I've been using NetBSD/sparc as a router/firewall for a long time. My
ADSL service provider uses DHCP for address assignment. When I first
started using ADSL, I was using ISC 'dhclient' and it worked quite well
in exchange for having to do some fiddly bits in the "/etc/ifconfig.xxx"
file.
In the netbsd-6 era, with 'dhcpcd' being the default mechanism for a
simple "dhcp" configuration line, I figured I'd give it a try for handling
the upstream connection to my ISP. It has required even more fiddly
business to make it work than its alternative. At present, using
netbsd-7, the most vexing problem is as follows:
Following an update and a reboot, 'dhcpcd' ignores the "/20" netmask
presented by the ISP's DHCP server and instead installs the address with
a "/8" netmask instead (the address assigned by the DHCP server would
otherwise be a Class A were it not for the "/20" netmask).
This, naturally, cuts off vast swaths of T3h Intarw3bz (most notably
Google) since my router then assumes they are on the same network and
expects to get a response via ARP.
Using '/etc/rc.d/network restart' gets things working again, but it's
still not right. The ISP's DHCP server again issues a "/20" netmask,
but this time, 'dhcpcd' installs a "/24" netmask instead. It installs
a route to the "/20" network along with the nearest "/24" network.
My ISP's upstream router is operating as a DHCP relay as the DHCP
server is on an entirely different network from that presented by
the upstream router. Perhaps this causes confusion?
My ISP seems to suffer prolonged outages of its upstream router, so
when the lease expires, an IPv4LL/APIPA address is assigned and this
also frequently has the wrong netmask (usually /24 instead of /16).
I don't know if this is architecture-dependent or not. Perhaps I'll
copy my firewall rules over to one of my Soekris net4501s and see how
it behaves on an i386 system in place of the sparc system. (I have a
local patch to work around kern/49124 for -7/-current.)