Reconfig of dhcp.conf

[Glenn Satchell]

>Date: Wed, 25 Nov 2009 08:32:48 -0500
>From: Chris Arnold <carnold at electrichendrix.com>
>
>On 11/25/09 1:12 AM, "Glenn Satchell" <Glenn.Satchell at uniq.com.au> wrote:
>
>> Hi Chris
>> 
>> Do you still have a shared network with 192.168.123.0 and 192.168.124.0
>> on the same physical segment?
>
>No sir, they are not on the same physical segment
>
>> If not then your new config should be fine, and hosts on each of the
>> physical networks will get addresses in that range.
>
>Nothing on any subnet is getting ip's. Is there a dhcp log I can take a look
>at? I have opened dhcp-relay ports (67 and 68) from both the dmz to trust
>and trust to dmz to no avail. The dhcp server is on the dmz network. This
>server has dual nic's and each nic has a different ip/subnet. Ex. eth0
>192.168.124.x with gateway of 192.168.124.x and eth1 192.168.123.x with
>gateway of 192.168.123.x. I have also, on the juniper firewall, enabled
>dhcp-relay on the interfaces (dmz and trust).

So are the networks where the clients are different IP ranges to the
server's networks? Does that mean the firewall bridges between the
different parts of the  two subnets?

Can you snoop traffic on the server to see if the discover packets are
making it to the server? Getting dhcp through a firewall also requires
allowing broadcast traffic from src ip 0.0.0.0 to destination
255.255.255.255. The dhcp logs should help a bit.

By default the DHCP server logs to the daemon facility in syslog. So
check /etc/syslog.conf to see where that gets written.

See the dhcpd.conf man page for the log-facility command so you can set
up a dedicated log file just for dhcp.

regards,
-glenn