HELP! Seemingly bizarre dhclient behavior on WAN
-
@athurdent
Where I am the ISP has a newer modem with bridge mode available but the older one I have they tried to hide the setting with CSS trickery. Reboots are no problem but if the ISP was still updating the firmware then you would lose your setting. Mine is just old enough they have not bothered with any firmware upgrades. Been solid for couple of years now. For this model I just use Firefox in Developer mode and change the CSS setting that hides the bridge mode checkbox, then quickly save my change.
This is tricky because the browser refresh will put you back to square one so getting the CSS changed and saving my setting is under a time limit. Took a few attempts.
If you are lucky maybe they are just hiding it from you.
Some models have pages with no link to hide it.;) -
Hello all,
sory for bumping topic, but i really need to know is there possible to add multiple IPs to make the DHCP client reject leases from an undesirable DHCP server. Seems my isp has 5 or 6 different IPs now. Ihave nasty issues with Dynamic dns not been able to resolve public IP etc. Various problems ppls connecting to my gaming sessions. Slow response of PfSense GUI due checking hostname ip and such. Just please tell me how to add Ips.
Many thnx in advance.
-
No, the client can only ignore one address.
-
I admit my C skills are questionable, but I was looking at the source code of dhclient and it appears that a comma-delimited list of multiple ignore IPs would actually be valid here.
see: L945 of dhclient/clparse.c
If you guys agree that would be acceptable, I can make a patch & submit a pull request.
-
Give it a try and see if it works. The man page only claims a single address:
reject ip-address; The reject statement causes the DHCP client to reject offers from servers who use the specified address as a server identifier. This can be used to avoid being configured by rogue or misconfigured DHCP servers, although it should be a last resort - better to track down the bad DHCP server and fix it. -
I just tested it on my end. I patched interfaces.inc and interfaces.php (quick easy patch – no input validation, yet) and then saved a config with my "real" ignore IP in the middle, surrounded by 2 bogus IPs like so:
<dhcprejectfrom>1.2.3.4,192.168.100.1,5.6.7.8</dhcprejectfrom>I then rebooted my modem & tail'ed the output to see if the reject was working …
DHCPDISCOVER on igb2 to 255.255.255.255 port 67 interval 32 DHCPNACK from 192.168.100.1 rejected.So it looks like this does actually work (despite what the FreeBSD docs say) ;)
Should I make a real patch? I think IIRC the old GUI code would actually accept a list but somewhere along the way it was decided that this wasn't valid and it was changed… so the code might already be there in the old commits. -
What was allowed before and broke was a subnet (e.g. 192.168.0.0/24), and that definitely doesn't work.
If it works with a comma-separated list then sure, submit a PR (be sure to link to the thread and mention that it was tested)
You can find some validation code in the OpenVPN local/remote networks fields which already validates a list of IP addresses in this way. Though it also allows subnets, which need to be denied here, so it's not an exact copy.
-
Ok great, I will send in a proper PR shortly.
-
So I created an account so i could post to this thread.
I'm seeing this issue with Comcast in Chicago for the last couple of weeks. I've been running the same cable modem/gateway in bridged mode with same pfsese box for almost two years now and don't remember my modem losing it upstream sync causing this before.
My question is….
When the Comcast uplink comes back online should the modem do a dhcp renew to the pfsense box? Is that not happening or does pfsense not see the renew?
Guess I'm just wondering if it's somehing i should raise up with Comcast business support to see if they can fix it with a configration change of the modem? Maybe a recent firmware update change the behaviour? Or is their a cable modem you guys recommend that does not have this issue?
Thanks
-
Sorry for the long delay for such a simple PR, but I got a little busy last few days :P
PR submitted: https://github.com/pfsense/pfsense/pull/3683
