Shantanu Gadgil I don't understand how dhcp-proxy will help me. As I understand from man, dhcp-proxy is needed in case I need unicast dhcp packet from client came through dhcp relay too. In my situation dnsmasq dont accept even relayed broadcast client packet. And I have already tried this option with no success.
Hello Michael. > Your DHCP-Server have to choose the dhcp-range from the information > "dhcp-circuitid". Thats what I need to know. I use ISC dhcp for a long time. My setup working with it, but because of tftp and dhs support in dnsmasq I always want to try it. Now I see that it cannot suit my needs. > But, why are you using DHCP-Relay on your VLAN-Layer2-Switch? Because it's as close to the client as possible. > Is your VLAN transparent switched from your DNSMASQ-Box to your client? No. Topology, which I described in my first letter, just is example, but this is a working with ISC dhcp example. In production I have setup in which dhcp server is standalone server with no client's vlans (vlan0002,vlan0003). > Let DNSMASQ listen on vlan2 and add a dhcp-range for this interface. Lots of broadcast traffic will be in network in this case. I will lose one ip address per subnet in every vlan, because I'll assign it on dhcp server interface. DHCP server will be directly accessible by clients that is less secure. > I think what's happening is that the relay adds its 172.... address to > the relayed DHCP packet Thanks for reply, Simon. Are you talking about giaddr field? If no, then there is no any other 172... in the packet: IP: 172.16.33.50 (1c:bd:b9:9b:68:5c) > 172.16.33.252 (0:1e:67:2:ad:6a) OP: 1 (BOOTPREQUEST) HTYPE: 1 (Ethernet) HLEN: 6 HOPS: 1 XID: 830b9708 SECS: 0 FLAGS: 0 CIADDR: 0.0.0.0 YIADDR: 0.0.0.0 SIADDR: 0.0.0.0 GIADDR: 172.16.33.50 CHADDR: 48:5b:39:36:a2:73:00:00:00:00:00:00:00:00:00:00 SNAME: . FNAME: . OPTION: 53 ( 1) DHCP message type 1 (DHCPDISCOVER) OPTION: 50 ( 4) Request IP address 172.16.33.121 OPTION: 12 ( 6) Host name laptop OPTION: 55 ( 13) Parameter Request List 1 (Subnet mask) 28 (Broadcast address) 2 (Time offset) 3 (Routers) 15 (Domainname) 6 (DNS server) 119 (Domain Search) 12 (Host name) 44 (NetBIOS name server) 47 (NetBIOS scope) 26 (Interface MTU) 121 (Classless Static Route) 42 (NTP servers) OPTION: 82 ( 18) Relay Agent Information Circuit-ID 00:04:00:02:00:10 Remote-ID 00:06:1c:bd:b9:9b:68:5c --------------------------------------------------------------------------- On Mon, Sep 12, 2011 at 10:41 AM, Shantanu Gadgil <shantanugad...@yahoo.com> wrote: > Hi, > > dhcp-relay is very much possible with dnsmasq. the keyword is "dhcp proxy" > Also, when you setup the ranges, I think you are supposed to use the keyword > 'proxy'. > I don;t think thats quite well documented in the example conf file. > I remember having seen it in the man page though. > > Regards, > Shantanu > > *** P.S. My memory about this is a bit sketchy as I had tried the same but > found out that the routers in my grid do not have relay forwarding enabled > and I set things up using many "satellite" DHCP servers! :) :) > > > --- On Mon, 9/12/11, SpiderX <spid...@spiderx.dp.ua> wrote: > >> From: SpiderX <spid...@spiderx.dp.ua> >> Subject: Re: [Dnsmasq-discuss] DHCP Relay, assign address from other vlan, >> with no dhcp listening on it >> To: "dnsmasq-list" <dnsmasq-discuss@lists.thekelleys.org.uk> >> Date: Monday, September 12, 2011, 12:47 PM >> Thanks for reply. >> I have just tried this. >> conflg: >> #dhcp-range=tag:vlan-2-port-16,10.1.2.2,10.1.2.245,255.255.255.0,10.1.2.255,10m >> #dhcp-range=tag:#vlan-2-port-16,172.16.33.2,172.16.33.249,255.255.255.0,10m >> dhcp-host=48:5b:39:36:a2:73,10.1.2.100 >> >> Absolutely nothing happened with such config, dnsmasq did >> nothing. >> I saw DHCPDISCOVER in vlan1033 at the same time. >> When I commented out >> 'dhcp-range=tag:#vlan-2-port-16,172.16.33.2....', >> dnsmasq tried assign address from >> range 172.16.33.2-172.16.33.249. >> log: >> Sep 12 13:00:45 dnsmasq-dhcp[11194]: 2517313542 available >> DHCP range: >> 172.16.33.2 -- 172.16.33.249 >> Sep 12 13:00:45 dnsmasq-dhcp[11194]: 2517313542 client >> provides name: laptop >> Sep 12 13:00:45 dnsmasq-dhcp[11194]: 2517313542 >> DHCPDISCOVER(vlan1033) >> 172.16.33.121 48:5b:39:36:a2:73 no address available >> Sep 12 13:00:48 dnsmasq-dhcp[11194]: 2517313542 available >> DHCP range: >> 172.16.33.2 -- 172.16.33.249 >> Sep 12 13:00:48 dnsmasq-dhcp[11194]: 2517313542 client >> provides name: laptop >> Sep 12 13:00:48 dnsmasq-dhcp[11194]: 2517313542 >> DHCPDISCOVER(vlan1033) >> 172.16.33.121 48:5b:39:36:a2:73 no address available >> >> With such results I assume that dhcp relay with dnsmasq >> don't work at all. >> Any ideas? >> >> On Sat, Sep 10, 2011 at 11:09 PM, Shantanu Gadgil >> <shantanugad...@yahoo.com> >> wrote: >> > >> > Hi Vladimir, >> > I assume you have tried with a simpler setup: >> > *without tags in the range part*. >> > Use the 'static' dhcp range method to assign the IPs >> based on mac address. >> > >> > Regards, >> > Shantanu >> > >> > --- On Sat, 9/10/11, SpiderX <spid...@spiderx.dp.ua> >> wrote: >> > >> > > From: SpiderX <spid...@spiderx.dp.ua> >> > > Subject: [Dnsmasq-discuss] DHCP Relay, assign >> address from other vlan, with no dhcp listening on it >> > > To: dnsmasq-discuss@lists.thekelleys.org.uk >> > > Date: Saturday, September 10, 2011, 2:58 PM >> > > Hello, my name is Vladimir. >> > > I'm trying to setup dnsmasq to work in DHCP Relay >> (RFC3046) >> > > environment. >> > > Compiled with tftp, dhcp support and without >> dbus, ipv6, >> > > idn. >> > > >> > > topology: >> > > client (dhcp,10.1.2.0/24) — l2 switch >> (172.16.33.50) — >> > > server with >> > > dnsmasq (172.16.30.252) >> > > >> > > server: >> > > ip a: >> > > 5: vlan0002@eth1: >> <BROADCAST,MULTICAST,UP,LOWER_UP> >> > > mtu 1500 qdisc >> > > noqueue state UP >> > > link/ether 00:1e:67:02:ad:6a brd >> > > ff:ff:ff:ff:ff:ff >> > > inet 10.1.2.250/24 brd 10.1.2.255 scope >> > > global vlan0002 >> > > 6: vlan0003@eth1: >> <BROADCAST,MULTICAST,UP,LOWER_UP> >> > > mtu 1500 qdisc >> > > noqueue state UP >> > > link/ether 00:1e:67:02:ad:6a brd >> > > ff:ff:ff:ff:ff:ff >> > > inet 10.1.3.250/24 brd 10.1.3.255 scope >> > > global vlan0003 >> > > ..........lots of vlan...... >> > > 88: vlan1033@eth1: >> <BROADCAST,MULTICAST,UP,LOWER_UP> >> > > mtu 1500 qdisc >> > > noqueue state UP >> > > link/ether 00:1e:67:02:ad:6a brd >> > > ff:ff:ff:ff:ff:ff >> > > inet 172.16.33.252/24 scope global >> vlan1033 >> > > sysctl: >> > > net.ipv4.ip_forward=1 >> > > >> > > config: >> > > >> dhcp-circuitid=set:vlan-2-port-16,00:04:00:02:00:10 >> > > dhcp-option=option:router,10.1.2.250 >> > > >> dhcp-range=tag:vlan-2-port-16,10.1.2.2,10.1.2.245,255.255.255.0,10.1.2.255,10m >> > > >> dhcp-range=tag:#vlan-2-port-16,172.16.33.2,172.16.33.249,255.255.255.0,10m >> > > dhcp-leasefile=/var/lib/misc/dnsmasq.leases >> > > dhcp-authoritative >> > > log-dhcp >> > > log-facility=/var/log/dnsmasq.log >> > > >> > > log: >> > > Sep 10 14:37:28 dnsmasq[20380]: started, version >> 2.58 >> > > cachesize 150 >> > > Sep 10 14:37:28 dnsmasq[20380]: compile time >> options: >> > > no-IPv6 >> > > GNU-getopt no-DBus i18n DHCP TFTP no-conntrack >> IDN >> > > Sep 10 14:37:28 dnsmasq-dhcp[20380]: DHCP, IP >> range >> > > 172.16.33.2 -- >> > > 172.16.33.249, lease time 10m >> > > Sep 10 14:37:28 dnsmasq-dhcp[20380]: DHCP, IP >> range >> > > 10.1.2.2 -- >> > > 10.1.2.245, lease time 10m >> > > Sep 10 14:37:28 dnsmasq[20380]: reading >> /etc/resolv.conf >> > > Sep 10 14:37:28 dnsmasq[20380]: using nameserver >> > > 91.193.69.4#53 >> > > Sep 10 14:37:28 dnsmasq[20380]: bad address at >> /etc/hosts >> > > line 2 >> > > Sep 10 14:37:28 dnsmasq[20380]: read /etc/hosts - >> 1 >> > > addresses >> > > Sep 10 14:37:39 dnsmasq-dhcp[20380]: 3769651775 >> available >> > > DHCP range: >> > > 172.16.33.2 -- 172.16.33.249 >> > > Sep 10 14:37:39 dnsmasq-dhcp[20380]: 3769651775 >> client >> > > provides name: laptop >> > > Sep 10 14:37:39 dnsmasq-dhcp[20380]: 3769651775 >> > > DHCPDISCOVER(vlan1033) >> > > 172.16.33.121 48:5b:39:36:a2:73 no address >> available >> > > Sep 10 14:37:44 dnsmasq-dhcp[20380]: 3769651775 >> available >> > > DHCP range: >> > > 172.16.33.2 -- 172.16.33.249 >> > > Sep 10 14:37:44 dnsmasq-dhcp[20380]: 3769651775 >> client >> > > provides name: laptop >> > > Sep 10 14:37:44 dnsmasq-dhcp[20380]: 3769651775 >> > > DHCPDISCOVER(vlan1033) >> > > 172.16.33.121 48:5b:39:36:a2:73 no address >> available >> > > >> > > So, dnsmasq got a DHCPDISCOVER message in >> vlan1033 with >> > > option82 that >> > > match tag vlan-2-port-16. >> > > Client doesn't get a lease because of >> 'tag:#vlan-2-port-16' >> > > in last >> > > dhcp-range, that's why I assume that tag >> vlan-2-port-16 is >> > > matched. >> > > The problem is dnsmasq completely ignore first >> range >> > > 'tag:vlan-2-port-16,10.1.2.2....', and always try >> to assign >> > > address >> > > from range 172.16.33.0/24. >> > > I think that happends because there is not ip >> address from >> > > network >> > > 10.1.2.0/24 on vlan1033 unlike ip address >> 172.16.33.252. >> > > So, I assume that dnsmasq assigns address from >> ranges that >> > > match ip >> > > addresses on interfaces dhcp packets come from. >> > > How dhcp relay supposed to work with such >> dnsmasq >> > > behavior? >> > > >> > > _______________________________________________ >> > > Dnsmasq-discuss mailing list >> > > Dnsmasq-discuss@lists.thekelleys.org.uk >> > > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >> > > >> > >> > _______________________________________________ >> > Dnsmasq-discuss mailing list >> > Dnsmasq-discuss@lists.thekelleys.org.uk >> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >> >> _______________________________________________ >> Dnsmasq-discuss mailing list >> Dnsmasq-discuss@lists.thekelleys.org.uk >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >> > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >