Re: [Vyatta-users] DHCP relay
Thanks for your reply. Sorry, my mistake : not eth1 but eth0. (192.168.10.X) Eth2 - network with the DHCP Server on network 192.168.2.XXx The DHCP serve the scope (192.168.2.0) as well : here no problem the pc got their IP (see the log, after) and I would like that the DHCP server serve the scope 192.168.10.XX as well on the interfaces eth0 So on my windows server, I have a superScope with 2 scope (192.168.2.0 and 192.168.10.0) styohanes:~# tcpdump -n port 67 -i eth2 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth2, link-type EN10MB (Ethernet), capture size 96 bytes 07:45:14.790263 IP 192.168.2.10.67 192.168.2.2.67: BOOTP/DHCP, Request from XXX, length 300 07:45:31.788526 IP 192.168.2.10.67 192.168.2.2.67: BOOTP/DHCP, Request from XXX, length 300 07:46:32.337900 IP 192.168.2.154.68 255.255.255.255.67: BOOTP/DHCP, Request from XXX333, length 300 07:47:15.884938 IP 0.0.0.0.68 255.255.255.255.67: BOOTP/DHCP, Request from XXX222, length 300 07:47:15.885338 IP 192.168.2.2.67 255.255.255.255.68: BOOTP/DHCP, Reply, length 300 07:47:28.896045 IP 0.0.0.0.68 255.255.255.255.67: BOOTP/DHCP, Request from XXX222, length 300 07:47:28.896468 IP 192.168.2.2.67 255.255.255.255.68: BOOTP/DHCP, Reply, length 300 07:50:50.781445 IP 192.168.2.10.67 192.168.2.2.67: BOOTP/DHCP, Request from XXX, length 300 07:50:53.777544 IP 192.168.2.10.67 192.168.2.2.67: BOOTP/DHCP, Request from XXX, length 300 So, the request is going to the DHCP server, but no reply from him. But it work fine for the mac XXX222 which is in the network 192.168.2.0 I think the problem is from my DCHP Server, How can you define a scope to reply to a router - link the Scope 192.168.10.0 to the router 192.168.10.1 ? Thanks for your help. only 6 hours on a DHCP problem, :-/ merci Damien On Dec 6, 2007 9:40 PM, Robyn Orosz [EMAIL PROTECTED] wrote: Hi Damien, What interface is the network connected to that you wish to serve DHCP addresses? You mention eth1 in your post, but I only see eth0 and eth2 configured for dhcp-relay. If you want to serve hosts behind eth1, you need to add eth1 to the dhcp-relay configuration. To make this more clear, if your win 2k3 server is configured with a DHCP scope for network 192.168.10.x, it will only serve requests made from the interface configured with 192.168.10.x. The dhcp-relay adds the IP address of the interface that requests are seen on into the BOOTP request packets so the DHCP server knows which scope to serve addresses to. Thank you, Robyn Troopy . wrote: Hello, Did you check the routing? i mean the DHCP server must be able to reach the client at the IP layer. I remember i forgot this when i wrote the DHCP openmaniak tutorial. (See the case study, i forgot set protocols static route 0.0.0.0/0next-hop 10.0.2.2) Bonne chance Troopy -- Original Message -- From: Dams [EMAIL PROTECTED] Date: Thu, 6 Dec 2007 18:01:08 +0700 Hello, I have a problem with the DHCP-relay Config: dhcp-relay { interface eth0 interface eth2 server 192.168.2.2 relay-options { } Eth0 conect to my DHCP server (win 2k3 Server) : 192.168.2.2 and Eth1 to a subnet : 192.168.10.X But the dhcp relay doesn't work X:~# tcpdump -n port 67 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 17:50:29.636059 IP 0.0.0.0.68 255.255.255.255.67: BOOTP/DHCP, Request from X, length 300 17:50:33.376048 IP 0.0.0.0.68 255.255.255.255.67: BOOTP/DHCP, Request from X, length 300 17:50:38.370026 IP 0.0.0.0.68 255.255.255.255.67: BOOTP/DHCP, Request from X, length 300 17:50:47.370767 IP 0.0.0.0.68 255.255.255.255.67: BOOTP/DHCP, Request from X, length 300 17:51:03.369141 IP 0.0.0.0.68 255.255.255.255.67: BOOTP/DHCP, Request from X, length 300 But If I add the MAC on static in my DHCP Server, it work fine. XXX:~# tcpdump -n port 67 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 17:11:28.052775 IP 0.0.0.0.68 255.255.255.255.67: BOOTP/DHCP, Request from X, length 300 17:11:28.053871 IP 192.168.10.1.67 255.255.255.255.68: BOOTP/DHCP, Reply, length 318 17:11:28.055461 IP 0.0.0.0.68 255.255.255.255.67: BOOTP/DHCP, Request from X, length 302 17:11:28.056391 IP 192.168.10.1.67 255.255.255.255.68: BOOTP/DHCP, Reply, length 318 What did I miss ? I follow the HowTo http://www.openmaniak.com/vyatta_case_dhcp.php#dhcp-process which is brilliant, thanks. The only differents is that my DHCP is not on the router, but on another PC. Do I need to add a route to define the DHCP Server? Do i need to add a data on
Re: [Vyatta-users] DHCP relay
Thanks Robyn, My config Internet - Untangle -- Switch and plug on the switch Vyatta Router, the network 192.168.2.0, and the DHCP Server Schema: X - Vyatta -- Network 192.168.10.0 Internet --- Untangle Gateway --- Switch X-- Network 192.168.2.0 + DHCP Server My config on vyatta protocols { snmp { community public { client 192.168.2.5 client 192.168.2.99 } trap-target 192.168.1.1 trap-target 192.168.10.1 contact: Network Administrator location: X } static { } } policy { } interfaces { loopback lo { address 10.0.0.65 { prefix-length: 32 } } ethernet eth0 { description: My Sub Net 10 hw-id: 00:03:47:06:39:9e address 192.168.10.1 { prefix-length: 24 } } ethernet eth1 { disable: true description: Not Working hw-id: 00:06:5b:a5:29:10 } ethernet eth2 { description: Interface Out hw-id: 00:0e:2e:98:18:80 address 192.168.2.10 { prefix-length: 24 } } } service { dhcp-relay { interface eth0 interface eth2 server 192.168.2.2 relay-options { } } nat { rule 1 { type: masquerade outbound-interface: eth2 } rule 2 { type: masquerade inbound-interface: eth2 outbound-interface: eth0 protocols: all source { network: 192.168.2.0/24 } destination { network: 192.168.10.0/24 } } } ssh { } webgui { } } firewall { } } system { host-name: X domain-name: .ac.id domain-search { domain X.ac.id } name-server 192.168.2.2 time-zone: GMT+7 ntp-server 69.59.150.135 gateway-address: 192.168.2.1 login { user root { authentication { encrypted-password: } } user vyatta { authentication { encrypted-password: } } user networkadmin { full-name: Network Administrator authentication { encrypted-password: plaintext-password: } } } package { repository community { component: main url: http://archive.vyatta.com/vyatta; } } options { } } The capture from a PC in the network 192.168.2.0 tshark -i eth2 port 67 and port 68 -Vn Frame 5 (342 bytes on wire, 342 bytes captured) Arrival Time: Dec 6, 2007 09:00:22.590416000 [Time delta from previous packet: 0.018551000 seconds] [Time since reference or first frame: 0.019484000 seconds] Frame Number: 5 Packet Length: 342 bytes Capture Length: 342 bytes [Frame is marked: False] [Protocols in frame: eth:ip:udp:bootp] Ethernet II, Src: MacRouterEth2 (MacRouterEth2), Dst: (XXX) Destination: (X) Address: (X) ...0 = IG bit: Individual address (unicast) ..0. = LG bit: Globally unique address (factorydefault) Source: MAC (MacRouterEth2) Address: MacRouterEth2 (0MacRouterEth2) ...0 = IG bit: Individual address (unicast) ..0. = LG bit: Globally unique address (factorydefault) Type: IP (0x0800) Internet Protocol, Src: 192.168.2.10 (192.168.2.10), Dst: 192.168.2.196 ( 192.168 .2.196) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00) 0001 00.. = Differentiated Services Codepoint: Unknown (0x04) ..0. = ECN-Capable Transport (ECT): 0 ...0 = ECN-CE: 0 Total Length: 328 Identification: 0x (0) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 16 Protocol: UDP (0x11) Header checksum: 0x2377 [correct]
Re: [Vyatta-users] DHCP relay
Hi Damien, Thanks for the extra info. I think the problem may be due to your masquerade rules. Rule 1 is masquerading all traffic that leaves eth2. So, anything with a source address of 192.168.10.x will be changed to a source address of 192.168.2.10. Rule 2 looks like it's basically doing the reverse. Why do you have these masquerade rules configured? You shouldn't need any NAT for the 2 connected networks and this will confuse things as I think it may be doing now. Thanks, Robyn Dams wrote: Thanks Robyn, My config Internet - Untangle -- Switch and plug on the switch Vyatta Router, the network 192.168.2.0 http://192.168.2.0, and the DHCP Server Schema: X - Vyatta -- Network 192.168.10.0 http://192.168.10.0 Internet --- Untangle Gateway --- Switch X-- Network 192.168.2.0 http://192.168.2.0 + DHCP Server My config on vyatta protocols { snmp { community public { client 192.168.2.5 http://192.168.2.5 client 192.168.2.99 http://192.168.2.99 } trap-target 192.168.1.1 http://192.168.1.1 trap-target 192.168.10.1 http://192.168.10.1 contact: Network Administrator location: X } static { } } policy { } interfaces { loopback lo { address 10.0.0.65 http://10.0.0.65 { prefix-length: 32 } } ethernet eth0 { description: My Sub Net 10 hw-id: 00:03:47:06:39:9e address 192.168.10.1 http://192.168.10.1 { prefix-length: 24 } } ethernet eth1 { disable: true description: Not Working hw-id: 00:06:5b:a5:29:10 } ethernet eth2 { description: Interface Out hw-id: 00:0e:2e:98:18:80 address 192.168.2.10 http://192.168.2.10 { prefix-length: 24 } } } service { dhcp-relay { interface eth0 interface eth2 server 192.168.2.2 http://192.168.2.2 relay-options { } } nat { rule 1 { type: masquerade outbound-interface: eth2 } rule 2 { type: masquerade inbound-interface: eth2 outbound-interface: eth0 protocols: all source { network: 192.168.2.0/24 http://192.168.2.0/24 } destination { network: 192.168.10.0/24 http://192.168.10.0/24 } } } ssh { } webgui { } } firewall { } } system { host-name: X domain-name: .ac.id http://.ac.id domain-search { domain X.ac.id http://X.ac.id } name-server 192.168.2.2 http://192.168.2.2 time-zone: GMT+7 ntp-server 69.59.150.135 http://69.59.150.135 gateway-address: 192.168.2.1 http://192.168.2.1 login { user root { authentication { encrypted-password: } } user vyatta { authentication { encrypted-password: } } user networkadmin { full-name: Network Administrator authentication { encrypted-password: plaintext-password: } } } package { repository community { component: main url: http://archive.vyatta.com/vyatta; } } options { } } The capture from a PC in the network 192.168.2.0 http://192.168.2.0 tshark -i eth2 port 67 and port 68 -Vn Frame 5 (342 bytes on wire, 342 bytes captured) Arrival Time: Dec 6, 2007 09:00: 22.590416000 [Time delta from previous packet: 0.018551000 seconds] [Time since reference or first frame: 0.019484000 seconds] Frame Number: 5 Packet Length: 342 bytes Capture Length: 342 bytes [Frame is marked: False] [Protocols in frame: eth:ip:udp:bootp] Ethernet II, Src: MacRouterEth2 (MacRouterEth2), Dst: (XXX) Destination: (X) Address: (X) ...0 = IG bit: Individual address (unicast) ..0. = LG bit: Globally unique address (factory
Re: [Vyatta-users] DHCP relay in vif interfaces (vc3)
Thanks Marat, I will try it asap. Marat Nepomnyashy wrote: Hi Sergio, There is a limitation in the VC3 release in that only 'ethX' values can be specified for DHCP relay interfaces. This is due to overly stringent validation checks. I just opened a new bug on this: https://bugzilla.vyatta.com/show_bug.cgi?id=2473 A temporary work-around can be implemented using the attachments just added to Bug 2473. There is the attachment id 238 that should be copied over the runtime file '/opt/vyatta/share/xorp/templates/rl_dhcp.tp' on your router. You will also need to apply the patch in attachment id 239 to the runtime script file '/opt/vyatta/sbin/dhcrelay-starter.pl' to disable another validation check. You will have to reboot the router for the validation checks removals to take effect, so make sure you're running off a disk rather than CDROM, or the changes will be lost. Hope this works for now, -- Marat - Original Message - From: Sergio Garcia [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 14, 2007 4:34 AM Subject: [Vyatta-users] DHCP relay in vif interfaces (vc3) Hi all. I hope you can help me with this doubt :) I want to relay dhcp requests incoming from tree eth1 vif's to a dhcp server but Vyatta VC3 only allows me to select ethX interfaces (X goes from 0 to 23). Is it possible to do this? Launching dhcrelay manually is not a good solution, but if it is the only way I will accept. Thanks in advance ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users -- This mail has been sent through DS2 mail server ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] DHCP relay in vif interfaces (vc3)
Hi Sergio, There is a limitation in the VC3 release in that only 'ethX' values can be specified for DHCP relay interfaces. This is due to overly stringent validation checks. I just opened a new bug on this: https://bugzilla.vyatta.com/show_bug.cgi?id=2473 A temporary work-around can be implemented using the attachments just added to Bug 2473. There is the attachment id 238 that should be copied over the runtime file '/opt/vyatta/share/xorp/templates/rl_dhcp.tp' on your router. You will also need to apply the patch in attachment id 239 to the runtime script file '/opt/vyatta/sbin/dhcrelay-starter.pl' to disable another validation check. You will have to reboot the router for the validation checks removals to take effect, so make sure you're running off a disk rather than CDROM, or the changes will be lost. Hope this works for now, -- Marat - Original Message - From: Sergio Garcia [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 14, 2007 4:34 AM Subject: [Vyatta-users] DHCP relay in vif interfaces (vc3) Hi all. I hope you can help me with this doubt :) I want to relay dhcp requests incoming from tree eth1 vif's to a dhcp server but Vyatta VC3 only allows me to select ethX interfaces (X goes from 0 to 23). Is it possible to do this? Launching dhcrelay manually is not a good solution, but if it is the only way I will accept. Thanks in advance ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users