DHCPD Denial

htimst · 12-31-2001, 09:41 AM

[UPDATE] I figured out how to do this...

Code:

host hostname {
hardware ethernet MAC Address ;
deny booting ;
}

Hi,

I have a linux box working as my router/gateway and a windows box with two NIC's, one with internal LAN address and one with a static address from my ADSL provider (I have 5 of them so the Linux box has one too). I use the Linux box for various things, including providing outside internet access for the 15 computers on my network. Unfortunately my linux box keeps assigning the NIC that I want an outside address, an inside address. Is there anywhere in dhcpd.conf or dhcpd.leases that I can deny assigning a certain MAC, or how would I do that?

Thanks!

Jase · 01-02-2002, 12:40 AM

hmmm,......assuming eth0 = LAN and eth1 = world. Do you mean that eth0 is getting the "world" ip? If so, edit your dhcpd start file in the /etc/init.d/ directory

Code:

# See how we were called.
case "$1" in
  start)
        # Start daemons.
        echo -n "Starting dhcpd: "
        /sbin/route add -host 255.255.255.255 dev eth0
        daemon /usr/sbin/dhcpd eth0
        echo
        touch /var/lock/subsys/dhcpd
        ;;
  stop)
        # Stop daemons.
        echo -n "Shutting down dhcpd: "
        killproc dhcpd
        echo
        rm -f /var/lock/subsys/dhcpd
        ;;

The add route line is optional depending on your firewall setup and hosts / routing setup. If this is not what you need, please let me know and I will try to help any other way I can

- Jase

htimst · 01-03-2002, 03:01 PM

Actually, what I'm looking for is the second NIC in my windows box to grab an IP address from my DSL provider instead of from my Linux box. Currently, the only way I can do that is to reboot the linux box and then renew the IP address of the windows machine before the dhcpd daemon starts. Then I get an outside IP address instead of an inside one. I have a second NIC in the windows box that grabs an inside one, but I don't want both of them to. What I'm looking for is my linux box to not give an IP address to that MAC address of my second card on my windows machine. It will grab one outside if one isn't available inside, but it grabs the inside one preferentially if they are both available. I've tried specifying IP addresses in the TCP/IP setup, but it doesn't seem to jive. Eth0=outside Eth1=inside on the linux box.

Thanks,

Tom :smash:

finegan · 01-06-2002, 10:16 AM

From what I understand of your posts, the problem is that you have two dhcp servers on your network and so one machine grabs both IPs from the same server instead of one IP from either.

You may want to look into the statement for dhcpd.conf called: shared-network

This is all under man dhcpd.conf. This would allow you to limit the addresses the dhcpd server in the Linux box is responding to... However, its not going to stop the Linux box from requesting from itself, and if it times-out... it'll get grumpy and not try for the real one.

Here's a ghettoriffic hack that may do the job:

Instead of having the ethx card initialized to aquire by using dhcpcd from boot, you might want to assign it the IP it should have on boot, and then in /etc/rc.d/rc.local (varies, but thats Slackware, RedHat and Mandrake), have it try run dhcpcd there. If the card already has an address, I think there is some high magic involved in dhcpcd (not in the man pages), that will have it try to acquire its new address from the subnet the machine is currently on. Yeah, that's pretty cheesy.

Also, you man want to hack it from the client side with using dhclient instead of dhcpcd (most distros default), which allows for tons of options I haven't ever had the need for, so I'm not too familiar with it.

Lastly, and from a security standpoint this is probably the best route, but I always suggest hardware last: buy another hub and split all of the traffic between the intranet and the ISP provided public IPs. If they're not on the same physical circuit, the cards can't ask from the same dhcp server.

Sorry I couldn't bird-dog you right at an answer, but I hope that allows for a fresh start to the problem.

Cheers,

Finegan

P.S. whoops, I got confused... ghetto-riffic hack won't work as the dhcp problem is the windows box grabbing from the wrong server... er... hmmm... yeah, if using the shared-network doesn't work, the only real option may be to buy hardware. Sorry for not paying attention.

drjimstuckinwin · 01-06-2002, 10:25 AM

Can't you just set the second card in the windoze box to static, and give it the ip you want, then you'll never have to worry about it getting the wrong address again?

finegan · 01-06-2002, 11:08 AM

Probably not as most ISPs require that the IP be garnered from their DHCP server 'before' their gateway will start forwarding packets.

Cheers,

Finegan

drjimstuckinwin · 01-06-2002, 11:34 AM

Just interpreting "with a static address from my ADSL provider (I have 5 of them so the Linux box has one too)" literally.

htimst · 01-28-2002, 06:19 PM

I've tried to assign the windows box it's static address, but it doesn't connect to the gateway when I do that. The only way for me to do it is to reboot the linux box and grab a new lease for the windows MAC address while dhcpd is not running. This is a pain as I rarely reboot my linux box and am always rebooting windows. I was just wondering if there was some convention in dhcpd.conf that said give an IP address to all that ask except him!

What happens is that the linux dhcpd server assigns very fast mostly due to a 100Mbsp connection and 6 feet of cable while the DSL provider is somewhat slower to assign so the windows box takes the first one it can get. The DSL provider always coughs up the same one to that MAC address, but not if I don't let it be done via DHCP.

What a pain. Thanks to all that have responded...I'll try and work this out a bit.

Cheers!

htimst · 02-01-2002, 09:45 AM

figured it out