Re: [Vyatta-users] DHCP relay
Thanks for your reply.
Sorry, my mistake : not eth1 but eth0. (192.168.10.X)
Eth2 - network with the DHCP Server on network 192.168.2.XXx
The DHCP serve the scope (192.168.2.0) as well : here no problem the pc got
their IP (see the log, after)
and I would like that the DHCP server serve the scope 192.168.10.XX as well
on the interfaces eth0
So on my windows server, I have a superScope with 2 scope (192.168.2.0 and
192.168.10.0)
styohanes:~# tcpdump -n port 67 -i eth2
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth2, link-type EN10MB (Ethernet), capture size 96 bytes
07:45:14.790263 IP 192.168.2.10.67 192.168.2.2.67: BOOTP/DHCP, Request
from XXX, length 300
07:45:31.788526 IP 192.168.2.10.67 192.168.2.2.67: BOOTP/DHCP, Request
from XXX, length 300
07:46:32.337900 IP 192.168.2.154.68 255.255.255.255.67: BOOTP/DHCP,
Request from XXX333, length 300
07:47:15.884938 IP 0.0.0.0.68 255.255.255.255.67: BOOTP/DHCP, Request from
XXX222, length 300
07:47:15.885338 IP 192.168.2.2.67 255.255.255.255.68: BOOTP/DHCP, Reply,
length 300
07:47:28.896045 IP 0.0.0.0.68 255.255.255.255.67: BOOTP/DHCP, Request from
XXX222, length 300
07:47:28.896468 IP 192.168.2.2.67 255.255.255.255.68: BOOTP/DHCP, Reply,
length 300
07:50:50.781445 IP 192.168.2.10.67 192.168.2.2.67: BOOTP/DHCP, Request
from XXX, length 300
07:50:53.777544 IP 192.168.2.10.67 192.168.2.2.67: BOOTP/DHCP, Request
from XXX, length 300
So, the request is going to the DHCP server, but no reply from him.
But it work fine for the mac XXX222 which is in the network 192.168.2.0
I think the problem is from my DCHP Server,
How can you define a scope to reply to a router
- link the Scope 192.168.10.0 to the router 192.168.10.1 ?
Thanks for your help.
only 6 hours on a DHCP problem, :-/
merci
Damien
On Dec 6, 2007 9:40 PM, Robyn Orosz [EMAIL PROTECTED] wrote:
Hi Damien,
What interface is the network connected to that you wish to serve DHCP
addresses? You mention eth1 in your post, but I only see eth0 and eth2
configured for dhcp-relay. If you want to serve hosts behind eth1, you
need to add eth1 to the dhcp-relay configuration.
To make this more clear, if your win 2k3 server is configured with a
DHCP scope for network 192.168.10.x, it will only serve requests made
from the interface configured with 192.168.10.x. The dhcp-relay adds
the IP address of the interface that requests are seen on into the BOOTP
request packets so the DHCP server knows which scope to serve addresses
to.
Thank you,
Robyn
Troopy . wrote:
Hello,
Did you check the routing? i mean the DHCP server must be able to
reach the client at the IP layer.
I remember i forgot this when i wrote the DHCP openmaniak tutorial.
(See the case study, i forgot set protocols static route 0.0.0.0/0next-hop
10.0.2.2)
Bonne chance
Troopy
-- Original Message --
From: Dams [EMAIL PROTECTED]
Date: Thu, 6 Dec 2007 18:01:08 +0700
Hello,
I have a problem with the DHCP-relay
Config:
dhcp-relay {
interface eth0
interface eth2
server 192.168.2.2
relay-options {
}
Eth0 conect to my DHCP server (win 2k3 Server) : 192.168.2.2
and Eth1 to a subnet : 192.168.10.X
But the dhcp relay doesn't work
X:~# tcpdump -n port 67
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
17:50:29.636059 IP 0.0.0.0.68 255.255.255.255.67: BOOTP/DHCP, Request
from
X, length 300
17:50:33.376048 IP 0.0.0.0.68 255.255.255.255.67: BOOTP/DHCP, Request
from
X, length 300
17:50:38.370026 IP 0.0.0.0.68 255.255.255.255.67: BOOTP/DHCP, Request
from
X, length 300
17:50:47.370767 IP 0.0.0.0.68 255.255.255.255.67: BOOTP/DHCP, Request
from
X, length 300
17:51:03.369141 IP 0.0.0.0.68 255.255.255.255.67: BOOTP/DHCP, Request
from
X, length 300
But If I add the MAC on static in my DHCP Server, it work fine.
XXX:~# tcpdump -n port 67
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
17:11:28.052775 IP 0.0.0.0.68 255.255.255.255.67: BOOTP/DHCP, Request
from
X, length 300
17:11:28.053871 IP 192.168.10.1.67 255.255.255.255.68: BOOTP/DHCP,
Reply,
length 318
17:11:28.055461 IP 0.0.0.0.68 255.255.255.255.67: BOOTP/DHCP, Request
from
X, length 302
17:11:28.056391 IP 192.168.10.1.67 255.255.255.255.68: BOOTP/DHCP,
Reply,
length 318
What did I miss ?
I follow the HowTo
http://www.openmaniak.com/vyatta_case_dhcp.php#dhcp-process which is
brilliant, thanks.
The only differents is that my DHCP is not on the router, but on
another PC.
Do I need to add a route to define the DHCP Server?
Do i need to add a data on
Re: [Vyatta-users] DHCP relay
Thanks Robyn,
My config
Internet - Untangle -- Switch and plug on the switch Vyatta Router, the
network 192.168.2.0, and the DHCP Server
Schema:
X - Vyatta --
Network 192.168.10.0
Internet --- Untangle Gateway --- Switch
X-- Network
192.168.2.0 + DHCP Server
My config on vyatta
protocols {
snmp {
community public {
client 192.168.2.5
client 192.168.2.99
}
trap-target 192.168.1.1
trap-target 192.168.10.1
contact: Network Administrator
location: X
}
static {
}
}
policy {
}
interfaces {
loopback lo {
address 10.0.0.65 {
prefix-length: 32
}
}
ethernet eth0 {
description: My Sub Net 10
hw-id: 00:03:47:06:39:9e
address 192.168.10.1 {
prefix-length: 24
}
}
ethernet eth1 {
disable: true
description: Not Working
hw-id: 00:06:5b:a5:29:10
}
ethernet eth2 {
description: Interface Out
hw-id: 00:0e:2e:98:18:80
address 192.168.2.10 {
prefix-length: 24
}
}
}
service {
dhcp-relay {
interface eth0
interface eth2
server 192.168.2.2
relay-options {
}
}
nat {
rule 1 {
type: masquerade
outbound-interface: eth2
}
rule 2 {
type: masquerade
inbound-interface: eth2
outbound-interface: eth0
protocols: all
source {
network: 192.168.2.0/24
}
destination {
network: 192.168.10.0/24
}
}
}
ssh {
}
webgui {
}
}
firewall {
}
}
system {
host-name: X
domain-name: .ac.id
domain-search {
domain X.ac.id
}
name-server 192.168.2.2
time-zone: GMT+7
ntp-server 69.59.150.135
gateway-address: 192.168.2.1
login {
user root {
authentication {
encrypted-password:
}
}
user vyatta {
authentication {
encrypted-password:
}
}
user networkadmin {
full-name: Network Administrator
authentication {
encrypted-password:
plaintext-password:
}
}
}
package {
repository community {
component: main
url: http://archive.vyatta.com/vyatta;
}
}
options {
}
}
The capture from a PC in the network 192.168.2.0
tshark -i eth2 port 67 and port 68 -Vn
Frame 5 (342 bytes on wire, 342 bytes captured)
Arrival Time: Dec 6, 2007 09:00:22.590416000
[Time delta from previous packet: 0.018551000 seconds]
[Time since reference or first frame: 0.019484000 seconds]
Frame Number: 5
Packet Length: 342 bytes
Capture Length: 342 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:bootp]
Ethernet II, Src: MacRouterEth2 (MacRouterEth2), Dst:
(XXX)
Destination: (X)
Address: (X)
...0 = IG bit: Individual address (unicast)
..0. = LG bit: Globally unique address
(factorydefault)
Source: MAC (MacRouterEth2)
Address: MacRouterEth2 (0MacRouterEth2)
...0 = IG bit: Individual address (unicast)
..0. = LG bit: Globally unique address
(factorydefault)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.2.10 (192.168.2.10), Dst: 192.168.2.196 (
192.168 .2.196)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00)
0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
..0. = ECN-Capable Transport (ECT): 0
...0 = ECN-CE: 0
Total Length: 328
Identification: 0x (0)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 16
Protocol: UDP (0x11)
Header checksum: 0x2377 [correct]
Re: [Vyatta-users] DHCP relay
Hi Damien,
Thanks for the extra info. I think the problem may be due to your
masquerade rules. Rule 1 is masquerading all traffic that leaves eth2.
So, anything with a source address of 192.168.10.x will be changed to a
source address of 192.168.2.10.
Rule 2 looks like it's basically doing the reverse. Why do you have
these masquerade rules configured? You shouldn't need any NAT for the 2
connected networks and this will confuse things as I think it may be
doing now.
Thanks,
Robyn
Dams wrote:
Thanks Robyn,
My config
Internet - Untangle -- Switch and plug on the switch Vyatta Router,
the network 192.168.2.0 http://192.168.2.0, and the DHCP Server
Schema:
X -
Vyatta -- Network 192.168.10.0 http://192.168.10.0
Internet --- Untangle Gateway --- Switch
X--
Network 192.168.2.0 http://192.168.2.0 + DHCP Server
My config on vyatta
protocols {
snmp {
community public {
client 192.168.2.5 http://192.168.2.5
client 192.168.2.99 http://192.168.2.99
}
trap-target 192.168.1.1 http://192.168.1.1
trap-target 192.168.10.1 http://192.168.10.1
contact: Network Administrator
location: X
}
static {
}
}
policy {
}
interfaces {
loopback lo {
address 10.0.0.65 http://10.0.0.65 {
prefix-length: 32
}
}
ethernet eth0 {
description: My Sub Net 10
hw-id: 00:03:47:06:39:9e
address 192.168.10.1 http://192.168.10.1 {
prefix-length: 24
}
}
ethernet eth1 {
disable: true
description: Not Working
hw-id: 00:06:5b:a5:29:10
}
ethernet eth2 {
description: Interface Out
hw-id: 00:0e:2e:98:18:80
address 192.168.2.10 http://192.168.2.10 {
prefix-length: 24
}
}
}
service {
dhcp-relay {
interface eth0
interface eth2
server 192.168.2.2 http://192.168.2.2
relay-options {
}
}
nat {
rule 1 {
type: masquerade
outbound-interface: eth2
}
rule 2 {
type: masquerade
inbound-interface: eth2
outbound-interface: eth0
protocols: all
source {
network: 192.168.2.0/24 http://192.168.2.0/24
}
destination {
network: 192.168.10.0/24 http://192.168.10.0/24
}
}
}
ssh {
}
webgui {
}
}
firewall {
}
}
system {
host-name: X
domain-name: .ac.id http://.ac.id
domain-search {
domain X.ac.id http://X.ac.id
}
name-server 192.168.2.2 http://192.168.2.2
time-zone: GMT+7
ntp-server 69.59.150.135 http://69.59.150.135
gateway-address: 192.168.2.1 http://192.168.2.1
login {
user root {
authentication {
encrypted-password:
}
}
user vyatta {
authentication {
encrypted-password:
}
}
user networkadmin {
full-name: Network Administrator
authentication {
encrypted-password:
plaintext-password:
}
}
}
package {
repository community {
component: main
url: http://archive.vyatta.com/vyatta;
}
}
options {
}
}
The capture from a PC in the network 192.168.2.0 http://192.168.2.0
tshark -i eth2 port 67 and port 68 -Vn
Frame 5 (342 bytes on wire, 342 bytes captured)
Arrival Time: Dec 6, 2007 09:00: 22.590416000
[Time delta from previous packet: 0.018551000 seconds]
[Time since reference or first frame: 0.019484000 seconds]
Frame Number: 5
Packet Length: 342 bytes
Capture Length: 342 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:bootp]
Ethernet II, Src: MacRouterEth2 (MacRouterEth2), Dst:
(XXX)
Destination: (X)
Address: (X)
...0 = IG bit: Individual address
(unicast)
..0. = LG bit: Globally unique
address (factory
Re: [Vyatta-users] DHCP relay in vif interfaces (vc3)
Thanks Marat, I will try it asap. Marat Nepomnyashy wrote: Hi Sergio, There is a limitation in the VC3 release in that only 'ethX' values can be specified for DHCP relay interfaces. This is due to overly stringent validation checks. I just opened a new bug on this: https://bugzilla.vyatta.com/show_bug.cgi?id=2473 A temporary work-around can be implemented using the attachments just added to Bug 2473. There is the attachment id 238 that should be copied over the runtime file '/opt/vyatta/share/xorp/templates/rl_dhcp.tp' on your router. You will also need to apply the patch in attachment id 239 to the runtime script file '/opt/vyatta/sbin/dhcrelay-starter.pl' to disable another validation check. You will have to reboot the router for the validation checks removals to take effect, so make sure you're running off a disk rather than CDROM, or the changes will be lost. Hope this works for now, -- Marat - Original Message - From: Sergio Garcia [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 14, 2007 4:34 AM Subject: [Vyatta-users] DHCP relay in vif interfaces (vc3) Hi all. I hope you can help me with this doubt :) I want to relay dhcp requests incoming from tree eth1 vif's to a dhcp server but Vyatta VC3 only allows me to select ethX interfaces (X goes from 0 to 23). Is it possible to do this? Launching dhcrelay manually is not a good solution, but if it is the only way I will accept. Thanks in advance ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users -- This mail has been sent through DS2 mail server ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] DHCP relay in vif interfaces (vc3)
Hi Sergio, There is a limitation in the VC3 release in that only 'ethX' values can be specified for DHCP relay interfaces. This is due to overly stringent validation checks. I just opened a new bug on this: https://bugzilla.vyatta.com/show_bug.cgi?id=2473 A temporary work-around can be implemented using the attachments just added to Bug 2473. There is the attachment id 238 that should be copied over the runtime file '/opt/vyatta/share/xorp/templates/rl_dhcp.tp' on your router. You will also need to apply the patch in attachment id 239 to the runtime script file '/opt/vyatta/sbin/dhcrelay-starter.pl' to disable another validation check. You will have to reboot the router for the validation checks removals to take effect, so make sure you're running off a disk rather than CDROM, or the changes will be lost. Hope this works for now, -- Marat - Original Message - From: Sergio Garcia [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 14, 2007 4:34 AM Subject: [Vyatta-users] DHCP relay in vif interfaces (vc3) Hi all. I hope you can help me with this doubt :) I want to relay dhcp requests incoming from tree eth1 vif's to a dhcp server but Vyatta VC3 only allows me to select ethX interfaces (X goes from 0 to 23). Is it possible to do this? Launching dhcrelay manually is not a good solution, but if it is the only way I will accept. Thanks in advance ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
