Send dhcp-users mailing list submissions to
dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
dhcp-users-requ...@lists.isc.org
You can reach the person managing the list at
dhcp-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. per-pool routers in dhcpd.conf? (Alexis Huxley)
2. Re: per-pool routers in dhcpd.conf? (Sten Carlsen)
3. Re: per-pool routers in dhcpd.conf? (Alexis Huxley)
4. Re: per-pool routers in dhcpd.conf? (Sten Carlsen)
5. Re: per-pool routers in dhcpd.conf? (Bill Shirley)
----------------------------------------------------------------------
Message: 1
Date: Sat, 25 Jul 2020 16:23:15 +0200
From: Alexis Huxley <alexishux...@gmail.com>
To: dhcp-users@lists.isc.org
Subject: per-pool routers in dhcpd.conf?
Message-ID: <20200725142315.q7kwftwborfn6...@sugo.pasta.net>
Content-Type: text/plain; charset=us-ascii
Hi, I have dhcpd.conf at home containing:
host { ... }
...
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.1;
option domain-name "pasta.net";
option domain-name-servers 192.168.1.21;
option ntp-servers time.pasta.net;
# 1-100 are reserved for statically configured hosts.
# 101-150 are reserved for known dynamic hosts (known because
they're in host stanzas above).
# e.g. my Android phone on wifi.
pool {
range 192.168.1.101 192.168.1.150;
allow known-clients;
deny unknown-clients;
}
# 151-200 are for unknown dynamic hosts. e.g. visitors' phones on
wifi.
pool {
range 192.168.1.151 192.168.1.200;
allow unknown-clients;
deny known-clients;
}
}
This works fine.
I now want to force 'known dynamic hosts'' to use a different gateway.
(In case you're curious: Since, when using wifi, my Android
phone silently refuses to use the DNS server proposed by the above
dhcpd.conf, I now want to change the phone's gateway to a masqueraing
Linux box, where I can hopefully use iptables to force the phone to
use the DNS server proposed by the DHCP server, and thereby block ads.)
The dhcpd.conf man page says:
In general, any parameter can appear anywhere that parameters
are allowed, and will be applied according to the scope in which
the parameter appears.
and I don't see anything special documented about 'option routers'.
So I thought this should work:
subnet 192.168.1.0 netmask 255.255.255.0 {
#option routers 192.168.1.1; <--- commented out at
subnet level
...
pool {
range 192.168.1.101 192.168.1.150;
...
option routers 192.168.1.32; <--- this is the
different gateway
}
pool {
range 192.168.1.151 192.168.1.200;
...
option routers 192.168.1.1; <--- this is the
original gateway
}
but it looks like *no* host gets told its gateway.
To confirm that it wasn't a problem with my new gateway itself, I
put the original gateway in *both* pools, i.e. only the *location* of
the router declaration changes compared to the original configuration:
subnet 192.168.1.0 netmask 255.255.255.0 {
#option routers 192.168.1.1; <--- commented out at
subnet level
...
pool {
range 192.168.1.101 192.168.1.150;
...
option routers 192.168.1.1; <--- this is the
original gateway
}
pool {
range 192.168.1.151 192.168.1.200;
...
option routers 192.168.1.1; <--- this is the
original gateway
}
The result was the same: no gateway.
My googles didn't turn up anything relevant and my experiments (using
'groups' failed), so any advice would be appreciated. I'm using
isc-dhcp-server 4.4.1 on Debian 10. Thanks!
Alexis
------------------------------
Message: 2
Date: Sat, 25 Jul 2020 16:38:53 +0200
From: Sten Carlsen <st...@s-carlsen.dk>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: per-pool routers in dhcpd.conf?
Message-ID: <3a736143-eba6-4d51-ae11-42da4cfcb...@s-carlsen.dk>
Content-Type: text/plain; charset=us-ascii
> On 25 Jul 2020, at 16.23, Alexis Huxley <alexishux...@gmail.com> wrote:
>
> Hi, I have dhcpd.conf at home containing:
>
> host { ... }
> ...
>
> subnet 192.168.1.0 netmask 255.255.255.0 {
> option routers 192.168.1.1;
> option domain-name "pasta.net";
> option domain-name-servers 192.168.1.21;
> option ntp-servers time.pasta.net;
>
> # 1-100 are reserved for statically configured hosts.
>
> # 101-150 are reserved for known dynamic hosts (known because
> they're in host stanzas above).
> # e.g. my Android phone on wifi.
> pool {
> range 192.168.1.101 192.168.1.150;
> allow known-clients;
> deny unknown-clients;
> }
>
> # 151-200 are for unknown dynamic hosts. e.g. visitors' phones on
> wifi.
> pool {
> range 192.168.1.151 192.168.1.200;
> allow unknown-clients;
> deny known-clients;
> }
> }
>
> This works fine.
>
> I now want to force 'known dynamic hosts'' to use a different gateway.
For what it's worth, my setup uses 2 pools in the same network where one pool
has a gateway and the other pool has no gateway. These are separated by class
and subclass statements. I have another pool for unknown clients, they get a
different network and no gateway (can't talk to any other host and no access to
internet).
This setup works fine.
>
> (In case you're curious: Since, when using wifi, my Android
> phone silently refuses to use the DNS server proposed by the above
> dhcpd.conf, I now want to change the phone's gateway to a masqueraing
> Linux box, where I can hopefully use iptables to force the phone to
> use the DNS server proposed by the DHCP server, and thereby block ads.)
>
> The dhcpd.conf man page says:
>
> In general, any parameter can appear anywhere that parameters
> are allowed, and will be applied according to the scope in which
> the parameter appears.
>
> and I don't see anything special documented about 'option routers'.
>
> So I thought this should work:
>
> subnet 192.168.1.0 netmask 255.255.255.0 {
> #option routers 192.168.1.1; <--- commented out at
> subnet level
> ...
>
> pool {
> range 192.168.1.101 192.168.1.150;
> ...
> option routers 192.168.1.32; <--- this is the
> different gateway
> }
>
> pool {
> range 192.168.1.151 192.168.1.200;
> ...
> option routers 192.168.1.1; <--- this is the
> original gateway
> }
>
> but it looks like *no* host gets told its gateway.
>
> To confirm that it wasn't a problem with my new gateway itself, I
> put the original gateway in *both* pools, i.e. only the *location* of
> the router declaration changes compared to the original configuration:
>
> subnet 192.168.1.0 netmask 255.255.255.0 {
> #option routers 192.168.1.1; <--- commented out at
> subnet level
> ...
>
> pool {
> range 192.168.1.101 192.168.1.150;
> ...
> option routers 192.168.1.1; <--- this is the
> original gateway
> }
>
> pool {
> range 192.168.1.151 192.168.1.200;
> ...
> option routers 192.168.1.1; <--- this is the
> original gateway
> }
>
> The result was the same: no gateway.
>
> My googles didn't turn up anything relevant and my experiments (using
> 'groups' failed), so any advice would be appreciated. I'm using
> isc-dhcp-server 4.4.1 on Debian 10. Thanks!
>
> Alexis
> _______________________________________________
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
Message: 3
Date: Sat, 25 Jul 2020 16:45:29 +0200
From: Alexis Huxley <alexishux...@gmail.com>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: per-pool routers in dhcpd.conf?
Message-ID: <20200725144529.u5l3ek64lsncj...@sugo.pasta.net>
Content-Type: text/plain; charset=us-ascii
Hi Sten,
> For what it's worth, my setup uses 2 pools in the same network where one pool
> has a gateway and the other pool has no gateway. These are separated by class
> and subclass statements. I have another pool for unknown clients, they get a
> different network and no gateway (can't talk to any other host and no access
> to internet).
please could you post some of it showing the subnet/pools/class/subclass
structure please? Thanks!
Alexis
------------------------------
Message: 4
Date: Sat, 25 Jul 2020 17:34:00 +0200
From: Sten Carlsen <st...@s-carlsen.dk>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: per-pool routers in dhcpd.conf?
Message-ID: <76a57655-0828-45f5-b798-9ce4ec9e3...@s-carlsen.dk>
Content-Type: text/plain; charset=us-ascii
> On 25 Jul 2020, at 16.45, Alexis Huxley <alexishux...@gmail.com> wrote:
>
> Hi Sten,
>
>> For what it's worth, my setup uses 2 pools in the same network where one
>> pool has a gateway and the other pool has no gateway. These are separated by
>> class and subclass statements. I have another pool for unknown clients, they
>> get a different network and no gateway (can't talk to any other host and no
>> access to internet).
>
> please could you post some of it showing the subnet/pools/class/subclass
> structure please? Thanks!
This should be the main parts.
dhcpd.conf:
~~~~~~~~~~~~
# class definitions
class "gateway-0" {
match hardware;
}
class "gateway-5" {
match hardware;
}
# Subnet Declarations
shared-network hjemme{
authoritative;
subnet 192.168.16.0 netmask 255.255.255.0{
option domain-name "s-carlsen.dk";
option domain-name-servers 192.168.16.20;
option domain-name-servers ns2.s-carlsen.dk;
option subnet-mask 255.255.255.0;
# B-NODE: Broadcast - no WINS
option netbios-node-type 1;
pool{
# NO router - these must not touch the internet
allow members of "gateway-0";
range 192.168.16.160 192.168.16.195;
}
pool{
# these go to the FIBER link
option routers 192.168.16.5;
allow members of "gateway-5";
range 192.168.16.50 192.168.16.150;
}
}
subnet 192.168.161.0 netmask 255.255.255.0{
max-lease-time 300;
default-lease-time 150;
pool{
# These are not known (yet) and shall not see any other
host
deny known-clients;
deny members of "gateway-0";
deny members of "gateway-5";
range 192.168.161.100 192.168.161.150;
}
}
subnet 192.168.122.0 netmask 255.255.255.0{
# Not a real network, "virbr0"
}
}
include "/etc/dhcp/subclass.conf";
~~~~~~~~~~~~
subclass.conf:
~~~~~~~~~~~~
subclass "gateway-0" 1:00:80:f0:8f:fd:27;
# host argus3
subclass "gateway-0" 1:00:80:f0:a0:02:40;
# host argus2
subclass "gateway-0" 1:28:10:7b:10:5c:a2 {ddns-hostname argus4;}
# D-Link 932-L
subclass "gateway-0" 1:de:ad:be:ef:fe:ed {ddns-hostname ard;}
# host Arduino #1
subclass "gateway-5" 1:00:11:32:05:BB:E9 {always-broadcast on;ddns-hostname
ds-209;} # host ds-209
subclass "gateway-5" 1:00:16:cb:95:7a:7c;
# host silver2
subclass "gateway-5" 1:00:17:f2:41:7c:ff;
# host Silver2-wlan
subclass "gateway-5" 1:00:18:56:22:d6:93;
# host eye-fi-01
subclass "gateway-5" 1:00:1b:63:05:99:1b;
# host Sus-01
subclass "gateway-5" 1:00:1b:63:1d:1a:f4;
# Host Sus
subclass "gateway-5" 1:00:1e:c2:14:ee:7b;
# host LX9900261-cable
subclass "gateway-5" 1:00:1e:c2:a6:f5:35;
# host LX9900261-wlan
subclass "gateway-5" 1:00:40:63:de:6b:cf;
# host sorte-via
~~~~~~~~~~~~
>
> Alexis
> _______________________________________________
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
Message: 5
Date: Sat, 25 Jul 2020 12:25:20 -0400
From: Bill Shirley <b...@c3po.polymerindustries.biz>
To: dhcp-users@lists.isc.org
Subject: Re: per-pool routers in dhcpd.conf?
Message-ID:
<2627bc19-2ad1-dd23-001e-a0de97c2a...@c3po.polymerindustries.biz>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
option routers in the host statement works.? I've used it several times.
If there are many you may want to use a group:
group "IKnowEwe" {
??? option routers 192.168.1.21;??? # group
??? host backup-pc??? ??? { hardware ethernet 00:24:99:33:b3:b3; }??? #
backup-pc
host backup-pc2 ? ??? { hardware ethernet 00:24:99:33:b3:b4; }??? # backup-pc
.
.
}
You can use tcpdump on the DHCP server to see what options are asked for and
what options are sent:
tcpdump -vv -e -n -i eth0 portrange 67-68
Make sure the clients are asking for and receiving option 3.
My DNS runs on my gateway server and I force all devices to use my DNS with
iptables.? In the nat table:
REDIRECT?? tcp? --? *????? * 192.168.1.0/24 ?????? 0.0.0.0/0?????? tcp dpt:53
/* domain inet */ redir ports 53
REDIRECT?? udp? --? *????? * 192.168.1.0/24 ?????? 0.0.0.0/0?????? udp dpt:53
/* domain inet */ redir ports 53
Bill
On 7/25/2020 10:23 AM, Alexis Huxley wrote:
> Hi, I have dhcpd.conf at home containing:
>
> host { ... }
> ...
>
> subnet 192.168.1.0 netmask 255.255.255.0 {
> option routers 192.168.1.1;
> option domain-name "pasta.net";
> option domain-name-servers 192.168.1.21;
> option ntp-servers time.pasta.net;
>
> # 1-100 are reserved for statically configured hosts.
>
> # 101-150 are reserved for known dynamic hosts (known because
> they're in host stanzas above).
> # e.g. my Android phone on wifi.
> pool {
> range 192.168.1.101 192.168.1.150;
> allow known-clients;
> deny unknown-clients;
> }
>
> # 151-200 are for unknown dynamic hosts. e.g. visitors' phones on
> wifi.
> pool {
> range 192.168.1.151 192.168.1.200;
> allow unknown-clients;
> deny known-clients;
> }
> }
>
> This works fine.
>
> I now want to force 'known dynamic hosts'' to use a different gateway.
>
> (In case you're curious: Since, when using wifi, my Android
> phone silently refuses to use the DNS server proposed by the above
> dhcpd.conf, I now want to change the phone's gateway to a masqueraing
> Linux box, where I can hopefully use iptables to force the phone to
> use the DNS server proposed by the DHCP server, and thereby block ads.)
>
> The dhcpd.conf man page says:
>
> In general, any parameter can appear anywhere that parameters
> are allowed, and will be applied according to the scope in which
> the parameter appears.
>
> and I don't see anything special documented about 'option routers'.
>
> So I thought this should work:
>
> subnet 192.168.1.0 netmask 255.255.255.0 {
> #option routers 192.168.1.1; <--- commented out at
> subnet level
> ...
>
> pool {
> range 192.168.1.101 192.168.1.150;
> ...
> option routers 192.168.1.32; <--- this is the
> different gateway
> }
>
> pool {
> range 192.168.1.151 192.168.1.200;
> ...
> option routers 192.168.1.1; <--- this is the
> original gateway
> }
>
> but it looks like *no* host gets told its gateway.
>
> To confirm that it wasn't a problem with my new gateway itself, I
> put the original gateway in *both* pools, i.e. only the *location* of
> the router declaration changes compared to the original configuration:
>
> subnet 192.168.1.0 netmask 255.255.255.0 {
> #option routers 192.168.1.1; <--- commented out at
> subnet level
> ...
>
> pool {
> range 192.168.1.101 192.168.1.150;
> ...
> option routers 192.168.1.1; <--- this is the
> original gateway
> }
>
> pool {
> range 192.168.1.151 192.168.1.200;
> ...
> option routers 192.168.1.1; <--- this is the
> original gateway
> }
>
> The result was the same: no gateway.
>
> My googles didn't turn up anything relevant and my experiments (using
> 'groups' failed), so any advice would be appreciated. I'm using
> isc-dhcp-server 4.4.1 on Debian 10. Thanks!
>
> Alexis
> _______________________________________________
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20200725/b9d41e32/attachment.htm>
------------------------------
Subject: Digest Footer
_______________________________________________
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
End of dhcp-users Digest, Vol 141, Issue 13
*******************************************
