[Dnsmasq-discuss] dnsmasq dhcp relay not relaying response from upstream to client

Bino Oetomo bino at jogjacamp.co.id
Fri Jun 25 04:30:18 UTC 2021


Dear All.

I Have 3 Virtualbox guest OS, arranged with internal-network as :

Freeradius <--X--> dhcprelay <--Y--> client



1. Internal networks:
a. X is 'tftprelay'
b. Y is 'tftpclient'

1. Freeradius act as DHCP server, with interface facing dhcprelay.
IP address : 10.10.254.1

2. Dhcprelay using dnsmasq 2.80.
also enabled for packet forwarding.

IP Address:
a. Facing FreeRadius 10.10.254.2
b. Facing client 10.10.253.1

3. Client is just plain debian server.
enp0s8 is interface at network-Y where dnsmas is listening


4. ping test from freeradius to dhcprelay at network-Y

root at tftpserver:~# ping 10.10.253.1
PING 10.10.253.1 (10.10.253.1) 56(84) bytes of data.
64 bytes from 10.10.253.1: icmp_seq=1 ttl=64 time=1.08 ms
64 bytes from 10.10.253.1: icmp_seq=2 ttl=64 time=0.900 ms
64 bytes from 10.10.253.1: icmp_seq=3 ttl=64 time=1.07 ms
64 bytes from 10.10.253.1: icmp_seq=4 ttl=64 time=0.904 ms
64 bytes from 10.10.253.1: icmp_seq=5 ttl=64 time=1.15 ms

5. Test from client with : dhclient -d  enp0s8
I got:


a. at dhcprelay (dnsmasq log)

Jun 25 06:23:47 dhcprelay dnsmasq-dhcp[1366]: DHCP relay 10.10.253.1 ->
10.10.254.1
Jun 25 06:23:54 dhcprelay dnsmasq-dhcp[1366]: DHCP relay 10.10.253.1 ->
10.10.254.1
Jun 25 06:24:08 dhcprelay dnsmasq-dhcp[1366]: DHCP relay 10.10.253.1 ->
10.10.254.1
Jun 25 06:24:26 dhcprelay dnsmasq-dhcp[1366]: DHCP relay 10.10.253.1 ->
10.10.254.1
Jun 25 06:24:41 dhcprelay dnsmasq-dhcp[1366]: DHCP relay 10.10.253.1 ->
10.10.254.1

b. Freeradius. Looks like it can receive and response from/to dnsmasq:

...
(14) Received code 1025 Id 24307805 from 10.10.253.1:67 to 10.10.254.1:67
length 300
(14)   DHCP-Opcode = Client-Message
(14)   DHCP-Hardware-Type = Ethernet
(14)   DHCP-Hardware-Address-Length = 6
(14)   DHCP-Hop-Count = 1
(14)   DHCP-Transaction-Id = 24307805
(14)   DHCP-Number-of-Seconds = 58
(14)   DHCP-Flags = 0
(14)   DHCP-Client-IP-Address = 0.0.0.0
(14)   DHCP-Your-IP-Address = 0.0.0.0
(14)   DHCP-Server-IP-Address = 0.0.0.0
(14)   DHCP-Gateway-IP-Address = 10.10.253.1
(14)   DHCP-Client-Hardware-Address = 08:00:27:84:51:1b
(14)   DHCP-Message-Type = DHCP-Discover
(14)   DHCP-Hostname = "bakalandebian"
(14)   DHCP-Parameter-Request-List = DHCP-Subnet-Mask
(14)   DHCP-Parameter-Request-List = DHCP-Broadcast-Address
(14)   DHCP-Parameter-Request-List = DHCP-Time-Offset
(14)   DHCP-Parameter-Request-List = DHCP-Router-Address
(14)   DHCP-Parameter-Request-List = DHCP-Domain-Name
(14)   DHCP-Parameter-Request-List = DHCP-Domain-Name-Server
(14)   DHCP-Parameter-Request-List = DHCP-Domain-Search
(14)   DHCP-Parameter-Request-List = DHCP-Hostname
(14)   DHCP-Parameter-Request-List = DHCP-NETBIOS-Name-Servers
(14)   DHCP-Parameter-Request-List = DHCP-NETBIOS
(14)   DHCP-Parameter-Request-List = DHCP-Interface-MTU-Size
(14)   DHCP-Parameter-Request-List = DHCP-Classless-Static-Route
(14)   DHCP-Parameter-Request-List = DHCP-NTP-Servers
(14)   DHCP-Client-Identifier = 0xff2784511b000100012867cc8108002784511b
(14)   DHCP-Network-Subnet = 10.10.253.1/32
Trying sub-section dhcp DHCP-Discover {...}
(14)   dhcp DHCP-Discover {
rlm_rest (rest): 0 of 0 connections in use.  You  may need to increase
"spare"
rlm_rest (rest): Opening additional connection (3), 1 of 5 pending slots
used
rlm_rest (rest): Connecting to "http://127.0.0.1:8888/djenroll/freeradius/"
rlm_rest (rest): Reserved connection (3)
(14) rest: Expanding URI components
(14) rest: EXPAND http://127.0.0.1:8888
(14) rest:    --> http://127.0.0.1:8888
(14) rest: EXPAND /djenroll/freeradius/
(14) rest:    --> /djenroll/freeradius/
(14) rest: Sending HTTP POST to "http://127.0.0.1:8888/djenroll/freeradius/"
(14) rest: Encoding attribute "DHCP-Opcode"
(14) rest: Encoding attribute "DHCP-Hardware-Type"
(14) rest: Encoding attribute "DHCP-Hardware-Address-Length"
(14) rest: Encoding attribute "DHCP-Hop-Count"
(14) rest: Encoding attribute "DHCP-Transaction-Id"
(14) rest: Encoding attribute "DHCP-Number-of-Seconds"
(14) rest: Encoding attribute "DHCP-Flags"
(14) rest: Encoding attribute "DHCP-Client-IP-Address"
(14) rest: Encoding attribute "DHCP-Your-IP-Address"
(14) rest: Encoding attribute "DHCP-Server-IP-Address"
(14) rest: Encoding attribute "DHCP-Gateway-IP-Address"
(14) rest: Encoding attribute "DHCP-Client-Hardware-Address"
(14) rest: Encoding attribute "DHCP-Network-Subnet"
(14) rest: Encoding attribute "DHCP-Hostname"
(14) rest: Encoding attribute "DHCP-Message-Type"
(14) rest: Encoding attribute "DHCP-Parameter-Request-List"
(14) rest: Encoding attribute "DHCP-Client-Identifier"
(14) rest: Returning 1009 bytes of JSON data (buffer full or chunk exceeded)
(14) rest: Processing response header
(14) rest:   Status : 100 (Continue)
(14) rest: Continuing...
(14) rest: Processing response header
(14) rest:   Status : 200 (OK)
(14) rest:   Type   : json (application/json)
(14) rest: Adding reply:REST-HTTP-Status-Code += "200"
(14) rest: Parsing attribute "reply:DHCP-IP-Address-Lease-Time"
(14) rest: EXPAND 7200
(14) rest:    --> 7200
(14) rest: DHCP-IP-Address-Lease-Time := 7200
(14) rest: Parsing attribute "reply:DHCP-Client-IP-Address"
(14) rest: EXPAND 255.255.255.255
(14) rest:    --> 255.255.255.255
(14) rest: DHCP-Client-IP-Address := 255.255.255.255
(14) rest: Parsing attribute "reply:DHCP-Your-IP-Address"
(14) rest: EXPAND 10.10.253.3
(14) rest:    --> 10.10.253.3
(14) rest: DHCP-Your-IP-Address := 10.10.253.3
(14) rest: Parsing attribute "reply:DHCP-Subnet-Mask"
(14) rest: EXPAND 255.255.255.0
(14) rest:    --> 255.255.255.0
(14) rest: DHCP-Subnet-Mask := 255.255.255.0
(14) rest: Parsing attribute "reply:DHCP-Router-Address"
(14) rest: EXPAND 10.10.253.1
(14) rest:    --> 10.10.253.1
(14) rest: DHCP-Router-Address := 10.10.253.1
(14) rest: Parsing attribute "reply:DHCP-Domain-Name-Server"
(14) rest: EXPAND 8.8.8.8
(14) rest:    --> 8.8.8.8
(14) rest: DHCP-Domain-Name-Server := 8.8.8.8
(14) rest: Parsing attribute "reply:DHCP-Message-Type"
(14) rest: EXPAND DHCP-Offer
(14) rest:    --> DHCP-Offer
(14) rest: DHCP-Message-Type := DHCP-Offer
(14) rest: Parsing attribute "reply:DHCP-Gateway-IP-Address"
(14) rest: EXPAND 10.10.253.1
(14) rest:    --> 10.10.253.1
(14) rest: DHCP-Gateway-IP-Address := 10.10.253.1
(14) rest: Parsing attribute "reply:DHCP-DHCP-Server-Identifier"
(14) rest: EXPAND 255.255.255.255
(14) rest:    --> 255.255.255.255
(14) rest: DHCP-DHCP-Server-Identifier := 255.255.255.255
rlm_rest (rest): Released connection (3)
(14)     [rest.authorize] = updated
(14)   } # dhcp DHCP-Discover = updated
(14) DHCP: Reply will be unicast to giaddr from original packet
(14) Sent code 1026 Id 24307805 from 10.10.254.1:67 to 10.10.253.1:67
length 0
(14)   DHCP-Relay-IP-Address = 10.10.253.1
(14)   DHCP-Client-Identifier = 0xff2784511b000100012867cc8108002784511b
(14)   DHCP-IP-Address-Lease-Time = 7200
(14)   DHCP-Client-IP-Address = 255.255.255.255
(14)   DHCP-Your-IP-Address = 10.10.253.3
(14)   DHCP-Subnet-Mask = 255.255.255.0
(14)   DHCP-Router-Address = 10.10.253.1
(14)   DHCP-Domain-Name-Server = 8.8.8.8
(14)   DHCP-Message-Type = DHCP-Offer
(14)   DHCP-Gateway-IP-Address = 10.10.253.1
(14)   DHCP-DHCP-Server-Identifier = 255.255.255.255
(14)   DHCP-Opcode = Server-Message
(14)   DHCP-Hardware-Type = Ethernet
(14)   DHCP-Hardware-Address-Length = 6
(14)   DHCP-Hop-Count = 1
(14)   DHCP-Transaction-Id = 24307805
(14)   DHCP-Flags = 0
(14)   DHCP-Client-Hardware-Address = 08:00:27:84:51:1b
DHCP-Opcode = Server-Message
DHCP-Hardware-Type = Ethernet
DHCP-Hardware-Address-Length = 6
DHCP-Hop-Count = 1
DHCP-Transaction-Id = 24307805
DHCP-Number-of-Seconds = 0
DHCP-Flags = 0
DHCP-Client-IP-Address = 255.255.255.255
DHCP-Your-IP-Address = 10.10.253.3
DHCP-Server-IP-Address = 0.0.0.0
DHCP-Gateway-IP-Address = 10.10.253.1
DHCP-Client-Hardware-Address = 08:00:27:84:51:1b
DHCP-Server-Host-Name = ""
DHCP-Boot-Filename = ""
DHCP-Subnet-Mask = 255.255.255.0
DHCP-Router-Address = 10.10.253.1
DHCP-Domain-Name-Server = 8.8.8.8
DHCP-IP-Address-Lease-Time = 7200
DHCP-DHCP-Server-Identifier = 255.255.255.255
DHCP-Client-Identifier = 0xff2784511b000100012867cc8108002784511b
Sending DHCP-Offer Id 0172e85d from 10.10.254.1:67 to 10.10.253.1:67
(14) Finished request
(14) Cleaning up request packet ID 24307805 with timestamp +182
Ready to process requests




c. But at Client side:

Listening on LPF/enp0s8/08:00:27:84:51:1b
Sending on   LPF/enp0s8/08:00:27:84:51:1b
Sending on   Socket/fallback
DHCPDISCOVER on enp0s8 to 255.255.255.255 port 67 interval 6
DHCPDISCOVER on enp0s8 to 255.255.255.255 port 67 interval 15
DHCPDISCOVER on enp0s8 to 255.255.255.255 port 67 interval 21
DHCPDISCOVER on enp0s8 to 255.255.255.255 port 67 interval 8
DHCPDISCOVER on enp0s8 to 255.255.255.255 port 67 interval 10
DHCPDISCOVER on enp0s8 to 255.255.255.255 port 67 interval 1
No DHCPOFFERS received.
No working leases in persistent database - sleeping.


My question is:
I'm sure that freeradius sent the response, but how to know if dnsmasq is
receiving that response?

my dnsmasq configuration

port=0
interface=enp0s9
log-dhcp
dhcp-relay=10.10.253.1,10.10.254.1

my freeradus dhcp server configuration:

server dhcp {
listen {
type = dhcp
        ipaddr = 10.10.254.1
        src_ipaddr = 10.10.254.1
    port = 67
    broadcast = no
   performance {
   skip_duplicate_checks = no
   }
}
dhcp DHCP-Discover {
    rest.authorize
}

dhcp DHCP-Request {
    rest.authorize
}
dhcp DHCP-Decline {
update reply {
      &DHCP-Message-Type = DHCP-Do-Not-Respond
}
reject
}
dhcp DHCP-Inform {
dhcp_common
ok
}
dhcp DHCP-Release {
rest.authorize
}
dhcp DHCP-Lease-Query {
if (&DHCP-Client-Hardware-Address) {

}
elsif (&DHCP-Your-IP-Address) {

}
elsif (&DHCP-Client-Identifier) {
}
else {
update reply {
&DHCP-Message-Type = DHCP-Lease-Unknown
}
ok
return
}
if (notfound) {
update reply {
&DHCP-Message-Type = DHCP-Lease-Unknown
}
ok
return
}
update reply {
&DHCP-Message-Type = DHCP-Lease-Unassigned
}
}

}

So kindly please help me to fix this problem

Sincerely
-bino-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20210625/d5489e01/attachment-0001.htm>


More information about the Dnsmasq-discuss mailing list