Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
If I am not wrong please check your mask values ...
255.255.255.Subnet value
For example 64 IP pool it is 252.
If you're wanting to use the 192.168.160.* pool range you should have your mask set to 255.255.128.0, if my math is on. That's also assuming the problem isn't elsewhere.
Are you running multiple routers? What's your topo?
ipcalc takes an IP address and netmask and calculates the resulting broadcast, network, Cisco wildcard mask, and host range. By giving a second netmask, you can design sub- and supernetworks. It is also intended to be a teaching tool and presents the results as easy-to-understand binary values.
At one time, there was a simpler program of the same name that came w/ RH 7.2, 8.0 etc. I don't know if it's still around, but make sure you get the right one. FWIW, it's in both the MEPIS & Debian repo's that I checked.
I'm sorry for all, but I don't understand what is the point with netmask.
I'm not working with sub-nets. There is only one standard C class /24 here.
Am I missing something ?
The point is not to get to work with sub-class, but why the workstations are not getting addresses from pool B.
Or are you saying I could get this to work if I use subnets instead a plain class C ?
I never setup a DHCP server with pools, so I am not sure if this is the way to use pools, or even if pools could do what I am looking for.
A router is automatically the boundary of a (sub)network , and you have 3 different network setups.
You need to define 3 subnets.
Easy way :
unknown clients 192.168.160.0 , netmask 255.255.255.0
known clients 192.168.160.1 , netmask 255.255.255.0
fixed address 192.168.160.2 , netmask 255.255.255.0
If you want to keep it in the same C-class adress keep in mind that subnets always start at n^2 and end at (n+1)^2 - 1 :
ex : 0-127 , 128-131 , 192 - 223
pools can have permit lists that control which clients are allowed access to the pool and which aren't. Each entry in a pool's permit list is introduced with the allow or deny keyword. If a pool has a permit list, then only those clients that match specific entries on the permit list will be eligible to be assigned addresses from the pool.
Code:
subnet 10.0.0.0 netmask 255.255.255.0 {
option routers 10.0.0.254;
# Unknown clients get this pool.
pool {
option domain-name-servers bogus.example.com;
max-lease-time 300;
range 10.0.0.200 10.0.0.253;
allow unknown-clients;
}
# Known clients get this pool.
pool {
option domain-name-servers ns1.example.com, ns2.example.com;
max-lease-time 28800;
range 10.0.0.5 10.0.0.199;
deny unknown-clients;
}
}
Quote:
REFERENCE: ALLOW AND DENY
The allow and deny statements can be used to control the response of
the DHCP server to various sorts of requests. The allow and deny key-
words actually have different meanings depending on the context. In a
pool context, these keywords can be used to set up access lists for
address allocation pools. In other contexts, the keywords simply con-
trol general server behavior with respect to clients based on scope.
In a non-pool context, the ignore keyword can be used in place of the
deny keyword to prevent logging of denied requests.
Might want to check back with the docs for how to create the lists and their proper usage.....
Because we have people (in range A) who has internet access through our proxy (192.168.160.251) only, and people (in range B) who has full internet access through our firewall/gateway ((192.168.160.252).
The firewall allow internet access to a range of IPs, in this case, range B.
Anyone can connect to our internal network and get an address from range A.
To get an IP from range B, we need to specify its MAC address at your DHCP server.
That is the general idea.
Your question is a good question, because other can propose a new setup that satisfy theses requirements. My original post is my attempt to implement that requirements, but any other approach is valid.
I have a lot of people on both scenarios. I don't want to deal with IP assignments manually. This is my current status, I mean, I need to figure out a valid/free IP from range B to assign it to a temporary host. I have far more hosts in range B than the range itself, but only a small set is on-line at any time. So, I can't make static assignments.
Group A : dhcp address, router proxy 192.168.160.251
Groub B : dhcp address, router firewall/gateway 192.168.160.252
Group C : uses fixed ip-adresses and router 192.168.160.253
try something like this (changes are in bold):
Code:
subnet 192.168.160.0 netmask 255.255.255.0 {
pool {
range 192.168.160.1 192.168.160.127; # range A
option routers 192.168.160.251;
deny known-clients;
allow unknown-clients;
}
pool {
range 192.168.160.128 192.168.160.148; # Range B
option routers 192.168.160.252;
deny unknown-clients;
host h2 {
hardware ethernet 11:15:c5:39:14:42;
}
}
pool {
range 192.168.160.x 192.168.160.y; # Range C
option routers 192.168.160.253;
host h3 {
hardware ethernet 10:25:c6:76:34:02;
fixed-address 192.168.160.200
}
}
}
Notes :
- to keep things clear you should have 3 pools
- replace x and y with appropriate values for range c
- While this may not be the most efficient setup, it should do what you want.
Last edited by Lone_Wolf; 09-18-2007 at 04:17 AM.
Reason: typos
I have tried your suggestion, no luck.
Host h2 still getting an address from range A. looks like it is a unknown client for dhcp server...
An even worse, I am getting the following error message:
Code:
Dynamic and static leases present for 192.168.160.200.
Remove host declaration h3 or remove 192.168.160.200
from the dynamic address pool for 192.168.160/24
I am starting to think the host declaration is not the proper way to declare a host as a know-client.
I will investigate this....
In the mean time, if one has any information about this, I appreciate the enlightenment....
it gets an address from range A, not B. By the way, I am trying to setup this using pools:
Code:
subnet 192.168.160.0 netmask 255.255.255.0 {
pool {
range 192.168.160.1 192.168.160.128; # range A
option routers 192.168.160.251;
allow unknown-clients;
}
pool {
range 192.168.160.129 192.168.160.148; # Range B
option routers 192.168.160.252;
deny unknown-clients;
host h2 {
hardware ethernet 11:15:c5:39:14:42;
option routers 192.168.160.252;
}
}
host h3{
hardware ethernet 10:25:c6:76:34:02;
fixed-address 192.168.160.200
option routers 192.168.160.253;
}
}
Ok, first I missed part of the initial statement. My bad.
It looks like your configuration is expecting a fixed address definition for any computer coming on that's unknown. Contradictory, but that's what I see. Try taking a previously unknown host and configuring it manually in your config
Code:
fixed-address ...
and see if it drops the correct address.
That's what I would suggest as a first step. If that works then the problem isn't with the server, it's with the client request formatting (I'd guess).
The following configuration file is working now, thanks for both suggestion from this forum, a carefull reading of man page, and a change on original requirements. There is no range C anymore.
Hosts supposed to get a address from range C are set using a static address in client side.
I was unable to setup the DHCP server with 3 ranges, only 2.
The first one is the range A, gateway through a proxy at 192.168.160.251; Hosts for this range are unknown, I mean, any host can get a address from this pool.
The second one is he range B, direct access to internet through gateway 192.168.160.252;
Hosts for this range are known by advance, I mean, only hosts that have a host declaration can get a address from this pool.
Code:
subnet 192.168.160.0 netmask 255.255.255.0 {
pool { #range A
allow unknown-clients;
deny known-clients;
range dynamic-bootp 192.168.160.1 192.168.160.128;
option routers 192.168.160.251; # proxy
}
pool { # range B
deny unknown-clients;
range dynamic-bootp 192.168.160.129 192.168.160.142;
}
}
# internet access group
group {
option routers 192.168.160.252; # gateway/firewall
# follow other common declarations for hosts in this group
host h21 {hardware ethernet fa:ke:00:00:00:01;}
host h22 {hardware ethernet fa:ke:00:00:00:02;}
# etc..
}
To people had suggested to use host declarations with fixed-address, I learned the fixed address must be NOT IN the pool range NEITHER IN subnet range. Otherwise I got in the log file the following error message:
Code:
Sep 17 14:43:49 bigslam dhcpd: Remove host declaration h21 or remove 192.168.160.142
Sep 17 14:43:49 bigslam dhcpd: from the dynamic address pool for 192.168.160/24
PS: well, looks like the fixed-address works with an address within the range/subnet/pool address, but I still got the warning messages in the log file. I am not sure what happens in this case. As range 3 is small, I made a choice for a clean log file.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
