vmwares pxe rom in guests uses the giaddr (the address of the dhcp
relay) as the default ip gateway.
this is a problem if you're running carped firewalls, because you'll
be running a dhcrelay on each of them attached to the "hardware"
interface, not the carped interface. if the vmware client requesting
the dhcp release gets a response via the backup firewall, it will
then try to tftp by using the backup firewalls hardware ip as its
gateway, not the ip on the carp interface. that in turn means
tftp-proxy will insert rules on the backup, but the replies from
the tftp server to the client will be sent via the actual carp
master, which doesnt have the tftp rules and will block them.
this diff zeroes out the giaddr in dhcp replies so vmware cant be
stupid and use it as the ip gateway address.
im not sure this is the right way to fix the problem.
Index: dhcrelay.c
===================================================================
RCS file: /cvs/src/usr.sbin/dhcrelay/dhcrelay.c,v
retrieving revision 1.35
diff -u -p -r1.35 dhcrelay.c
--- dhcrelay.c 21 Jun 2011 17:31:07 -0000 1.35
+++ dhcrelay.c 18 Aug 2011 03:56:51 -0000
@@ -269,6 +269,8 @@ relay(struct interface_info *ip, struct
return;
}
+ packet->giaddr.s_addr = 0x0;
+
if (send_packet(interfaces, packet, length,
interfaces->primary_address, &to, &hto) != -1)
debug("forwarded BOOTREPLY for %s to %s",
