Shared Network Behind a Relay

commo dore commonanog at
Mon Nov 3 23:54:19 UTC 2008

Ive been looking for a while on this issue, and I havent had much luck

Basic concept is a centralized DHCP Server

Known users      -->
                                  (eth2) Router A
(eth1)-------------------->(eth1) DHCP Server
Unknown Users --->

I want to assign unknown users an iprange of untill they are
added to known lists then they will get an ip in the public ip range(ie

Basicly an unkown users can only reach internal devices, and cant "go out"
to the public internet

so something like this:

shared-network test {
        subnet A.B.0.0 netmask {
                option routers A.B.0.1;
                range A.B.0.200 A.B.0.210;
                deny unknown-clients;
        subnet netmask {
                option routers;
                allow unknown-clients;

Now Router A
eth2 A.B.0.1
DHCP Server
eth1 A.B.0.100

So whenever the Relay on Router A forwards the request the giaddr is A.B.0.1
so it only wants to assign an ip address back in that range. (and that works
just fine).  Somehow I need to set it so that if giaddr is A.B.0.1 and its
an unknown host then assign it in the public range.

Any thoughts?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the dhcp-users mailing list