Re: [Vyatta-users] DHCP

[Justin Fletcher]

What are the destination addresses that are being forwarded?

Broadcasts shouldn't be forwarded, but the router needs to know that they're
broadcast addresses.  It'll only recognize 10.1.255.255 and 10.2.255.255 as
broadcast addresses.  If a system is sending requests to, say, 10.1.12.255
where a system is set up as a /24, that address is recognized as a perfectly
valid address and will be forwarded.

Justin

On Jan 22, 2008 1:01 PM,  [EMAIL PROTECTED] wrote:

 I've set up a very basic router with only two interfaces: eth0 is my
 10.1.0.0 subnet and eth1 is my 10.2.0.0 subnet. The router's default gateway
 is my Internet router.  The subnets are in different buildings on our campus
 connected via a wireless link.  I use them mainly in conjunction with
 Windows Server 2003 sites to control replication of the of the Active
 Directory and the Distributed File System set up for user home folders.
 Internet access, internal routing between my two subnets, and replication of
 the AD and DFS work fine.

 My problem is that dhcp request broadcasts are being forwarded to the
 10.2.0.0 subnet from the 10.1.0.0 subnet.  Each subnet has its own dhcp
 server (implemented on 2003 machines not the router).  Hosts that should
 receive 10.1.x.x addresses are receiving 10.2.x.x addresses.  dhcp
 forwarding is not configured on the router.  My understanding from the
 documentation is that the router should automatically block broadcasts.  I
 would appreciate any help in discovering what I'm missing.   Below is my
 configuration.

 Thanks,
 Robert

 protocols {
 }
 policy {
 }
 interfaces {
 restore: false
 loopback lo {
 description: 
 }
 ethernet eth0 {
 disable: false
 discard: false
 description: 
 hw-id: 00:d0:b7:92:50:b7
 duplex: auto
 speed: auto
 address 10.1.0.253 {
 prefix-length: 16
 disable: false
 }
 }
 ethernet eth1 {
 disable: false
 discard: false
 description: 
 hw-id: 00:d0:b7:92:9a:ab
 duplex: auto
 speed: auto
 address 10.2.0.1 {
 prefix-length: 16
 disable: false
 }
 }
 }
 service {
 webgui {
 http-port: 80
 https-port: 443
 }
 }
 firewall {
 log-martians: enable
 send-redirects: disable
 receive-redirects: disable
 ip-src-route: disable
 broadcast-ping: disable
 syn-cookies: enable
 }
 system {
 host-name: HSRouter
 domain-name: 
 name-server 206.54.112.1
 time-zone: Denver
 ntp-server 69.59.150.135
 gateway-address: 10.1.0.254
 login {
 user root {
 full-name: 
 authentication {
 encrypted-password: $1$$Ht7gBYnxI1xCdO/JOnodh.
 }
 }
 user vyatta {
 full-name: 
 authentication {
 encrypted-password: $1$$Ht7gBYnxI1xCdO/JOnodh.
 }
 }
 }
 package {
 auto-sync: 1
 repository community {
 component: main
 url: http://archive.vyatta.com/vyatta;
 }
 }
 }

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

Re: [Vyatta-users] DHCP pool questions

[Dave Roberts]

Exactly. Why should anybody care? This is DHCP we're talking about. As
long as a node receives a currently unused address from the pool, you're
up and done.

If you want to control the assignment of nodes to addresses, well, that's
what static addressing is for.

I do think it's a bit odd that the ISC DHCP server would allocate stuff
from the end of the pool rather than the beginning, but that's perfectly
legal, IMO.

This is just a guess, but the ISC server may be using the hash table to
try to reassign the same address back to the same client if it's still
available. As new clients with new MAC addresses come in, they are
assigned a new address in decreasing order, but when a client returns, it
will be assigned the same address as before unless another client is using
it. This probably helps eliminate accidental duplicate corner cases with
things like laptops that go on and off net, machines that go into a
low-power sleep state, etc. In a former company, we used the standard
Windows Server DHCP server and I remember having some issues with
duplicate addresses being handed out. I think the server always got it
right, but I think clients would sometimes miss the fact that their lease
had expired. You can't completely eliminate this problem if the client is
buggy, but you can mitigate it if you try to hand out the same address to
the same clients each time.

-- Dave



  _

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Aubrey Wells
Sent: Sunday, January 13, 2008 9:39 PM
To: Marat Nepomnyashy
Cc: vyatta-users@mailman.vyatta.com
Subject: Re: [Vyatta-users] DHCP pool questions


From the dhcpd.conf (5) man page:
quote
The DHCP server generates the list of available IP addresses from a hash
table. This means that the addresses are not sorted in any particular
order, and so it is not possible to predict the order in which the DHCP
server will allocate IP addresses. Users of previous versions of the ISC
DHCP server may have become accustomed to the DHCP server allocating IP
addresses in ascending order, but this is no longer possible, and there is
no way to configure this behavior with version 3 of the ISC DHCP server.
/quote


So it looks like it is actually non-deterministic what IP you may receive.
If you have a fresh dhcpd.leases file, you will initially get leases in
descending order, but after a few are assigned and some are expired, it
will become somewhat random(ish). This is how the ISC dhcpd daemon works
(which happens to be the most popular (by far) linux dhcp daemon) and isnt
specific to vyatta. If you install dhcpd on a redhat system, you'll see
the exact same behavior.


As for *why* this was done starting with v3 of dhcpd, I dunno. I'm curious
as to why it leasing in descending order is a show-stopper for you? This
seems like a (very) trivial thing to nitpick over. What difference does it
make as long as your clients get addresses?



--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com





On Jan 13, 2008, at 10:41 PM, Marat Nepomnyashy wrote:



Hi Mike,

As far as to why the DHCP server leases out IPs from the end of the block
rather than from the beginning, I'm not sure myself.  I just signed up for
the ISC DHCP server mailing lists at
http://www.isc.org/index.pl?/sw/dhcp/dhcp-lists.php and plan to ask the
people on there this question as well.

If you added a second dhcp pool for eth2, but it did not appear in
'/opt/vyatta/config/dhcpd.conf', and you stil have the config and the
'dhcpd.conf' after that commit, then please include these files with your
message.

Thanks,
Marat

- Original Message -
From: silvertip257 mailto:[EMAIL PROTECTED]
To: Marat Nepomnyashy mailto:[EMAIL PROTECTED]  ;
vyatta-users@mailman.vyatta.com
Sent: Sunday, January 13, 2008 6:54 PM
Subject: Re: [Vyatta-users] DHCP pool questions

Why cannot I take addresses out of the beginning of the block like I'd
rather it do?  How can I (without rewriting/modifying source code)?  That
would really stink to have to statically assign everything to make it the
way (that it makes sense).  It's great and all that it actually does
assign an address and ' works ', but why not start at the beginning?

From what Marat wrote, I understand that you've seen that behavior before
- confirmed.  Now, can it be changed?
I won't try to start any wars here, but that would unfortunately be one
reason I would not want to use Vyatta.  Well that and the WAN dhclient
that's in progress.

I could have sworn (oh and I did commit it) that I added a config for a
second dhcp pool (separate) for eth2, but voila it's gone when I check
dhcpd.conf...

Thanks,
Mike



On Jan 13, 2008 8:37 PM, Marat Nepomnyashy [EMAIL PROTECTED] wrote:


Hi Mike,

As far as I know, it is normal for the ISC DHCP server that the Vyatta
router is using to lease out addresses starting from the last address of
the DHCP lease block, I've seen this before.  Not quite sure myself why
ISC

Re: [Vyatta-users] DHCP pool questions

[silvertip257]

Yeah, that makes sense.
I _wish_ I had a T1 or T3 ... I'd be broke in no time and I'd never use the
24/7 bandwidth!

I've got a Cisco routing/switching class this semester, so I should be able
to apply most of the knowledge from that class to Vyatta and take off!

You guys haven't figured out how to put Vyatta on Cisco 2811s yet have you?
Then I could have Vyatta in the lab in a covert package!
;) Kidding! ;)

Mike

On Jan 14, 2008 8:59 PM, Stig Thormodsrud [EMAIL PROTECTED] wrote:

  Ok, as long as your using dhcp for an ethernet interface it should be
 fine.  Our WAN interfaces that we support are T1 and T3 serial interfaces
 using ppp or hdlc or frame-relay encapsulation and those would not support
 dhcp client since they are point to point.



 stig


   --

 *From:* silvertip257 [mailto:[EMAIL PROTECTED]
 *Sent:* Monday, January 14, 2008 5:54 PM

 *To:* Stig Thormodsrud
 *Subject:* Re: [Vyatta-users] DHCP pool questions



 What should I call my connection to my residential ISP?
 To me it's a WAN connection [I could be wrong] and I need dhclient running
 on eth0 to successfully obtain an address without ticking off my ISP (sure I
 can statically assign it, but they [and eventually I] will not like it) --
 hehe the nature of DHCP.

 I'm not running PPPoE.
 Just DHCP back to my ISP.

 I'll make some nice duplications/collisions for my ISP, that could nicely
 coincide with Dave's Win Server DHCP conflicts!

 Mike

 On Jan 14, 2008 4:31 PM, Stig Thormodsrud [EMAIL PROTECTED] wrote:

 Hi Mark,



 I'm curious when you say WAN dhcp.  Most WAN is point to point and dhcp
 client wouldn't really apply.  Are you talking about PPPoE?



 stig


   --

 *From:* silvertip257 [mailto:[EMAIL PROTECTED]
 *Sent:* Sunday, January 13, 2008 8:53 PM
 *To:* Stig Thormodsrud


 *Subject:* Re: [Vyatta-users] DHCP pool questions



 Awesome - that's what I've been reading as I sift through the emails I get
 from the mailing list.

 Mike

 On Jan 13, 2008 11:24 PM, Stig Thormodsrud  [EMAIL PROTECTED] wrote:

 Ø Well that and the WAN dhclient that's in progress.



 Dhcp client has already been committed to the development branch which
 means it'll be available in the next release (glendale) assuming the testing
 goes well.



 stig


   --

 *From:* [EMAIL PROTECTED] [mailto:
 [EMAIL PROTECTED] *On Behalf Of *silvertip257
 *Sent:* Sunday, January 13, 2008 6:55 PM
 *To:* Marat Nepomnyashy; vyatta-users@mailman.vyatta.com
 *Subject:* Re: [Vyatta-users] DHCP pool questions



 Why cannot I take addresses out of the beginning of the block like I'd
 rather it do?  How can I (without rewriting/modifying source code)?  That
 would really stink to have to statically assign everything to make it the
 way (that it makes sense).  It's great and all that it actually does assign
 an address and ' works ', but why not start at the beginning?

 From what Marat wrote, I understand that you've seen that behavior before
 - confirmed.  Now, can it be changed?
 I won't try to start any wars here, but that would unfortunately be one
 reason I would not want to use Vyatta.  Well that and the WAN dhclient
 that's in progress.

 I could have sworn (oh and I did commit it) that I added a config for a
 second dhcp pool (separate) for eth2, but voila it's gone when I check
 dhcpd.conf...

 Thanks,
 Mike

   On Jan 13, 2008 8:37 PM, Marat Nepomnyashy [EMAIL PROTECTED] wrote:

 Hi Mike,



 As far as I know, it is normal for the ISC DHCP server that the Vyatta
 router is using to lease out addresses starting from the last address of the
 DHCP lease block, I've seen this before.  Not quite sure myself why ISC does
 it this way, maybe there is an assumption that the IPs at the end of the
 block are less likely to be already taken...



 When you write I have discovered that various parts have been separated
 from the main config, what do you mean?



 The DHCP server configuration file is '/opt/vyatta/etc/dhcpd.conf', not
 '/opt/vyatta/etc/dhcp.conf'.  The configuration for eth2 should not show up
 there if you did not configure any DHCP leases for any of the subnets to
 which your the interface is connected.



 If you have additional questions, please send us snippets of your router
 configuration under hierarchies 'interfaces ethernet' and 'service
 dhcp-server'.  Please also send the contents of
 '/opt/vyatta/etc/dhcpd.conf'.



 Thanks,

 Marat

   - Original Message -

 *From:* silvertip257 [EMAIL PROTECTED]

 *To:* vyatta-users@mailman.vyatta.com

 *Sent:* Saturday, January 12, 2008 4:36 PM

 *Subject:* [Vyatta-users] DHCP pool questions



 I've set up a complete vyatta system a few times, even with two versions (
 2.2 and 3.0).
 I'm currently working with 3.0 and I'm getting the same behavior as the
 last time.

 I setup a DHCP server on eth1, but when it hands out addresses, it always
 gives out the last address in the block (in this case

Re: [Vyatta-users] DHCP pool questions

[Marat Nepomnyashy]

Hi Mike,

As far as to why the DHCP server leases out IPs from the end of the block 
rather than from the beginning, I'm not sure myself.  I just signed up for the 
ISC DHCP server mailing lists at 
http://www.isc.org/index.pl?/sw/dhcp/dhcp-lists.php and plan to ask the people 
on there this question as well.

If you added a second dhcp pool for eth2, but it did not appear in 
'/opt/vyatta/config/dhcpd.conf', and you stil have the config and the 
'dhcpd.conf' after that commit, then please include these files with your 
message.

Thanks,
Marat
  - Original Message - 
  From: silvertip257 
  To: Marat Nepomnyashy ; vyatta-users@mailman.vyatta.com 
  Sent: Sunday, January 13, 2008 6:54 PM
  Subject: Re: [Vyatta-users] DHCP pool questions


  Why cannot I take addresses out of the beginning of the block like I'd rather 
it do?  How can I (without rewriting/modifying source code)?  That would really 
stink to have to statically assign everything to make it the way (that it makes 
sense).  It's great and all that it actually does assign an address and ' works 
', but why not start at the beginning? 

  From what Marat wrote, I understand that you've seen that behavior before - 
confirmed.  Now, can it be changed?
  I won't try to start any wars here, but that would unfortunately be one 
reason I would not want to use Vyatta.  Well that and the WAN dhclient that's 
in progress. 

  I could have sworn (oh and I did commit it) that I added a config for a 
second dhcp pool (separate) for eth2, but voila it's gone when I check 
dhcpd.conf...

  Thanks,
  Mike


On Jan 13, 2008 8:37 PM, Marat Nepomnyashy [EMAIL PROTECTED] wrote:

  Hi Mike,

  As far as I know, it is normal for the ISC DHCP server that the Vyatta 
router is using to lease out addresses starting from the last address of the 
DHCP lease block, I've seen this before.  Not quite sure myself why ISC does it 
this way, maybe there is an assumption that the IPs at the end of the block are 
less likely to be already taken...

  When you write I have discovered that various parts have been separated 
from the main config, what do you mean?

  The DHCP server configuration file is '/opt/vyatta/etc/dhcpd.conf', not 
'/opt/vyatta/etc/dhcp.conf'.  The configuration for eth2 should not show up 
there if you did not configure any DHCP leases for any of the subnets to which 
your the interface is connected.

  If you have additional questions, please send us snippets of your router 
configuration under hierarchies 'interfaces ethernet' and 'service 
dhcp-server'.  Please also send the contents of '/opt/vyatta/etc/dhcpd.conf'.

  Thanks,
  Marat
- Original Message - 
From: silvertip257 
To: vyatta-users@mailman.vyatta.com 
Sent: Saturday, January 12, 2008 4:36 PM
Subject: [Vyatta-users] DHCP pool questions


I've set up a complete vyatta system a few times, even with two 
versions (2.2 and 3.0).
I'm currently working with 3.0 and I'm getting the same behavior as the 
last time.

I setup a DHCP server on eth1, but when it hands out addresses, it 
always gives out the last address in the block (in this case 192.168.0.60 
consistently).
When finding the configuration, I have discovered that various parts 
have been separated from the main config - I don't know if it was that way in 
previous versions, but thought I'd mention it. 
Also, my DHCP server for eth2 does not show up in 
/opt/vyatta/etc/dhcp.conf ;; that's another issue that I'll have to solve after 
this one.

My config for the DHCP server:
shared-network Subnet1 {
subnet 192.168.0.32 netmask 255.255.255.224 {
not authoritative;
default-lease-time 86400;
max-lease-time 86400;
range 192.168.0.34 192.168.0.60;
}

Thanks,
Mike

-- 
//  SilverTip257  //
==
  ~
 · ·
 /V\
// \\
/(   )\
^`~´^ 



___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users 





-- 
//  SilverTip257  //
==
  ~
 · ·
 /V\
// \\
/(   )\
^`~´^ 








  -- 
  //  SilverTip257  //
  ==
~
   · ·
   /V\
  // \\
  /(   )\
  ^`~´^ ___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

Re: [Vyatta-users] DHCP pool questions

[Stig Thormodsrud]

* Well that and the WAN dhclient that's in progress.



Dhcp client has already been committed to the development branch which
means it’ll be available in the next release (glendale) assuming the
testing goes well.



stig





  _

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of silvertip257
Sent: Sunday, January 13, 2008 6:55 PM
To: Marat Nepomnyashy; vyatta-users@mailman.vyatta.com
Subject: Re: [Vyatta-users] DHCP pool questions



Why cannot I take addresses out of the beginning of the block like I'd
rather it do?  How can I (without rewriting/modifying source code)?  That
would really stink to have to statically assign everything to make it the
way (that it makes sense).  It's great and all that it actually does
assign an address and ' works ', but why not start at the beginning?

From what Marat wrote, I understand that you've seen that behavior before
- confirmed.  Now, can it be changed?
I won't try to start any wars here, but that would unfortunately be one
reason I would not want to use Vyatta.  Well that and the WAN dhclient
that's in progress.

I could have sworn (oh and I did commit it) that I added a config for a
second dhcp pool (separate) for eth2, but voila it's gone when I check
dhcpd.conf...

Thanks,
Mike

On Jan 13, 2008 8:37 PM, Marat Nepomnyashy [EMAIL PROTECTED] wrote:

Hi Mike,



As far as I know, it is normal for the ISC DHCP server that the Vyatta
router is using to lease out addresses starting from the last address of
the DHCP lease block, I've seen this before.  Not quite sure myself why
ISC does it this way, maybe there is an assumption that the IPs at the end
of the block are less likely to be already taken...



When you write I have discovered that various parts have been separated
from the main config, what do you mean?



The DHCP server configuration file is '/opt/vyatta/etc/dhcpd.conf', not
'/opt/vyatta/etc/dhcp.conf'.  The configuration for eth2 should not show
up there if you did not configure any DHCP leases for any of the subnets
to which your the interface is connected.



If you have additional questions, please send us snippets of your router
configuration under hierarchies 'interfaces ethernet' and 'service
dhcp-server'.  Please also send the contents of
'/opt/vyatta/etc/dhcpd.conf'.



Thanks,

Marat

- Original Message -

From: silvertip257 mailto:[EMAIL PROTECTED]

To: vyatta-users@mailman.vyatta.com

Sent: Saturday, January 12, 2008 4:36 PM

Subject: [Vyatta-users] DHCP pool questions



I've set up a complete vyatta system a few times, even with two versions
(2.2 and 3.0).
I'm currently working with 3.0 and I'm getting the same behavior as the
last time.

I setup a DHCP server on eth1, but when it hands out addresses, it always
gives out the last address in the block (in this case 192.168.0.60
consistently).
When finding the configuration, I have discovered that various parts have
been separated from the main config - I don't know if it was that way in
previous versions, but thought I'd mention it.
Also, my DHCP server for eth2 does not show up in
/opt/vyatta/etc/dhcp.conf ;; that's another issue that I'll have to solve
after this one.

My config for the DHCP server:
shared-network Subnet1 {
subnet 192.168.0.32 netmask 255.255.255.224 {
not authoritative;
default-lease-time 86400;
max-lease-time 86400;
range 192.168.0.34 192.168.0.60;
}

Thanks,
Mike

--
//  SilverTip257  //
==
  ~
 · ·
 /V\
// \\
/(   )\
^`~´^


  _


___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
http://mailman.vyatta.com/mailman/listinfo/vyatta-users





--
//  SilverTip257  //
==
  ~
 · ·
 /V\
// \\
/(   )\
^`~´^









--
//  SilverTip257  //
==
  ~
 · ·
 /V\
// \\
/(   )\
^`~´^

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

Re: [Vyatta-users] DHCP relay

[Dams]

Thanks for your reply.

Sorry, my mistake : not eth1 but eth0. (192.168.10.X)

Eth2 - network with the DHCP Server on network 192.168.2.XXx

The DHCP serve the scope (192.168.2.0) as well : here no problem the pc got
their IP (see the log, after)

and I would like that the DHCP server serve the scope 192.168.10.XX as well
on the interfaces eth0

So on my windows server, I have a superScope with 2 scope (192.168.2.0 and
192.168.10.0)


styohanes:~# tcpdump -n port 67 -i eth2
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth2, link-type EN10MB (Ethernet), capture size 96 bytes

07:45:14.790263 IP 192.168.2.10.67  192.168.2.2.67: BOOTP/DHCP, Request
from XXX, length 300
07:45:31.788526 IP 192.168.2.10.67  192.168.2.2.67: BOOTP/DHCP, Request
from XXX, length 300
07:46:32.337900 IP 192.168.2.154.68  255.255.255.255.67: BOOTP/DHCP,
Request from XXX333, length 300
07:47:15.884938 IP 0.0.0.0.68  255.255.255.255.67: BOOTP/DHCP, Request from
XXX222, length 300
07:47:15.885338 IP 192.168.2.2.67  255.255.255.255.68: BOOTP/DHCP, Reply,
length 300
07:47:28.896045 IP 0.0.0.0.68  255.255.255.255.67: BOOTP/DHCP, Request from
XXX222, length 300
07:47:28.896468 IP 192.168.2.2.67  255.255.255.255.68: BOOTP/DHCP, Reply,
length 300
07:50:50.781445 IP 192.168.2.10.67  192.168.2.2.67: BOOTP/DHCP, Request
from XXX, length 300
07:50:53.777544 IP 192.168.2.10.67  192.168.2.2.67: BOOTP/DHCP, Request
from XXX, length 300

So, the request is going to the DHCP server, but no reply from him.
But it work fine for the mac XXX222 which is in the network 192.168.2.0

I think the problem is from my DCHP Server,
How can you define a scope to reply to a router
- link the Scope 192.168.10.0 to the router 192.168.10.1 ?


Thanks for your help.

only 6 hours on a DHCP problem, :-/



merci
Damien


On Dec 6, 2007 9:40 PM, Robyn Orosz [EMAIL PROTECTED] wrote:

 Hi Damien,

 What interface is the network connected to that you wish to serve DHCP
 addresses?  You mention eth1 in your post, but I only see eth0 and eth2
 configured for dhcp-relay.  If you want to serve hosts behind eth1, you
 need to add eth1 to the dhcp-relay configuration.

 To make this more clear, if your win 2k3 server is configured with a
 DHCP scope for network 192.168.10.x, it will only serve requests made
 from the interface configured with 192.168.10.x.  The dhcp-relay adds
 the IP address of the interface that requests are seen on into the BOOTP
 request packets so the DHCP server knows which scope to serve addresses
 to.

 Thank you,

 Robyn

 Troopy . wrote:
  Hello,
 
  Did you check the routing? i mean the DHCP server must be able to
   reach the client at the IP layer.
 
  I remember i forgot this when i wrote the DHCP openmaniak tutorial.
  (See the case study, i forgot set protocols static route 0.0.0.0/0next-hop
 10.0.2.2)
 
 
  Bonne chance
  Troopy
 
  -- Original Message --
  From: Dams [EMAIL PROTECTED]
  Date:  Thu, 6 Dec 2007 18:01:08 +0700
 
 
  Hello,
 
 
  I have a problem with the DHCP-relay
 
  Config:
 dhcp-relay {
 interface eth0
 interface eth2
 server 192.168.2.2
 relay-options {
 }
 
 
  Eth0 conect to my DHCP server (win 2k3 Server) : 192.168.2.2
  and Eth1 to a subnet : 192.168.10.X
 
  But the dhcp relay doesn't work
  X:~# tcpdump -n port 67
  tcpdump: verbose output suppressed, use -v or -vv for full protocol
 decode
  listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
  17:50:29.636059 IP 0.0.0.0.68  255.255.255.255.67: BOOTP/DHCP, Request
 from
  X, length 300
  17:50:33.376048 IP 0.0.0.0.68  255.255.255.255.67: BOOTP/DHCP, Request
 from
  X, length 300
  17:50:38.370026 IP 0.0.0.0.68  255.255.255.255.67: BOOTP/DHCP, Request
 from
  X, length 300
  17:50:47.370767 IP 0.0.0.0.68  255.255.255.255.67: BOOTP/DHCP, Request
 from
  X, length 300
  17:51:03.369141 IP 0.0.0.0.68  255.255.255.255.67: BOOTP/DHCP, Request
 from
  X, length 300
 
 
  But If I add the MAC on static in my DHCP Server, it work fine.
 
  XXX:~# tcpdump -n port 67
  tcpdump: verbose output suppressed, use -v or -vv for full protocol
 decode
  listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
  17:11:28.052775 IP 0.0.0.0.68  255.255.255.255.67: BOOTP/DHCP, Request
 from
  X, length 300
  17:11:28.053871 IP 192.168.10.1.67  255.255.255.255.68: BOOTP/DHCP,
 Reply,
  length 318
  17:11:28.055461 IP 0.0.0.0.68  255.255.255.255.67: BOOTP/DHCP, Request
 from
  X, length 302
  17:11:28.056391 IP 192.168.10.1.67  255.255.255.255.68: BOOTP/DHCP,
 Reply,
  length 318
 
 
  What did I miss ?
 
 
  I follow the HowTo
  http://www.openmaniak.com/vyatta_case_dhcp.php#dhcp-process which is
  brilliant, thanks.
  The only differents is that my DHCP is not on the router, but on
 another PC.
 
  Do I need to add a route to define the DHCP Server?
  Do i need to add a data on 

Re: [Vyatta-users] DHCP relay

[Dams]

Thanks Robyn,


My config
Internet - Untangle -- Switch and plug on the switch Vyatta Router, the
network 192.168.2.0, and the DHCP Server

Schema:
   X -   Vyatta --
Network 192.168.10.0
Internet --- Untangle Gateway --- Switch
  X--   Network
192.168.2.0 + DHCP Server

My config on vyatta
protocols {
snmp {
community public {
client 192.168.2.5
client 192.168.2.99
}
trap-target 192.168.1.1
trap-target 192.168.10.1
contact: Network Administrator
location: X
}
static {
}
}
policy {
}
interfaces {
loopback lo {
address 10.0.0.65 {
prefix-length: 32
}
}
ethernet eth0 {
description: My Sub Net 10
hw-id: 00:03:47:06:39:9e
address 192.168.10.1 {
prefix-length: 24
}
}
ethernet eth1 {
disable: true
description: Not Working
hw-id: 00:06:5b:a5:29:10
}
ethernet eth2 {
description: Interface Out
hw-id: 00:0e:2e:98:18:80
address 192.168.2.10 {
prefix-length: 24
}
}
}
service {
dhcp-relay {
interface eth0
interface eth2
server 192.168.2.2
relay-options {
}
}
   nat {
rule 1 {
type: masquerade
outbound-interface: eth2
}
rule 2 {
type: masquerade
inbound-interface: eth2
outbound-interface: eth0
protocols: all
source {
network: 192.168.2.0/24
}
destination {
network: 192.168.10.0/24
}
}
}
ssh {
}
webgui {
}
}
firewall {
 }
}
system {
host-name: X
domain-name: .ac.id
domain-search {
domain X.ac.id
}
name-server 192.168.2.2
time-zone: GMT+7
ntp-server 69.59.150.135
gateway-address: 192.168.2.1
login {
user root {
authentication {
encrypted-password: 
}
}
user vyatta {
authentication {
encrypted-password: 
}
}
user networkadmin {
full-name: Network Administrator
authentication {
encrypted-password: 
plaintext-password: 
}
}
}
package {
repository community {
component: main
url: http://archive.vyatta.com/vyatta;
}
}
options {
}
}

The capture from a PC in the network 192.168.2.0
tshark -i eth2 port 67 and port 68 -Vn

Frame 5 (342 bytes on wire, 342 bytes captured)
Arrival Time: Dec  6, 2007 09:00:22.590416000
[Time delta from previous packet: 0.018551000 seconds]
[Time since reference or first frame: 0.019484000 seconds]
Frame Number: 5
Packet Length: 342 bytes
Capture Length: 342 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:bootp]
Ethernet II, Src: MacRouterEth2 (MacRouterEth2), Dst: 
   (XXX)
Destination:  (X)
Address:  (X)
 ...0     = IG bit: Individual address (unicast)
 ..0.     = LG bit: Globally unique address
(factorydefault)
Source: MAC (MacRouterEth2)
Address: MacRouterEth2 (0MacRouterEth2)
 ...0     = IG bit: Individual address (unicast)
 ..0.     = LG bit: Globally unique address
(factorydefault)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.2.10 (192.168.2.10), Dst: 192.168.2.196 (
192.168   .2.196)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00)
0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
 ..0. = ECN-Capable Transport (ECT): 0
 ...0 = ECN-CE: 0
Total Length: 328
Identification: 0x (0)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 16
Protocol: UDP (0x11)
Header checksum: 0x2377 [correct]

Re: [Vyatta-users] DHCP relay

[Robyn Orosz]

Hi Damien,

Thanks for the extra info.  I think the problem may be due to your 
masquerade rules.  Rule 1 is masquerading all traffic that leaves eth2.  
So, anything with a source address of 192.168.10.x will be changed to a 
source address of 192.168.2.10. 

Rule 2 looks like it's basically doing the reverse.  Why do you have 
these masquerade rules configured?  You shouldn't need any NAT for the 2 
connected networks and this will confuse things as I think it may be 
doing now.

Thanks,

Robyn

Dams wrote:
 Thanks Robyn,


 My config
 Internet - Untangle -- Switch and plug on the switch Vyatta Router, 
 the network 192.168.2.0 http://192.168.2.0, and the DHCP Server

 Schema:
X -   
 Vyatta -- Network 192.168.10.0 http://192.168.10.0
 Internet --- Untangle Gateway --- Switch 
   X--   
 Network 192.168.2.0 http://192.168.2.0 + DHCP Server

 My config on vyatta
 protocols {
 snmp {
 community public {
 client 192.168.2.5 http://192.168.2.5
 client 192.168.2.99 http://192.168.2.99
 }
 trap-target 192.168.1.1 http://192.168.1.1
 trap-target 192.168.10.1 http://192.168.10.1
 contact: Network Administrator
 location: X
 }
 static {
 }
 }
 policy {
 }
 interfaces {
 loopback lo {
 address 10.0.0.65 http://10.0.0.65 {
 prefix-length: 32
 }
 }
 ethernet eth0 {
 description: My Sub Net 10
 hw-id: 00:03:47:06:39:9e
 address 192.168.10.1 http://192.168.10.1 {
 prefix-length: 24
 }
 }
 ethernet eth1 {
 disable: true
 description: Not Working
 hw-id: 00:06:5b:a5:29:10
 }
 ethernet eth2 {
 description: Interface Out
 hw-id: 00:0e:2e:98:18:80
 address 192.168.2.10 http://192.168.2.10 {
 prefix-length: 24
 }
 }
 }
 service {
 dhcp-relay {
 interface eth0
 interface eth2
 server 192.168.2.2 http://192.168.2.2
 relay-options {
 }
 }
nat {
 rule 1 {
 type: masquerade
 outbound-interface: eth2
 }
 rule 2 {
 type: masquerade
 inbound-interface: eth2
 outbound-interface: eth0
 protocols: all
 source {
 network:  192.168.2.0/24 http://192.168.2.0/24
 }
 destination {
 network: 192.168.10.0/24 http://192.168.10.0/24
 }
 }
 }
 ssh {
 }
 webgui {
 }
 }
 firewall {
  }
 }
 system {
 host-name: X
 domain-name:  .ac.id http://.ac.id
 domain-search {
 domain X.ac.id http://X.ac.id
 }
 name-server 192.168.2.2 http://192.168.2.2
 time-zone: GMT+7
 ntp-server 69.59.150.135 http://69.59.150.135
 gateway-address: 192.168.2.1 http://192.168.2.1
 login {
 user root {
 authentication {
 encrypted-password: 
 }
 }
 user vyatta {
 authentication {
 encrypted-password: 
 }
 }
 user networkadmin {
 full-name: Network Administrator
 authentication {
 encrypted-password: 
 plaintext-password: 
 }
 }
 }
 package {
 repository community {
 component: main
 url: http://archive.vyatta.com/vyatta;
 }
 }
 options {
 }
 }

 The capture from a PC in the network 192.168.2.0 http://192.168.2.0
 tshark -i eth2 port 67 and port 68 -Vn

 Frame 5 (342 bytes on wire, 342 bytes captured)
 Arrival Time: Dec  6, 2007 09:00: 22.590416000
 [Time delta from previous packet: 0.018551000 seconds]
 [Time since reference or first frame: 0.019484000 seconds]
 Frame Number: 5
 Packet Length: 342 bytes
 Capture Length: 342 bytes
 [Frame is marked: False]
 [Protocols in frame: eth:ip:udp:bootp]
 Ethernet II, Src: MacRouterEth2 (MacRouterEth2), Dst:  
(XXX)
 Destination:  (X)
 Address:  (X)
  ...0     = IG bit: Individual address 
 (unicast)
  ..0.     = LG bit: Globally unique 
 address (factory   

Re: [Vyatta-users] DHCP relay in vif interfaces (vc3)

[Sergio Garcia]

Thanks Marat, I will try it asap.


Marat Nepomnyashy wrote:
 Hi Sergio,

 There is a limitation in the VC3 release in that only 'ethX' values 
 can be specified for DHCP relay interfaces.  This is due to overly 
 stringent validation checks.  I just opened a new bug on this:

 https://bugzilla.vyatta.com/show_bug.cgi?id=2473


 A temporary work-around can be implemented using the attachments just 
 added to Bug 2473.

 There is the attachment id 238 that should be copied over the runtime 
 file '/opt/vyatta/share/xorp/templates/rl_dhcp.tp' on your router.  
 You will also need to apply the patch in attachment id 239 to the 
 runtime script file '/opt/vyatta/sbin/dhcrelay-starter.pl' to disable 
 another validation check. You will have to reboot the router for the 
 validation checks removals to take effect, so make sure you're running 
 off a disk rather than CDROM, or the changes will be lost.

 Hope this works for now,

 -- Marat

 - Original Message - From: Sergio Garcia [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Wednesday, November 14, 2007 4:34 AM
 Subject: [Vyatta-users] DHCP relay in vif interfaces (vc3)


 Hi all.
 I hope you can help me with this doubt :)
 I want to relay dhcp requests incoming from tree eth1 vif's to a dhcp
 server but Vyatta VC3 only allows me to select ethX interfaces (X goes
 from 0 to 23).

 Is it possible to do this? Launching dhcrelay manually is not a good
 solution, but if it is the only way I will accept.

 Thanks in advance

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users





--
This mail has been sent through DS2 mail server
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

Re: [Vyatta-users] DHCP relay in vif interfaces (vc3)

[Marat Nepomnyashy]

Hi Sergio,

There is a limitation in the VC3 release in that only 'ethX' values can be 
specified for DHCP relay interfaces.  This is due to overly stringent 
validation checks.  I just opened a new bug on this:

https://bugzilla.vyatta.com/show_bug.cgi?id=2473


A temporary work-around can be implemented using the attachments just added 
to Bug 2473.

There is the attachment id 238 that should be copied over the runtime file 
'/opt/vyatta/share/xorp/templates/rl_dhcp.tp' on your router.  You will also 
need to apply the patch in attachment id 239 to the runtime script file 
'/opt/vyatta/sbin/dhcrelay-starter.pl' to disable another validation check. 
You will have to reboot the router for the validation checks removals to 
take effect, so make sure you're running off a disk rather than CDROM, or 
the changes will be lost.

Hope this works for now,

-- Marat

- Original Message - 
From: Sergio Garcia [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, November 14, 2007 4:34 AM
Subject: [Vyatta-users] DHCP relay in vif interfaces (vc3)


 Hi all.
 I hope you can help me with this doubt :)
 I want to relay dhcp requests incoming from tree eth1 vif's to a dhcp
 server but Vyatta VC3 only allows me to select ethX interfaces (X goes
 from 0 to 23).

 Is it possible to do this? Launching dhcrelay manually is not a good
 solution, but if it is the only way I will accept.

 Thanks in advance

 ___
 Vyatta-users mailing list
 Vyatta-users@mailman.vyatta.com
 http://mailman.vyatta.com/mailman/listinfo/vyatta-users
 

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

Re: [Vyatta-users] DHCP/NAT/Firewall rules

[Tony Cratz]

Allan Leinwand wrote:
 Hi Tony,
 
I believe that the established keyword should only allow connections
 from the Internet back into your network that have the TCP SYN ACK flags
 set. So, if I understand your DNAT rules correctly, it would only allow TCP
 SYN ACK packets back into your network with the destination ports you
 specified.  Please see http://www.faqs.org/docs/iptables/tcpconnections.html
 for more on iptables.
 
If I'm wrong (as I am apt to do these days :) I am sure someone will
 correct me


I believe you are wrong. Look for my next message where I will
go into more detail on why.

Tony
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

Re: [Vyatta-users] DHCP/NAT/Firewall rules

[An-Cheng Huang]

Hi Tony,

You should be able to put the allowed ports in the destination 
port-number/portname fields in the DNAT rule. This  way, only packets with 
those destination ports will be DNATed and be able to access the 10.1.1.2 
server.

An-Cheng

Tony Cratz wrote:
   I have set-up my OFR to use DHCP with an internal address
   space of 10.1.1.0/24. My OFR will receive my 71.159.206.0/29
   on the IP of 71.140.62.22.
 
   So I'm using NAT to map 71.159.206.2 to 10.1.1.2 (as a
   bi-directional NAT).
 
   Now I want to have some rules (firewall?) to allow only a
   few ports to connect to the 71.159.206.2 (10.1.1.2) system
   such as SMTP, SSH, FTP, HTTP and a few others.
 
   The question I have is should these rules be defined as
   Firewall rules or as NAT rules?
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

Re: [Vyatta-users] DHCP/NAT/Firewall rules

[Tony Cratz]

An-Cheng Huang wrote:
 Hi Tony,
 
 You should be able to put the allowed ports in the destination
 port-number/portname fields in the DNAT rule. This  way, only packets
 with those destination ports will be DNATed and be able to access the
 10.1.1.2 server.
 
 An-Cheng
 
 Tony Cratz wrote:
 I have set-up my OFR to use DHCP with an internal address
 space of 10.1.1.0/24. My OFR will receive my 71.159.206.0/29
 on the IP of 71.140.62.22.

 So I'm using NAT to map 71.159.206.2 to 10.1.1.2 (as a
 bi-directional NAT).

 Now I want to have some rules (firewall?) to allow only a
 few ports to connect to the 71.159.206.2 (10.1.1.2) system
 such as SMTP, SSH, FTP, HTTP and a few others.

 The question I have is should these rules be defined as
 Firewall rules or as NAT rules?


Thanks for the answer.

 background comment
I have done a bit more readying since I sent the last
two messages and found an old message to the list back
in 10/2006 which mention about state {established: enable}
thus answering the question about reflector lists. (note:
this is not covered in the Configuration Guild, I had to
read about it in the Command Reference to come close to
understanding it).

I also understand now that the firewalls really sit at the
very edge on the interfaces. So in my above case I would
need to use the 10.1.1.0/24 addresses in the rules.
/background comment


Now this brings up a couple of new question, if I have a
firewall on eth1 (which would be the LAN interface) which
uses reflector lists ( state {established: enable} ) and I
specified the ports in my DNAT ... does this now 'punches'
those ports through the firewall?

Or are the ports now blocked by the firewall for any
'new' connections?


Tony



___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

Re: [Vyatta-users] DHCP/NAT/Firewall rules

[Allan Leinwand]

Hi Tony,

   I believe that the established keyword should only allow connections
from the Internet back into your network that have the TCP SYN ACK flags
set. So, if I understand your DNAT rules correctly, it would only allow TCP
SYN ACK packets back into your network with the destination ports you
specified.  Please see http://www.faqs.org/docs/iptables/tcpconnections.html
for more on iptables.

   If I'm wrong (as I am apt to do these days :) I am sure someone will
correct me

Take care,

Allan

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Cratz
Sent: Tuesday, October 02, 2007 2:30 PM
To: [EMAIL PROTECTED]
Subject: Re: [Vyatta-users] DHCP/NAT/Firewall rules

An-Cheng Huang wrote:
 Hi Tony,
 
 You should be able to put the allowed ports in the destination 
 port-number/portname fields in the DNAT rule. This  way, only packets 
 with those destination ports will be DNATed and be able to access the
 10.1.1.2 server.
 
 An-Cheng
 
 Tony Cratz wrote:
 I have set-up my OFR to use DHCP with an internal address
 space of 10.1.1.0/24. My OFR will receive my 71.159.206.0/29
 on the IP of 71.140.62.22.

 So I'm using NAT to map 71.159.206.2 to 10.1.1.2 (as a
 bi-directional NAT).

 Now I want to have some rules (firewall?) to allow only a
 few ports to connect to the 71.159.206.2 (10.1.1.2) system
 such as SMTP, SSH, FTP, HTTP and a few others.

 The question I have is should these rules be defined as
 Firewall rules or as NAT rules?


Thanks for the answer.

 background comment
I have done a bit more readying since I sent the last
two messages and found an old message to the list back
in 10/2006 which mention about state {established: enable}
thus answering the question about reflector lists. (note:
this is not covered in the Configuration Guild, I had to
read about it in the Command Reference to come close to
understanding it).

I also understand now that the firewalls really sit at the
very edge on the interfaces. So in my above case I would
need to use the 10.1.1.0/24 addresses in the rules.
/background comment


Now this brings up a couple of new question, if I have a
firewall on eth1 (which would be the LAN interface) which
uses reflector lists ( state {established: enable} ) and I
specified the ports in my DNAT ... does this now 'punches'
those ports through the firewall?

Or are the ports now blocked by the firewall for any
'new' connections?


Tony



___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

Re: [Vyatta-users] DHCP: not configured to listen on any interfaces!

[Troopy .]

Hello,

Concerning the message

not configured to listen on any interfaces!

i configure an IP address on an interface and it's working now

But i still don't see the exclude command.

Thanks

Troopy

-- Original Message --
From: Troopy . [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date:  Tue,  4 Sep 2007 09:52:08 +0200



Hello,

I am sorry i have another question.
This time not a stupid one (i hope)

I don't find the dhcp exclude command too.

This time i am looking at the right place, i am at the dhcp subnet level and 
cannot
 see the set exclude command. i can see everything like 
 domain-name,start,default-router but not exclude

second thing when i just confiugure the dhcp shared-network-name and the 
subnet,i have the following thing:

not configured to listen on any interfaces!

Did i miss something, 
i could try to play on the Debian and add

DHCPDARGS=eth0

to the dhcp.conf file but i think this is not a solution

Thanks again

TRoopy



-- Original Message --
From: Troopy . [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date:  Tue,  4 Sep 2007 08:33:42 +0200


Thanks very much

We though that set start and set stop were at the same config level.

THANKS again

TRoopy


-- Original Message --
From: Marat Nepomnyashy [EMAIL PROTECTED]
Date:  Mon, 3 Sep 2007 21:26:47 -0700


Hello Troopy,

The DHCP range stop address is specified under the DHCP range start address.

Here's an example of a command to set the start and stop IPs of the DHCP 
range leased out on shared network named dhcp1:

'set service dhcp-server shared-network-name dhcp1 subnet 192.168.2.0/24 
start 192.168.2.100 stop 192.168.2.200'


If you do a 'show service dhcp-server', this is what the output would be:

[EMAIL PROTECTED] show service dhcp-server
   shared-network-name dhcp1 {
   subnet 192.168.2.0/24 {
   start 192.168.2.100 {
   stop: 192.168.2.200
   }
   }
   }



Hope this works, let me know if you have any more problems.

-- Marat

- Original Message - 
From: Troopy . [EMAIL PROTECTED]
To: vyatta-users@mailman.vyatta.com
Sent: Monday, September 03, 2007 2:53 AM
Subject: [Vyatta-users] DHCP settings




Hello,

We are trying VC2.2 with DHCP settings.

We can use set start ip_address but not set stop ip_address, the command 
is not recognized. (!)

When we try to commit with only set start ip_address, vyatta complains 
that set stop is not configured 



Thanks

The Openmaniak Team, http://www.openmaniak.com

We will try to release new tutorials on
- DHCP (VC2 was bugged)
- BGP (VC2 was bugged)
- VRRP authentification (VC2 was bugged)
- IPSec (new vc2.2 functionnality)


__
Désirez vous une adresse éléctronique @suisse.com?
Visitez la Suisse virtuelle sur http://www.suisse.com





__
Désirez vous une adresse éléctronique @suisse.com?
Visitez la Suisse virtuelle sur http://www.suisse.com

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users


 

 
__
Désirez vous une adresse éléctronique @suisse.com?
Visitez la Suisse virtuelle sur http://www.suisse.com


 

 
__
Désirez vous une adresse éléctronique @suisse.com?
Visitez la Suisse virtuelle sur http://www.suisse.com

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

 

 
__
Désirez vous une adresse éléctronique @suisse.com?
Visitez la Suisse virtuelle sur http://www.suisse.com

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

Re: [Vyatta-users] DHCP ip address on ethernet interface

[Dave Roberts]

 Hello Vyatta,
 
 I found vyatta for a few days and i installed it successfully 
 on my box.
 It runs all fine and i updated it to the latest state.
 
 But i have a simple question, it ist possible to recive a 
 dynamic ip from an dhcp server on an vyatta ethernet 
 interface ? i didnt find a solution in the past ? ...like on 
 linux dhclient eth0
 
 best regards
 
 Michael

Michael,

DHCP client addressing on interfaces is a highly requested feature but it
isn't yet in the software. We're working on some changes to the system
that will get it there in a couple of releases. The actual feature itself
it relatively trivial to implement using the standard DHCP client packages
but it has to wait until we make some other changes to the way that
interfaces are handled in the system such that we don't interfere with the
DHCP operation. Unfortunately, this other work is taking longer that we'd
like. Look for this change in a  few months.

In the mean time, feel free to add your vote to the list of top-requested
enhancements on the wiki:
http://www.vyatta.com/twiki/bin/view/Community/TopEnhancements

-- Dave

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users