Hi all,

I am having a ton of trouble setting up my home network. I have 3 ethernets
on my firewall. eth0 goes to the DSL modem, eth1 connects to a subnet
and eth2 connects to another. I have setup the routing table to work. And
I have the following setting in my dhcpd.conf

It makes sense to me, HOWEVER, when I turn on dhcpd, it works most of the
time but sometimes it grants the wrong subnet address, i.e., it will grant
192.168.37.249 to eth1 !!

any help is appreciated!



#eth1: 192.168.1.0
#eth2: 192.168.37.0

subnet 192.168.1.0 netmask 255.255.255.0
{
default-lease-time 864000; #10 day
range 192.168.1.31 192.168.1.249;
option broadcast-address 192.168.1.255;
option routers 192.168.1.9;
option subnet-mask 255.255.255.0;
}

subnet 192.168.37.0 netmask 255.255.255.0
{
default-lease-time 864000; #10 day
range 192.168.37.31 192.168.37.249;
option broadcast-address 192.168.37.255;
option routers 192.168.37.9;
option subnet-mask 255.255.255.0;
}
group {
host router2 {
hardware ethernet blah:blah:blah:blah:blah:blah;
fixed-address 192.168.1.1;
}

---------------------------------


Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
62.122.68.204 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.37.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 62.122.68.204 0.0.0.0 UG 0 0 0 ppp0


etc....

#

randome_profile@yahoo.com wrote:
> I am having a ton of trouble setting up my home network. I have 3 ethernets
> on my firewall. eth0 goes to the DSL modem, eth1 connects to a subnet
> and eth2 connects to another. I have setup the routing table to work. And
> I have the following setting in my dhcpd.conf

Why dhcp? Oh, to get an address off the dsl router?

> It makes sense to me, HOWEVER, when I turn on dhcpd, it works most of the

Eh? dhcpd is not what you should be running. You want dhclient, to get
an address via dhcp.

> time but sometimes it grants the wrong subnet address, i.e., it will grant
> 192.168.37.249 to eth1 !!

I don't understand what you are trying to do. dhcpd does not grant
addresses to interfaces.

> any help is appreciated!

Unconfuse yourself and ask again would seem to be the best bet!

The below is a dhcpd conf file, which I assume from the description
above that you do not want.

[snip]

Peter

geeze, I wasn't totally clear but I assumed everyone here has experience
with this kind of setup. I have a DSL connection to the internet, I use
a linux box as a firewall and a dhcp server to my home network. My DSL
connection works fine via PPPoe. My home network of 10 computers
(roomates like computers) work via DHCP.

The following setup works:

eth0: dsl connection
eth1: dhcp network : range: 192.168.1.31 to 192.168.1.249

now I want to do the following (reason, just to save cabling in my house!):

eth0: dsl connection
eth1: dhcp network: range 192.168.1.31 to 192.168.1.249
eth2: dhcp network: range 192.168.37.31 to 192.168.37.249

as shown in my dhcpd.conf file.... but this doesn't work! the dhcpd
server cannot grant addresses properly to the eth1 and eth2 subnets

LOL I am not confused but I would think most knowledgable ppl here know
what I am talking about.....

Peter T. Breuer wrote:

>randome_profile@yahoo.com wrote:
>
>
>>I am having a ton of trouble setting up my home network. I have 3 ethernets
>>on my firewall. eth0 goes to the DSL modem, eth1 connects to a subnet
>>and eth2 connects to another. I have setup the routing table to work. And
>>I have the following setting in my dhcpd.conf
>>
>>
>
>Why dhcp? Oh, to get an address off the dsl router?
>
>
>
>>It makes sense to me, HOWEVER, when I turn on dhcpd, it works most of the
>>
>>
>
>Eh? dhcpd is not what you should be running. You want dhclient, to get
>an address via dhcp.
>
>
>
>>time but sometimes it grants the wrong subnet address, i.e., it will grant
>>192.168.37.249 to eth1 !!
>>
>>
>
>I don't understand what you are trying to do. dhcpd does not grant
>addresses to interfaces.
>
>
>
>>any help is appreciated!
>>
>>
>
>Unconfuse yourself and ask again would seem to be the best bet!
>
>The below is a dhcpd conf file, which I assume from the description
>above that you do not want.
>
>[snip]
>
>Peter
>
>

randome_profile@yahoo.com wrote:
> geeze, I wasn't totally clear but I assumed everyone here has experience
> with this kind of setup.

WHAT kind of setup?


> I have a DSL connection to the internet,

So do I. The DSL router is a dhcp server. It has to be, since in
principle it will require a dhcp contact before it will pass packets
to/from that MAC, since it's not silly :-) (it's a built-in firewalling
facility).

> I use
> a linux box as a firewall and a dhcp server to my home network.

Your home network does not change. All you want to do is do NAT on the
firewall for the rest.

> My DSL
> connection works fine via PPPoe. My home network of 10 computers
> (roomates like computers) work via DHCP.

Well, then the fact that you have a DSL connection appears irrelevant.
Why mention it? Is it interfering in some way?

> The following setup works:

> eth0: dsl connection
> eth1: dhcp network : range: 192.168.1.31 to 192.168.1.249

I'm not sure what you mean. This is simply a standard intranet.
Interesting that you chose the .1 subnet. That usually indicates that
some router has decided to take it for you, and is sitting at .1.1
as a gateway.

> now I want to do the following (reason, just to save cabling in my house!):

> eth0: dsl connection
> eth1: dhcp network: range 192.168.1.31 to 192.168.1.249

Well, this is OK. Different subnets so no problem.

> eth2: dhcp network: range 192.168.37.31 to 192.168.37.249

> as shown in my dhcpd.conf file.... but this doesn't work! the dhcpd


It works just fine. You want to define netmasks of /24 on the two
interfaces (so they don't overlap), and then have two different
subnet defns in your dhcpd.conf file.

subnet 192.168.1.0 netmask 255.255.255.0 {
...
range 192.168.1.31 192.168.1.249;
}
subnet 192.168.37.0 netmask 255.255.255.0 {
...
range 192.168.37.31 192.168.37.249;
}

and there you are.

> server cannot grant addresses properly to the eth1 and eth2 subnets

Oh yes it can.

> LOL I am not confused but I would think most knowledgable ppl here know
> what I am talking about.....

Then you would be wrong, because we cannot read your mind. You say, or
shut.

And please do NOT top post!

It is important that you get the subnet mask and broadcast addresses
right on the intefaces.

It is also important that you have a copy of dhcpd that does not have
the bug that it runs on all interfaces instead of just the designated
ones.

SYNOPSIS
dhcpd [ -p port ] [ -f ] [ -d ] [ -q ] [ -cf config-file ]
[ -lf lease-file ] [ if0 [ ...ifN ] ]
^^^^^^^^^^^^^^^^ these are the interfaces

I reported that bug ages ago, at least a year ago, probably two or
three.

(note that if you wanted to you could run different servers on
different interfaces with different config files, if the server
doesn't have the multiinterface bug)

We expect that you read the manual page.


Peter

Ok, I don't understand some points. Obviously, you know dhcpd quite well.

1. how do you run multiple instances of dhcpd, when I run it a second
time with a second configuration file

I already run: dhcpd eth1

yosemite/root{352}% dhcpd -d -cf /etc/dhcpd2.conf eth2
Internet Software Consortium DHCP Server V3.0pl1
Copyright 1995-2001 Internet Software Consortium.
All rights reserved.
For info, please visit http://www.isc.org/products/DHCP
Wrote 0 deleted host decls to leases file.
Wrote 0 new dynamic host decls to leases file.
Wrote 0 leases to leases file.
Listening on LPF/eth2/00:20:af:6e:fd:a7/LOCAL-NET
Sending on LPF/eth2/00:20:af:6e:fd:a7/LOCAL-NET
Sending on Socket/fallback/fallback-net
There's already a DHCP server running.

If you did not get this software from ftp.isc.org, please
get the latest from ftp.isc.org and install that before

..... and it exits. I think it has something to do witht the *.pid file,
but dhcpd MAN page which I read doesn't tell me how to do it....

2. my configuration for one dhcpd instance is:


subnet 192.168.1.0 netmask 255.255.255.0
{
default-lease-time 864000; #10 day
range 192.168.1.31 192.168.1.249;
option broadcast-address 192.168.1.255;
option routers 192.168.1.9;
option subnet-mask 255.255.255.0;
}

subnet 192.168.37.0 netmask 255.255.255.0
{
default-lease-time 864000; #10 day
range 192.168.37.31 192.168.37.249;
option broadcast-address 192.168.37.255;
option routers 192.168.37.9;
option subnet-mask 255.255.255.0;
}

and I run

dhcpd eth1 eth2

and I get

Oct 19 00:01:12 yoste dhcpd: Listening on
LPF/eth2/00:20:af:6e:33:a7/LOCAL-NET
Oct 19 00:01:12 yoste dhcpd: Sending on
LPF/eth2/00:20:af:6e:33:a7/LOCAL-NET
Oct 19 00:01:12 yoste dhcpd: Listening on
LPF/eth1/52:54:00:de:22:40/LOCAL-NET
Oct 19 00:01:12 yoste dhcpd: Sending on
LPF/eth1/52:54:00:de:22:40/LOCAL-NET

and then when the dhcpd server works.... it grants a address of
192.168.37.249 to the eth1 interface

btw my route table is

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
62.122.68.204 0.0.0.0 255.255.255.255 UH 0 0 0
ppp0
192.168.37.0 0.0.0.0 255.255.255.0 U 0 0 0
eth2
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0
eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 62.122.68.204 0.0.0.0 UG 0 0 0
ppp0

so that's my problem , TO ME, it is granting the wrong address on eth1



Peter T. Breuer wrote:

>randome_profile@yahoo.com wrote:
>
>
>>geeze, I wasn't totally clear but I assumed everyone here has experience
>>with this kind of setup.
>>
>>
>
>WHAT kind of setup?
>
>
>
>
>>I have a DSL connection to the internet,
>>
>>
>
>So do I. The DSL router is a dhcp server. It has to be, since in
>principle it will require a dhcp contact before it will pass packets
>to/from that MAC, since it's not silly :-) (it's a built-in firewalling
>facility).
>
>
>
>>I use
>>a linux box as a firewall and a dhcp server to my home network.
>>
>>
>
>Your home network does not change. All you want to do is do NAT on the
>firewall for the rest.
>
>
>
>>My DSL
>>connection works fine via PPPoe. My home network of 10 computers
>>(roomates like computers) work via DHCP.
>>
>>
>
>Well, then the fact that you have a DSL connection appears irrelevant.
>Why mention it? Is it interfering in some way?
>
>
>
>>The following setup works:
>>
>>
>
>
>
>>eth0: dsl connection
>>eth1: dhcp network : range: 192.168.1.31 to 192.168.1.249
>>
>>
>
>I'm not sure what you mean. This is simply a standard intranet.
>Interesting that you chose the .1 subnet. That usually indicates that
>some router has decided to take it for you, and is sitting at .1.1
>as a gateway.
>
>
>
>>now I want to do the following (reason, just to save cabling in my house!):
>>
>>
>
>
>
>>eth0: dsl connection
>>eth1: dhcp network: range 192.168.1.31 to 192.168.1.249
>>
>>
>
>Well, this is OK. Different subnets so no problem.
>
>
>
>>eth2: dhcp network: range 192.168.37.31 to 192.168.37.249
>>
>>
>
>
>
>>as shown in my dhcpd.conf file.... but this doesn't work! the dhcpd
>>
>>
>
>
>It works just fine. You want to define netmasks of /24 on the two
>interfaces (so they don't overlap), and then have two different
>subnet defns in your dhcpd.conf file.
>
> subnet 192.168.1.0 netmask 255.255.255.0 {
> ...
> range 192.168.1.31 192.168.1.249;
> }
> subnet 192.168.37.0 netmask 255.255.255.0 {
> ...
> range 192.168.37.31 192.168.37.249;
> }
>
>and there you are.
>
>
>
>>server cannot grant addresses properly to the eth1 and eth2 subnets
>>
>>
>
>Oh yes it can.
>
>
>
>>LOL I am not confused but I would think most knowledgable ppl here know
>>what I am talking about.....
>>
>>
>
>Then you would be wrong, because we cannot read your mind. You say, or
>shut.
>
>And please do NOT top post!
>
>It is important that you get the subnet mask and broadcast addresses
>right on the intefaces.
>
>It is also important that you have a copy of dhcpd that does not have
>the bug that it runs on all interfaces instead of just the designated
>ones.
>
> SYNOPSIS
> dhcpd [ -p port ] [ -f ] [ -d ] [ -q ] [ -cf config-file ]
> [ -lf lease-file ] [ if0 [ ...ifN ] ]
> ^^^^^^^^^^^^^^^^ these are the interfaces
>
>I reported that bug ages ago, at least a year ago, probably two or
>three.
>
>(note that if you wanted to you could run different servers on
>different interfaces with different config files, if the server
>doesn't have the multiinterface bug)
>
>We expect that you read the manual page.
>
>
>Peter
>
>

Peter T. Breuer wrote:

> randome_profile@yahoo.com wrote:
>
>>geeze, I wasn't totally clear but I assumed everyone here has experience
>>with this kind of setup.
>
>
> WHAT kind of setup?
>
>
>
>>I have a DSL connection to the internet,
>
>
> So do I. The DSL router is a dhcp server. It has to be, since in
> principle it will require a dhcp contact before it will pass packets
> to/from that MAC, since it's not silly :-) (it's a built-in firewalling
> facility).

Sigh. New news client, gotta re-install my Peter Breuer filters.

In any case, while most "cable routers/firewalls" are DHCP servers,
there is absolutely no requirement that they be. As long as the firewall
clients have their network configuration set up appropriately with an IP
in the correct network range, netwask, and the gateway set up to point
to the "router", it works just fine.

This information is *usually* published to the clients by DHCP on the
router, but it need not be.

Nico Kadel-Garcia <nkadel@comcast.net> wrote:
> Peter T. Breuer wrote:
> > WHAT kind of setup?
> >
> > randome_profile@yahoo.com wrote:
> >>I have a DSL connection to the internet,
> >
> > So do I. The DSL router is a dhcp server. It has to be, since in
> > principle it will require a dhcp contact before it will pass packets
> > to/from that MAC, since it's not silly :-) (it's a built-in firewalling
> > facility).

> Sigh. New news client, gotta re-install my Peter Breuer filters.

Do you go out of your way to be insulting and annoying, or are you just
bad over breakfast?

> In any case, while most "cable routers/firewalls" are DHCP servers,

There you are! And that's what I was telling the bloke, who assumed for
some reason that we could see through the internet and out of his eyes
and determine what kind of setup he has.

> there is absolutely no requirement that they be.

Well, there is, if they are routers between the internet and a private
range such as 10. or 192.168., which is the usual situation. I'll let
you think of it.

> As long as the firewall
> clients have their network configuration set up appropriately with an IP
> in the correct network range, netwask, and the gateway set up to point
> to the "router", it works just fine.

Except that "it" does not include any protocol which replies to your
client, if your client is on a non-routable IP address. Aha!

> This information is *usually* published to the clients by DHCP on the
> router, but it need not be.

And corrrrrrekt me if I am wring, but I seem to recall the OP was on a
192.168.1. net.

Peter