Reconfig of dhcp.conf

Glenn Satchell Glenn.Satchell at
Wed Nov 25 14:25:48 UTC 2009

>Date: Wed, 25 Nov 2009 09:14:56 -0500
>From: Chris Arnold <carnold at>
>On 11/25/09 9:04 AM, "Glenn Satchell" <Glenn.Satchell at> wrote:
>>> Date: Wed, 25 Nov 2009 08:32:48 -0500
>>> From: Chris Arnold <carnold at>
>>> On 11/25/09 1:12 AM, "Glenn Satchell" <Glenn.Satchell at> wrote:
>>>> Hi Chris
>>>> Do you still have a shared network with and
>>>> on the same physical segment?
>>> No sir, they are not on the same physical segment
>>>> If not then your new config should be fine, and hosts on each of the
>>>> physical networks will get addresses in that range.
>>> Nothing on any subnet is getting ip's. Is there a dhcp log I can take a look
>>> at? I have opened dhcp-relay ports (67 and 68) from both the dmz to trust
>>> and trust to dmz to no avail. The dhcp server is on the dmz network. This
>>> server has dual nic's and each nic has a different ip/subnet. Ex. eth0
>>> 192.168.124.x with gateway of 192.168.124.x and eth1 192.168.123.x with
>>> gateway of 192.168.123.x. I have also, on the juniper firewall, enabled
>>> dhcp-relay on the interfaces (dmz and trust).
>> So are the networks where the clients are different IP ranges to the
>> server's networks?
>Yes, sir
>> Does that mean the firewall bridges between the
>> different parts of the  two subnets?
>Yes, sir (I would assume so)
>> Can you snoop traffic on the server to see if the discover packets are
>> making it to the server? Getting dhcp through a firewall also requires
>> allowing broadcast traffic from src ip to destination
>> The dhcp logs should help a bit.
>I only see 192.168.124 traffic in the dhcp logs. Nothing from 192.168.123
>network; which makes sense, since 192.168.124 is dmz traffic and the dhcp
>server is in the dmz = no need for a policy to allow dhcp traffic. When I
>insert a policy for broadcast traffic, the firewall errors
>out and says something about VPN (I have not made it that far yet), so I
>don't think this is needed in the firewall (I could be wrong)?
>I would offer a "webex" meeting using mikogo if you like so you can see
>exactly what is happenning. Let me know

With a bit of ascii art can you draw the network diagram showing where
the various networks, server and firewall are set up? Here's a starting
point based on how I think you've described things so far:   dhcp server  
| | | |                                                      | | | |
dhcp clients                                             dhcp clients

And can you include dhcpd.conf again please?


More information about the dhcp-users mailing list