Problem with shared-network

robert at spotswood-computer.net robert at spotswood-computer.net
Thu Jun 4 17:38:42 UTC 2015


<aside>I use ignore rather than deny to keep my logs cleaner. Deny logs
every attempt. The ignore just ignores. And yes, I realize mac filtering
can be easily defeated by a knowledgeable opponent. A weak attempt at
security is not my purpose for using mac lists.</aside>

I did not have pools. Now I do. Unfortunately, I still get the same
behavior. Just for kicks, I reversed the order of the subnets, and to my
surprise, still got the same behavior, except now the 192 subnet still
works. So the pools helped. This makes me believe the problem is the 10
subnet declaration.

I removed the 192 subnet and the shared-network and just left the 10
subnet. When I attempted to restart the DHCP server, I got the no subnet
declaration for eth0 and it exited. Adding eth0:1 to both the command line
and /etc/defaults/isc-dhcp-server did not change the result, only the
error message: "No subnet declaration for eth0:1 (No IPv4 addresses)"

So despite the shared-network statement, the DHCP server still doesn't
recognize virtual interfaces??? Can this be right?

> I'm not an expert, but I have something like this and did a little
> digging. Documentation seems to indicate the allow/deny you are trying is
> a pool-level declaration, and that's where I'm using them successfully.
> You don't appear to have a pool defined unless it's part of what you
> snipped.
>
> Oh, and they use allow/deny rather than allow/ignore, which may be
> pertinent. I certainly don't know all the options that work or don't.
>
> Is it possible that what you want is something like
>
> shared-network my-net {
>         subnet 192.168.200.0 netmask 255.255.255.0 {
>                 pool {
>                         deny unknown-clients;
>                         range 192.168.200.194 192.168.200.200;
>                 } # pool declaration
>         subnet #second subnet
>                  pool { #second pool declaration }
>
> ________________________________________
> From: dhcp-users-bounces at lists.isc.org [dhcp-users-bounces at lists.isc.org]
> on behalf of robert at spotswood-computer.net [robert at spotswood-computer.net]
> Sent: Thursday, June 04, 2015 11:16 AM
> To: dhcp-users at lists.isc.org
> Subject: Problem with shared-network
>
> I have a Debian 7.0 running isc-dhcp-server 4.2.2.
>
> My server has a single NIC, and using iproute, I've added additional
> addresses (some lines snipped for brevity):
>
> eth0      Link encap:Ethernet  HWaddr 00:50:56:XX:XX:XX
>           inet addr:192.168.220.111  Bcast:192.168.220.255
> Mask:255.255.255.0
>
> eth0:1    Link encap:Ethernet  HWaddr 00:50:56:XX:XX:XX
>           inet addr:10.111.111.1  Bcast:10.255.255.255  Mask:255.255.255.0
>
> My goal is for the dhcp server to hand out unknown clients addresses from
> the 10.111.111.X pool, and known client to get something from the
> 192.168.220.X pool. Since these are on the same subnet, I [believe] this
> requires a shared-network block. My dhcpd.conf file looks like (with
> comments and global options stripped out for brevity):
>
> shared-network my-net {
>         subnet 192.168.200.0 netmask 255.255.255.0 {
>                 range 192.168.200.194 192.168.200.200;
>                 range 192.168.200.215 192.168.200.250;
>
>                 ignore unknown-clients;
>   <bunch of options removed>
>         } #subnet 192.168.200.0
>
>         subnet 10.111.111.0 netmask 255.255.255.0 {
>                 range 10.111.111.5 10.111.111.200;
>                 allow unknown-clients;
> <bunch of options removed>
>         } #subnet 10.111.111.0
> } #shared-network
>
> It runs, but only gives out 192 addresses. If I reverse the order, so the
> 10 subnet declaration comes first, then it hands out 10 addresses, but not
> 192 addresses.
>
> Any ideas what I am doing wrong?
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>




More information about the dhcp-users mailing list