[Dnsmasq-discuss] DHCP Relay, assign address from other vlan, with no dhcp listening on it

SpiderX spiderx at spiderx.dp.ua
Mon Sep 12 10:45:44 BST 2011 

Shantanu Gadgil
I don't understand how dhcp-proxy will help me.
As I understand from man, dhcp-proxy is needed in case I need unicast
dhcp packet from client came through dhcp relay too.
In my situation dnsmasq dont accept even relayed broadcast client packet.
And I have already tried this option with no success.

Hello Michael.
> Your DHCP-Server have to choose the dhcp-range from the information "dhcp-circuitid".
Thats what I need to know.
I use ISC dhcp for a long time. My setup working with it, but because
of tftp and dhs support in dnsmasq I always want to try it.
Now I see that it cannot suit my needs.

> But, why are you using DHCP-Relay on your VLAN-Layer2-Switch?
Because it's as close to the client as possible.

> Is your VLAN transparent switched from your DNSMASQ-Box to your client?
No. Topology, which I described in my first letter, just is example,
but this is a working with ISC dhcp example.
In production I have setup in which dhcp server is standalone server
with no client's vlans (vlan0002,vlan0003).

> Let DNSMASQ listen on vlan2 and add a dhcp-range for this interface.
Lots of broadcast traffic will be in network in this case.
I will lose one ip address per subnet in every vlan, because I'll
assign it on dhcp server interface.
DHCP server will be directly accessible by clients that is less secure.


> I think what's happening is that the relay adds its 172.... address to
> the relayed DHCP packet
Thanks for reply, Simon.
Are you talking about giaddr field? If no, then there is no any other
172... in the packet:
    IP: 172.16.33.50 (1c:bd:b9:9b:68:5c) > 172.16.33.252 (0:1e:67:2:ad:6a)
    OP: 1 (BOOTPREQUEST)
 HTYPE: 1 (Ethernet)
  HLEN: 6
  HOPS: 1
   XID: 830b9708
  SECS: 0
 FLAGS: 0
CIADDR: 0.0.0.0
YIADDR: 0.0.0.0
SIADDR: 0.0.0.0
GIADDR: 172.16.33.50
CHADDR: 48:5b:39:36:a2:73:00:00:00:00:00:00:00:00:00:00
 SNAME: .
 FNAME: .
OPTION:  53 (  1) DHCP message type         1 (DHCPDISCOVER)
OPTION:  50 (  4) Request IP address        172.16.33.121
OPTION:  12 (  6) Host name                 laptop
OPTION:  55 ( 13) Parameter Request List      1 (Subnet mask)
					     28 (Broadcast address)
					      2 (Time offset)
					      3 (Routers)
					     15 (Domainname)
					      6 (DNS server)
					    119 (Domain Search)
					     12 (Host name)
					     44 (NetBIOS name server)
					     47 (NetBIOS scope)
					     26 (Interface MTU)
					    121 (Classless Static Route)
					     42 (NTP servers)
					
OPTION:  82 ( 18) Relay Agent Information
                  Circuit-ID    00:04:00:02:00:10
                  Remote-ID     00:06:1c:bd:b9:9b:68:5c
---------------------------------------------------------------------------

On Mon, Sep 12, 2011 at 10:41 AM, Shantanu Gadgil
<shantanugadgil at yahoo.com> wrote:
> Hi,
>
> dhcp-relay is very much possible with dnsmasq. the keyword is "dhcp proxy"
> Also, when you setup the ranges, I think you are supposed to use the keyword 'proxy'.
> I don;t think thats quite well documented in the example conf file.
> I remember having seen it in the man page though.
>
> Regards,
> Shantanu
>
> *** P.S. My memory about this is a bit sketchy as I had tried the same but found out that the routers in my grid do not have relay forwarding enabled and I set things up using many "satellite" DHCP servers! :) :)
>
>
> --- On Mon, 9/12/11, SpiderX <spiderx at spiderx.dp.ua> wrote:
>
>> From: SpiderX <spiderx at spiderx.dp.ua>
>> Subject: Re: [Dnsmasq-discuss] DHCP Relay, assign address from other vlan, with no dhcp listening on it
>> To: "dnsmasq-list" <dnsmasq-discuss at lists.thekelleys.org.uk>
>> Date: Monday, September 12, 2011, 12:47 PM
>> Thanks for reply.
>> I have just tried this.
>> conflg:
>> #dhcp-range=tag:vlan-2-port-16,10.1.2.2,10.1.2.245,255.255.255.0,10.1.2.255,10m
>> #dhcp-range=tag:#vlan-2-port-16,172.16.33.2,172.16.33.249,255.255.255.0,10m
>> dhcp-host=48:5b:39:36:a2:73,10.1.2.100
>>
>> Absolutely nothing happened with such config, dnsmasq did
>> nothing.
>> I saw DHCPDISCOVER in vlan1033 at the same time.
>> When I commented out
>> 'dhcp-range=tag:#vlan-2-port-16,172.16.33.2....',
>> dnsmasq tried assign address from
>> range 172.16.33.2-172.16.33.249.
>> log:
>> Sep 12 13:00:45 dnsmasq-dhcp[11194]: 2517313542 available
>> DHCP range:
>> 172.16.33.2 -- 172.16.33.249
>> Sep 12 13:00:45 dnsmasq-dhcp[11194]: 2517313542 client
>> provides name: laptop
>> Sep 12 13:00:45 dnsmasq-dhcp[11194]: 2517313542
>> DHCPDISCOVER(vlan1033)
>> 172.16.33.121 48:5b:39:36:a2:73 no address available
>> Sep 12 13:00:48 dnsmasq-dhcp[11194]: 2517313542 available
>> DHCP range:
>> 172.16.33.2 -- 172.16.33.249
>> Sep 12 13:00:48 dnsmasq-dhcp[11194]: 2517313542 client
>> provides name: laptop
>> Sep 12 13:00:48 dnsmasq-dhcp[11194]: 2517313542
>> DHCPDISCOVER(vlan1033)
>> 172.16.33.121 48:5b:39:36:a2:73 no address available
>>
>> With such results I assume that dhcp relay with dnsmasq
>> don't work at all.
>> Any ideas?
>>
>> On Sat, Sep 10, 2011 at 11:09 PM, Shantanu Gadgil
>> <shantanugadgil at yahoo.com>
>> wrote:
>> >
>> > Hi Vladimir,
>> > I assume you have tried with a simpler setup:
>> > *without tags in the range part*.
>> > Use the 'static' dhcp range method to assign the IPs
>> based on mac address.
>> >
>> > Regards,
>> > Shantanu
>> >
>> > --- On Sat, 9/10/11, SpiderX <spiderx at spiderx.dp.ua>
>> wrote:
>> >
>> > > From: SpiderX <spiderx at spiderx.dp.ua>
>> > > Subject: [Dnsmasq-discuss] DHCP Relay, assign
>> address from other vlan, with no dhcp listening on it
>> > > To: dnsmasq-discuss at lists.thekelleys.org.uk
>> > > Date: Saturday, September 10, 2011, 2:58 PM
>> > > Hello, my name is Vladimir.
>> > > I'm trying to setup dnsmasq to work in DHCP Relay
>> (RFC3046)
>> > > environment.
>> > > Compiled with tftp, dhcp support and without
>> dbus, ipv6,
>> > > idn.
>> > >
>> > > topology:
>> > > client (dhcp,10.1.2.0/24) — l2 switch
>> (172.16.33.50) —
>> > > server with
>> > > dnsmasq (172.16.30.252)
>> > >
>> > > server:
>> > > ip a:
>> > > 5: vlan0002 at eth1:
>> <BROADCAST,MULTICAST,UP,LOWER_UP>
>> > > mtu 1500 qdisc
>> > > noqueue state UP
>> > >     link/ether 00:1e:67:02:ad:6a brd
>> > > ff:ff:ff:ff:ff:ff
>> > >     inet 10.1.2.250/24 brd 10.1.2.255 scope
>> > > global vlan0002
>> > > 6: vlan0003 at eth1:
>> <BROADCAST,MULTICAST,UP,LOWER_UP>
>> > > mtu 1500 qdisc
>> > > noqueue state UP
>> > >     link/ether 00:1e:67:02:ad:6a brd
>> > > ff:ff:ff:ff:ff:ff
>> > >     inet 10.1.3.250/24 brd 10.1.3.255 scope
>> > > global vlan0003
>> > > ..........lots of vlan......
>> > > 88: vlan1033 at eth1:
>> <BROADCAST,MULTICAST,UP,LOWER_UP>
>> > > mtu 1500 qdisc
>> > > noqueue state UP
>> > >     link/ether 00:1e:67:02:ad:6a brd
>> > > ff:ff:ff:ff:ff:ff
>> > >     inet 172.16.33.252/24 scope global
>> vlan1033
>> > > sysctl:
>> > > net.ipv4.ip_forward=1
>> > >
>> > > config:
>> > >
>> dhcp-circuitid=set:vlan-2-port-16,00:04:00:02:00:10
>> > > dhcp-option=option:router,10.1.2.250
>> > >
>> dhcp-range=tag:vlan-2-port-16,10.1.2.2,10.1.2.245,255.255.255.0,10.1.2.255,10m
>> > >
>> dhcp-range=tag:#vlan-2-port-16,172.16.33.2,172.16.33.249,255.255.255.0,10m
>> > > dhcp-leasefile=/var/lib/misc/dnsmasq.leases
>> > > dhcp-authoritative
>> > > log-dhcp
>> > > log-facility=/var/log/dnsmasq.log
>> > >
>> > > log:
>> > > Sep 10 14:37:28 dnsmasq[20380]: started, version
>> 2.58
>> > > cachesize 150
>> > > Sep 10 14:37:28 dnsmasq[20380]: compile time
>> options:
>> > > no-IPv6
>> > > GNU-getopt no-DBus i18n DHCP TFTP no-conntrack
>> IDN
>> > > Sep 10 14:37:28 dnsmasq-dhcp[20380]: DHCP, IP
>> range
>> > > 172.16.33.2 --
>> > > 172.16.33.249, lease time 10m
>> > > Sep 10 14:37:28 dnsmasq-dhcp[20380]: DHCP, IP
>> range
>> > > 10.1.2.2 --
>> > > 10.1.2.245, lease time 10m
>> > > Sep 10 14:37:28 dnsmasq[20380]: reading
>> /etc/resolv.conf
>> > > Sep 10 14:37:28 dnsmasq[20380]: using nameserver
>> > > 91.193.69.4#53
>> > > Sep 10 14:37:28 dnsmasq[20380]: bad address at
>> /etc/hosts
>> > > line 2
>> > > Sep 10 14:37:28 dnsmasq[20380]: read /etc/hosts -
>> 1
>> > > addresses
>> > > Sep 10 14:37:39 dnsmasq-dhcp[20380]: 3769651775
>> available
>> > > DHCP range:
>> > > 172.16.33.2 -- 172.16.33.249
>> > > Sep 10 14:37:39 dnsmasq-dhcp[20380]: 3769651775
>> client
>> > > provides name: laptop
>> > > Sep 10 14:37:39 dnsmasq-dhcp[20380]: 3769651775
>> > > DHCPDISCOVER(vlan1033)
>> > > 172.16.33.121 48:5b:39:36:a2:73 no address
>> available
>> > > Sep 10 14:37:44 dnsmasq-dhcp[20380]: 3769651775
>> available
>> > > DHCP range:
>> > > 172.16.33.2 -- 172.16.33.249
>> > > Sep 10 14:37:44 dnsmasq-dhcp[20380]: 3769651775
>> client
>> > > provides name: laptop
>> > > Sep 10 14:37:44 dnsmasq-dhcp[20380]: 3769651775
>> > > DHCPDISCOVER(vlan1033)
>> > > 172.16.33.121 48:5b:39:36:a2:73 no address
>> available
>> > >
>> > > So, dnsmasq got a DHCPDISCOVER message in
>> vlan1033 with
>> > > option82 that
>> > > match tag vlan-2-port-16.
>> > > Client doesn't get a lease because of
>> 'tag:#vlan-2-port-16'
>> > > in last
>> > > dhcp-range, that's why I assume that tag
>> vlan-2-port-16 is
>> > > matched.
>> > > The problem is dnsmasq completely ignore first
>> range
>> > > 'tag:vlan-2-port-16,10.1.2.2....', and always try
>> to assign
>> > > address
>> > > from range 172.16.33.0/24.
>> > > I think that happends because there is not ip
>> address from
>> > > network
>> > > 10.1.2.0/24 on vlan1033 unlike ip address
>> 172.16.33.252.
>> > > So, I assume that dnsmasq assigns address from
>> ranges that
>> > > match ip
>> > > addresses on interfaces dhcp packets come from.
>> > > How dhcp relay supposed to work with such
>> dnsmasq
>> > > behavior?
>> > >
>> > > _______________________________________________
>> > > Dnsmasq-discuss mailing list
>> > > Dnsmasq-discuss at lists.thekelleys.org.uk
>> > > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>> > >
>> >
>> > _______________________________________________
>> > Dnsmasq-discuss mailing list
>> > Dnsmasq-discuss at lists.thekelleys.org.uk
>> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>

More information about the Dnsmasq-discuss mailing list