Multiple chrooted dhcp servers for vlans on Linux?
cra at WPI.EDU
Fri Feb 26 20:22:23 UTC 2016
This won't work unless you use separate full virtual machines...
You could make it work on a single machine maybe, but you'd need to
recompile the dhcpd with USE_SOCKETS. Then dhcpd will only work to
serve remote clients via a relay agent, not local clients directly
connected to the same VLAN as the server. This is because local
clients must be served via a raw socket rather than a normal udp
socket. The reason is that responses to local, on-link clients must
contain specific IP headers and MAC address headers that cannot be set
via a regular udp socket, such as the all-ones broadcast address. I
may have the exact details wrong, but that is the gist of it.
On Fri, Feb 26, 2016 at 10:51:41AM -0800, stevel_isc at jbco.com wrote:
> The goal is to have multiple chrooted dhcpd processes, one for each of four
> vlans, such that a compromise of a more public one won't affect a more
> private one.
> Server version is isc-dhcpd-4.3.3-P1 and Linux is a recent install of
> I've got them all running but looking at dhcpd processes in netstat I don't
> think it'll actually work in practice.
> Even though each one is specified to a particular vlan interface they all
> appear to be listening to 0.0.0.0 and I see nothing visible differentiating
> Are they really all listing on every vlan, and does that mean incoming
> requests over one vlan will be handled by whatever server happens to grab
> the request (3 out of 4 chance it's the wrong one)?
More information about the dhcp-users