on cpsw0 to 192.168.100.1 port 67
Jan 16 07:25:49 dhclient 1073 DHCPREQUEST on cpsw0 to 192.168.100.1 port 67
Jan 16 07:25:55 dhclient 92599 exiting.
Jan 16 07:25:55 dhclient 92599 connection closed
Jan 16 07:25:57 dhclient 28540 DHCPREQUEST on cpsw0 to 255.255.255.255 port 67
Jan 16 07:25:57 dhclient PREINIT
Jan 16 07:25:59 dhclient ARPSEND
Jan 16 07:25:59 dhclient 28540 DHCPOFFER from 96.42.26.1 <–--- This is the right DHCP server
Jan 16 07:25:59 dhclient 28540 DHCPDISCOVER on cpsw0 to 255.255.255.255 port 67 interval 1
Jan 16 07:25:59 dhclient PREINIT
Jan 16 07:25:59 dhclient Deleting old routes
Jan 16 07:25:59 dhclient EXPIRE
Jan 16 07:26:01 dhclient BOUND
Jan 16 07:26:01 dhclient 28540 DHCPACK from 96.42.26.1
Jan 16 07:26:01 dhclient 28540 DHCPREQUEST on cpsw0 to 255.255.255.255 port 67
Jan 16 07:26:01 dhclient ARPCHECK
Jan 16 07:26:02 dhclient ifconfig cpsw0 inet 96.42.26.125 netmask 255.255.254.0 broadcast 255.255.255.255
Jan 16 07:26:02 dhclient Starting add_new_address()
Jan 16 07:26:02 dhclient Deleting old routes
Jan 16 07:26:03 dhclient New Broadcast Address (cpsw0): 255.255.255.255
Jan 16 07:26:03 dhclient New Subnet Mask (cpsw0): 255.255.254.0
Jan 16 07:26:03 dhclient New IP Address (cpsw0): 96.42.26.125 <–--- And this is the right address
Jan 16 07:26:04 dhclient Creating resolv.conf
Jan 16 07:26:04 dhclient /sbin/route add default 96.42.26.1
Jan 16 07:26:04 dhclient Adding new routes to interface: cpsw0
Jan 16 07:26:04 dhclient New Routers (cpsw0): 96.42.26.1
Jan 16 07:26:05 dhclient 28540 bound to 96.42.26.125 – renewal in 13037 seconds

Can someone help me understand WTF is going on here? Is my cable modem offering up an address it shouldn't? Where is that 192.168.100.1 server coming from? Any help debugging this would be greatly appreciated. When it happens, the internet connection drops until it recovers. Where should I look next?

Thanks!

phil.davis

In the interface settings, try "Reject leases from" to reject any leases offered from that address. Some upstream devices can do that sort of thing.

RejectLeasesFrom.png_thumb

Phil.Scarr

@phil.davis:

In the interface settings, try "Reject leases from" to reject any leases offered from that address. Some upstream devices can do that sort of thing.

Awesome, thanks. I'll let you know if that works out but it looks to solve exactly what I'm seeing.

"To make the DHCP client reject leases from an undesirable DHCP server, place the IP address of the DHCP server here. This is useful for rejecting leases from cable modems that offer private IP addresses when they lose upstream sync."

doktornotor

Pretty normal mostly with cable modems. Yeah, best to reject those leases.

jimp

Yep, it's common cable modem behavior. My modem, an older Motorola Surfboard, does this with that exact address. It's the reason I added that GUI field years ago.

Phil.Scarr

@jimp:

Yep, it's common cable modem behavior. My modem, an older Motorola Surfboard, does this with that exact address. It's the reason I added that GUI field years ago.

So it just did it again and the recovery time was much quicker, about 30 seconds instead of 2 minutes. But I still want to know what's going on. I guess I should call Charter and get them to test my line again. My CM shouldn't be losing sync like this, a couple of times a day.

jimp

Usually it's indicative of an upstream issue. Mine only does that when the upstream sync is lost.

luckman212

Wish there was a way to blanket reject any lease coming from an rfc1918 address but I checked the source code for dhclient and it looks like it only accepts individual IPs right now.

Phil.Scarr

@luckman212:

Wish there was a way to blanket reject any lease coming from an rfc1918 address but I checked the source code for dhclient and it looks like it only accepts individual IPs right now.

Will it take multiple IPs? So if for some strange reason there are 3 DHCP servers reachable but only 1 is real, can I put in a comma-separated list?

luckman212

@Phil.Scarr:

Will it take multiple IPs?

I am not sure- try it and then take a look at your /var/etc/dhclient_XXX.conf (for whichever wan) file to see if the config was written correctly.

I do not know if your cable modem can be put into bridge mode but it is worth finding out. You may lose wireless but ideally you want everything behind pfsense anyway. If the modem is creating a problem just bridge right through it. Speed could see increase also.

Phil.Scarr

@webtyro:

I do not know if your cable modem can be put into bridge mode but it is worth finding out. You may lose wireless but ideally you want everything behind pfsense anyway. If the modem is creating a problem just bridge right through it. Speed could see increase also.

I assume that that would be something the cable company would have to do, right? I don't have wireless on my CM, I have an access point on my LAN.

Phil.Scarr

@webtyro:

I do not know if your cable modem can be put into bridge mode but it is worth finding out. You may lose wireless but ideally you want everything behind pfsense anyway. If the modem is creating a problem just bridge right through it. Speed could see increase also.

Oh, apparently not… http://fascinated.fm/post/2379188731/getting-a-motorola-sbg6580-into-bridge-mode-on

Getting a Motorola SBG6580 into “Bridge” mode on TimeWarner Wideband

Unplug coax cable from Motorola
Hold down the white reset button on the back panel with a pen for 30s. This resets all settings to factory defaults. The modem will be auto-reconfigured once you plug in the coax cable.
When modem is back on plug in a computer with an Ethernet cable into the modem.
Connect to http://192.168.0.1 and login with “admin” / “motorola”
Now you will make some changes:
Wireless -> Primary Network -> Disabled
Basic -> Setup -> NAPT Mode -> Disabled
Basic -> DHCP -> No
Advanced -> Options -> Rg Passthrough -> Enable
Advanced -> Options -> Passthrough Mac Addresses -> Add WAN MAC address of your router 6. Connect port 1 on the Motorola modem to the WAN port of your router.

jimp

Doesn't matter. Even in bridge mode it hands that out when it loses upstream sync

@jimp:

Doesn't matter. Even in bridge mode it hands that out when it loses upstream sync

His log shows the DHCP attempt from the modem with the private address seems to me is possible causing the sync issue. Does it to you. I know my setup here using a bridged Actiontec is rock solid.
I have to shut everything down overnight just to receive a new gateway. Sync may not be an issue with the modem out of DHCP service. What do you think. Worth a shot?

jimp

That's just how these Moto Surfboard/Arris modems work. They bridge when they have sync and when they don't have sync they hand out a private address. Presumably so you can hit the modem and troubleshoot.

@jimp:

That's just how these Moto Surfboard/Arris modems work. They bridge when they have sync and when they don't have sync they hand out a private address. Presumably so you can hit the modem and troubleshoot.

Bridge mode with a mind of its own. Pffft. Figures! Reset button be damned.

Phil.Scarr

@jimp:

That's just how these Moto Surfboard/Arris modems work. They bridge when they have sync and when they don't have sync they hand out a private address. Presumably so you can hit the modem and troubleshoot.

From my limited research into this, there does seem to be a way to force the modem to stay in bridge mode all the time, whether it has sync or not… But I haven't tried to set it up yet.

http://fascinated.fm/post/2379188731/getting-a-motorola-sbg6580-into-bridge-mode-on

athurdent

Nowadays cable providers tend to force the modem configuration on the device. It's most likely that all your local config modifications disappear at some point, at least after a reboot.
Back in the days you could simply upload a different config file and the device would do 100 MBit insted of the 10 you payed for. The providers did not like this as much as the customers did, so… :)
Just be glad that you still have a modem with bridge mode. Most of the providers here in Germany disable bridge mode completely.

@athurdent
Where I am the ISP has a newer modem with bridge mode available but the older one I have they tried to hide the setting with CSS trickery. Reboots are no problem but if the ISP was still updating the firmware then you would lose your setting. Mine is just old enough they have not bothered with any firmware upgrades. Been solid for couple of years now. For this model I just use Firefox in Developer mode and change the CSS setting that hides the bridge mode checkbox, then quickly save my change.
This is tricky because the browser refresh will put you back to square one so getting the CSS changed and saving my setting is under a time limit. Took a few attempts.
If you are lucky maybe they are just hiding it from you.
Some models have pages with no link to hide it.;)