DHCP and Win7
Sten Carlsen
stenc at s-carlsen.dk
Tue Feb 26 17:43:57 UTC 2013
A rogue server can be e.g. some unauthorised router or a linux system
put up by a non technical person.
The rogue server will receive the same discover message as they are
broadcast and be faster to answer so the PC will take the first offer
and ignore your authorised server. These things can be hard to locate if
you are not aware tat they may exist.
But as said by Grace - IP169.254.x.x clearly indicates that no DHCP
server has responded.
On 26/02/13 18:07, Héctor Herrera wrote:
> @Grace: The wired network it works. It has the IP 169.254.150.144. And
> I'm sure the cable works properly, when I tried static IP
> configuration on my PC and on the server, I can connect the server by SSH.
>
> @Sten: What do you mean by 'Rogue server'?
> About the logs, I have only information about listening in eth0.
> Here's the log of /var/log/messages:
>
> Feb 26 11:46:42 communication-server kernel: [ 5842.440825] eth0: link
> down
> Feb 26 11:46:54 communication-server kernel: [ 5853.997185] eth0: link
> up, 100Mbps, full-duplex, lpa 0xCDE1
> Feb 26 11:47:47 communication-server kernel: [ 5907.387040] ip_tables:
> (C) 2000-2006 Netfilter Core Team
> Feb 26 11:48:04 communication-server kernel: [ 5923.659054]
> nf_conntrack version 0.5.0 (16139 buckets, 64556 max)
> Feb 26 11:48:04 communication-server kernel: [ 5923.659917]
> CONFIG_NF_CT_ACCT is deprecated and will be removed soon. Please use
> Feb 26 11:48:04 communication-server kernel: [ 5923.659922]
> nf_conntrack.acct=1 kernel parameter, acct=1 nf_conntrack module option or
> Feb 26 11:48:04 communication-server kernel: [ 5923.659925] sysctl
> net.netfilter.nf_conntrack_acct=1 to enable it.
> Feb 26 12:23:26 communication-server kernel: [ 8045.972235] device
> eth0 entered promiscuous mode
> Feb 26 12:23:36 communication-server kernel: [ 8055.894186] eth0: link
> down
> Feb 26 12:23:41 communication-server kernel: [ 8060.958909] eth0: link
> up, 100Mbps, full-duplex, lpa 0xCDE1
> Feb 26 12:58:15 communication-server kernel: [10134.684416] device
> eth0 left promiscuous mode
>
>
> Should I use eth0 on promiscuous mode? I've tried that, but isn't
> working... And about the sniffing, my server listens for any DHCP
> query on eth0, so I used ngrep -d eth0 (listen all the traffic on
> eth0), and nothing...
>
>
> 2013/2/26 Sten Carlsen <stenc at s-carlsen.dk <mailto:stenc at s-carlsen.dk>>
>
> Just a thought: Rogue DHCP server?
>
> Server logs, will contain info if discover is received.
>
> sniffing at the server to see if any discover packets arrive.
>
>
> On 26/02/13 16:57, Héctor Herrera wrote:
>> I had tested with static. It works. Both cards (in the DHCP
>> server) are working fine. And also I tried to catch with a
>> sniffer in the network between Win7 and my DHCP server, and I got
>> nothing :(
>>
>>
>> 2013/2/26 ?ukasz Siemiradzki <lukasz.siemiradzki at gmail.com
>> <mailto:lukasz.siemiradzki at gmail.com>>
>>
>> Hello!
>> Are you sure that your problem lies on DHCP level? Have you
>> tested the connectivity between windows 7 client and the dhcp
>> server using static addresses?
>> If so and there is connectivity - can you start sniffer (i.e.
>> wireshark) on Win7, configure it to listen on an active
>> interface and gather data?
>> BR
>> ?S
>>
>>
>> 2013/2/26 Héctor Herrera <hherreraa at gmail.com
>> <mailto:hherreraa at gmail.com>>
>>
>> Well, I assume the trouble here is Win7. But, why? That's
>> my question. I don't understand why Win7 isn't asking the
>> DHCP server for an IP address. (Or maybe is the DHCP
>> server the trouble? I don't really understand it, that's
>> why isn't so clear my question)
>>
>> I'm trying to collect information in the network between
>> my Win7 test machine and the server. The network is dead,
>> I haven't received any information. And I'm renewing all
>> the connections in Win7 (ipconfig /renew).
>>
>> BTW, I tried with both ethernet interfaces for the IP
>> information (I configured the server on eth0 and eth1),
>> without good results. I dunno what else can I do. Do you
>> have any ideas?
>>
>>
>> 2013/2/26 Oskar Berggren <oskar.berggren at gmail.com
>> <mailto:oskar.berggren at gmail.com>>
>>
>> You started with "unable to send IP addresses to
>> Win7" but with your
>> latest info it seems like the proper question is the
>> reverse: "why
>> can't win7 send DHCP requests to my DHCP server?".
>>
>> Is Win7 configured to use DHCP?
>> If you use wireshark or tcpdump on Win7 and on the
>> DHCP server, do you
>> see any DHCPDISCOVER from the Win7 machine?
>>
>> /Oskar
>>
>>
>> 2013/2/26 Héctor Herrera <hherreraa at gmail.com
>> <mailto:hherreraa at gmail.com>>:
>> > That´s the trouble, I haven't any information about
>> Windows 7 asking for an
>> > IP to my server.
>> >
>> > This is my dhcpd.conf. It's really basic because I
>> want, first of all, the
>> > service working:
>> >
>> > option domain-name "galatea.cl <http://galatea.cl>";
>> > option domain-name-servers 8.8.8.8, 200.62.222.222;
>> > option routers 192.168.1.1;
>> > default-lease-time 600;
>> > max-lease-time 7200;
>> > server-identifier 192.168.1.1;
>> > #ddns-update-style none;
>> > authoritative;
>> > log-facility local7;
>> >
>> > subnet 192.168.1.0 netmask 255.255.255.0 {
>> > range 192.168.1.15 192.168.1.100;
>> > }
>> >
>> > I have some rules on iptables too:
>> >
>> > Generated by iptables-save v1.4.8 on Tue Feb 26
>> 11:48:15 2013
>> > *nat
>> > :PREROUTING ACCEPT [4:312]
>> > :POSTROUTING ACCEPT [0:0]
>> > :OUTPUT ACCEPT [0:0]
>> > -A PREROUTING -s 192.168.0.0/24
>> <http://192.168.0.0/24> -p tcp -m tcp --dport 80 -j
>> REDIRECT
>> > --to-ports 3128
>> > -A PREROUTING -s 192.168.1.0/24
>> <http://192.168.1.0/24> -p tcp -m tcp --dport 80 -j
>> REDIRECT
>> > --to-ports 3128
>> > COMMIT
>> > # Completed on Tue Feb 26 11:48:15 2013
>> > # Generated by iptables-save v1.4.8 on Tue Feb 26
>> 11:48:15 2013
>> > *filter
>> > :INPUT ACCEPT [27:2066]
>> > :FORWARD ACCEPT [0:0]
>> > :OUTPUT ACCEPT [13:1324]
>> > -A INPUT -i eth1 -p tcp -m state --state NEW -m tcp
>> --dport 3128 -j ACCEPT
>> > COMMIT
>> > # Completed on Tue Feb 26 11:48:15 2013
>> >
>> > I don't have any other information. As I said, the
>> logs doesn't show me
>> > information about Win7. Oh, and Win7 hasn't active
>> the Firewall Service.
>> >
>> >
>> > 2013/2/26 Steven Carr <sjcarr at gmail.com
>> <mailto:sjcarr at gmail.com>>
>> >>
>> >> Can you see the requests coming in to the DHCP
>> server from the Windows
>> >> 7 client? and can you also perform a packet
>> capture on the Windows 7
>> >> machine to see if it is receiving the responses
>> from the DHCP server.
>> >> If you can upload the logs (sanitised) and the
>> packet capture then I
>> >> can have a look.
>> >>
>> >> Steve
>> >>
>> >>
>> >> On 26 February 2013 13:10, Héctor Herrera
>> <hherreraa at gmail.com <mailto:hherreraa at gmail.com>> wrote:
>> >> > Greetings to all!
>> >> >
>> >> > I have an issue with DHCP and Win7. I'm working
>> with Debian 6.0.6, and
>> >> > I''m
>> >> > trying to mount a DHCP server on it (DHCP ver.
>> 4.1.1). But I'm unable to
>> >> > send IP addresses to Win7 machines. I tried with
>> other OS (specifically
>> >> > Arch
>> >> > Linux and WinXP), and the server sends IP
>> addresses to them, but with
>> >> > Win7... I cannot
>> >> >
>> >> > May someone knows how to handle it? And if it
>> so, can someone send some
>> >> > information?
>> >> >
>> >> > Thanks to all!
>> >> >
>> >> > P.D: Sorry about the English, it isn't my first
>> language :P
>> >> >
>> >> > --
>> >> > Saludos
>> >> >
>> >> > Héctor Herrera Anabalón
>> >> > Egresado ICCI UNAP
>> >> > Servicio Arquitectura Galatea - Oficina Técnica
>> http://www.galatea.cl
>> >> > Miembro USoLIX Victoria
>> >> > Registered User #548600 (LinuxCounter.net)
>> >> >
>> >> > _______________________________________________
>> >> > dhcp-users mailing list
>> >> > dhcp-users at lists.isc.org
>> <mailto:dhcp-users at lists.isc.org>
>> >> > https://lists.isc.org/mailman/listinfo/dhcp-users
>> >> _______________________________________________
>> >> dhcp-users mailing list
>> >> dhcp-users at lists.isc.org
>> <mailto:dhcp-users at lists.isc.org>
>> >> https://lists.isc.org/mailman/listinfo/dhcp-users
>> >
>> >
>> >
>> >
>> > --
>> > Saludos
>> >
>> > Héctor Herrera Anabalón
>> > Egresado ICCI UNAP
>> > Servicio Arquitectura Galatea - Oficina Técnica
>> http://www.galatea.cl
>> > Miembro USoLIX Victoria
>> > Registered User #548600 (LinuxCounter.net)
>> >
>> > _______________________________________________
>> > dhcp-users mailing list
>> > dhcp-users at lists.isc.org
>> <mailto:dhcp-users at lists.isc.org>
>> > https://lists.isc.org/mailman/listinfo/dhcp-users
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> <mailto:dhcp-users at lists.isc.org>
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>>
>>
>>
>> --
>> Saludos
>>
>> *Héctor Herrera Anabalón*
>> Egresado ICCI UNAP
>> Servicio Arquitectura Galatea - Oficina Técnica
>> http://www.galatea.cl
>> Miembro USoLIX Victoria
>> Registered User #548600 (LinuxCounter.net)
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org <mailto:dhcp-users at lists.isc.org>
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>>
>>
>>
>> --
>>
>> "Omnes homines natura scire desiderant"
>> Aristotelis
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org <mailto:dhcp-users at lists.isc.org>
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>>
>>
>>
>> --
>> Saludos
>>
>> *Héctor Herrera Anabalón*
>> Egresado ICCI UNAP
>> Servicio Arquitectura Galatea - Oficina Técnica http://www.galatea.cl
>> Miembro USoLIX Victoria
>> Registered User #548600 (LinuxCounter.net)
>>
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org <mailto:dhcp-users at lists.isc.org>
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>
> --
> Best regards
>
> Sten Carlsen
>
> No improvements come from shouting:
>
> "MALE BOVINE MANURE!!!"
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org <mailto:dhcp-users at lists.isc.org>
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
>
>
>
> --
> Saludos
>
> *Héctor Herrera Anabalón*
> Egresado ICCI UNAP
> Servicio Arquitectura Galatea - Oficina Técnica http://www.galatea.cl
> Miembro USoLIX Victoria
> Registered User #548600 (LinuxCounter.net)
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
--
Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20130226/669cf5ba/attachment-0001.html>
More information about the dhcp-users
mailing list