Send dhcp-users mailing list submissions to dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit https://lists.isc.org/mailman/listinfo/dhcp-users or, via email, send a message with subject or body 'help' to dhcp-users-requ...@lists.isc.org You can reach the person managing the list at dhcp-users-ow...@lists.isc.org When replying, please edit your Subject line so it is more specific than "Re: Contents of dhcp-users digest..." Today's Topics: 1. dhcp relay responses (Alan Batie) 2. Re: dhcp relay responses (glenn.satch...@uniq.com.au) 3. Re: dhcp relay responses (Simon Hobson) ---------------------------------------------------------------------- Message: 1 Date: Thu, 30 Jan 2020 15:33:12 -0800 From: Alan Batie <a...@peak.org> To: dhcp-users@lists.isc.org Subject: dhcp relay responses Message-ID: <4fd3fdef-4130-0c08-29b1-c463be28e...@peak.org> Content-Type: text/plain; charset="utf-8" We are setting up a private network with dhcp. The router for the private network is setup to relay dhcp to an external isc dhcpd server. The requests to the dhcpd server come from the public address of the router, however dhcpd is replying to the private address. I don't see anything in the docs for managing the replies. We are trying to avoid routing the private network even internally. Are we out of luck? dhcp01 router 1.1.1.1 - 2.2.2.2 10.1.1.1 request 2.2.2.2 -> 1.1.1.1 reply 1.1.1.1 -> 10.1.1.1 I do see in the request: Relay agent IP address: 10.47.87.1 (10.47.87.1) However this is the only information that can be used to determine which pool of addresses the dhcp server should assign leases from, so I don't see that changing that would be workable. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4036 bytes Desc: S/MIME Cryptographic Signature URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20200130/190e1e83/attachment-0001.bin> ------------------------------ Message: 2 Date: Fri, 31 Jan 2020 17:50:50 +1100 From: glenn.satch...@uniq.com.au To: Users of ISC DHCP <dhcp-users@lists.isc.org> Subject: Re: dhcp relay responses Message-ID: <930127fbcca76d342349f9baff372...@uniq.com.au> Content-Type: text/plain; charset=US-ASCII; format=flowed Hi Alan, Yeah, you're out of luck. The initial broadcast can be relayed through a NAT, but for ACKs and REQUESTs the dhcp server communicates directly with the client dhcp client device. regards, -glenn On 2020-01-31 10:33, Alan Batie wrote: > We are setting up a private network with dhcp. The router for the > private network is setup to relay dhcp to an external isc dhcpd server. > The requests to the dhcpd server come from the public address of the > router, however dhcpd is replying to the private address. I don't see > anything in the docs for managing the replies. We are trying to avoid > routing the private network even internally. Are we out of luck? > > > dhcp01 router > 1.1.1.1 - 2.2.2.2 10.1.1.1 > > request 2.2.2.2 -> 1.1.1.1 > reply 1.1.1.1 -> 10.1.1.1 > > I do see in the request: > > Relay agent IP address: 10.47.87.1 (10.47.87.1) > > However this is the only information that can be used to determine > which > pool of addresses the dhcp server should assign leases from, so I don't > see that changing that would be workable. > > > > _______________________________________________ > dhcp-users mailing list > dhcp-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/dhcp-users ------------------------------ Message: 3 Date: Fri, 31 Jan 2020 07:26:34 +0000 From: Simon Hobson <dh...@thehobsons.co.uk> To: Users of ISC DHCP <dhcp-users@lists.isc.org> Subject: Re: dhcp relay responses Message-ID: <c52e77a6-bdc2-41b3-aee5-ee90dc960...@thehobsons.co.uk> Content-Type: text/plain; charset=utf-8 Alan Batie <a...@peak.org> wrote: >We are setting up a private network with dhcp. The router for the >private network is setup to relay dhcp to an external isc dhcpd server. >The requests to the dhcpd server come from the public address of the >router, however dhcpd is replying to the private address. I don't see >anything in the docs for managing the replies. We are trying to avoid >routing the private network even internally. Are we out of luck? Short answer: yes Longer answer: There must be end to end IP connectivity between clients and server - without "broken" things like NAT in the way. Even if you worked around the problem with the relay, you'd find clients having problems later when they unicast a renewal request to the server and it unicasts a response directly to the client. As to why the responses are sent to to private address of the relay ... That's because the server uses the GI Addr field in the relayed packet - firstly to select an appropriate address pool, and secondly to determine whete the response needs to be returned to. Thecrelay agent would then use the destination address of the packet to determine which locally connected interface to send the response out on. So if the server can't receive & send packets from/to both the relay agent and clients directly - DHCP won't work. Up to you whether you relicate the server, tunnel packets to/from it, or something else ... Simon ------------------------------ Subject: Digest Footer _______________________________________________ dhcp-users mailing list dhcp-users@lists.isc.org https://lists.isc.org/mailman/listinfo/dhcp-users ------------------------------ End of dhcp-users Digest, Vol 135, Issue 16 *******************************************