On Wed, Sep 08, 2004 at 06:55:40PM +0200, Webmaster wrote:
Wie sieht es mit der Doku von DHCPD aus????? Gelesen und beachtet, es gibt ein sehr gutes howto dazu:
http://www.linuxhaven.de/dlhp/HOWTO/DE-Netzwerk-HOWTO-7.html
Das Howto und alle unten genannten Hinweise sind fuer das Problem hier vollkommen irrelevant.
Beachten Sie bitte: im Kernel muß »Multicasting« aktiviert sein.
Editieren Sie die Datei /etc/rc.d/rc.local, um sicherzustellen, daß diese einen Routing-Eintrag für »255.255.255.255« enthält.
Zitat aus der dhcpd README:
"In order for dhcpd to work correctly with picky DHCP clients (e.g., Windows 95), it must be able to send packets with an IP destination address of 255.255.255.255. Unfortunately, Linux insists on changing 255.255.255.255 into the local subnet broadcast address (in this case, the address would be 192.5.5.223). This results in a DHCP protocol violation. While many DHCP clients don't notice the problem, some (e.g., all Microsoft DHCP clients) will recognize the violation. Clients that have this problem will appear not to see DHCPOFFER messages from the server." Führen Sie als root folgendes Kommando aus:
route add -host 255.255.255.255 dev eth0
Sollte die Fehlermeldung
255.255.255.255: Unknown host
auftreten, dann tragen Sie folgenden Eintrag in Ihre /etc/hosts ein:
255.255.255.255 dhcp
Ist dieser eingefügt, führen Sie folgendes Kommando aus:
route add -host dhcp dev eth0
Grüße Stephan
-----Ursprüngliche Nachricht----- Von: Lothar Vorrath [mailto:lothar@lotharvorrath.de] Gesendet: Mittwoch, 8. September 2004 15:37 An: suse-linux@suse.com Betreff: Re: dhcp / dhcpd Suse 9.1
Hallo Andreas, Am Mittwoch, 8. September 2004 14:57 schrieb Andreas Feile:
Tach,
mir fällt folgendes auf:
Lothar Vorrath, Mittwoch, 8. September 2004 14:34:
option netbios-name-servers 192.168.0.1;
Diese Option gibts in meiner man-page nicht (dhcp-server-3.0.1rc10-63), ...
allow unknown-clients;
...und diese auch nicht. Startet der dhcpd wirklich fehlerfrei hoch? Was sagt ein tail -f /var/log/messages | grep dhcp während des Starts? Hast Du vielleicht eine Firewall am laufen, die die Anfragen blockt?
-- Antworten an lists@feile.net werden in /dev/null archiviert! Bitte ggf. lists... durch mail... ersetzen.
Andreas Feile www.feile.net
erstmal vielen Dank für deine Antwort. Die Option allow unknown-clients steht in "man dhcpd.conf". Die andere Option hab ich auch irgendwo her, aber finde das im Moment nicht. Allerdings sind beide Option erst nachdem es klappte von mir eingefügt worden. Hier mal das Protokoll bei Start von dhcpd
Sep 8 15:27:48 tux su: (to root) lothar on /dev/pts/2 Sep 8 15:27:48 tux su: pam_unix2: session started for user root, service su Sep 8 15:28:02 tux dhcpd: Internet Software Consortium DHCP Server V3.0.1rc13 Sep 8 15:28:02 tux dhcpd: Copyright 1995-2003 Internet Software Consortium. Sep 8 15:28:02 tux dhcpd: All rights reserved. Sep 8 15:28:02 tux dhcpd: For info, please visit http://www.isc.org/products/DHCP Sep 8 15:28:02 tux dhcpd: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file Sep 8 15:28:02 tux dhcpd: Internet Software Consortium DHCP Server V3.0.1rc13 Sep 8 15:28:02 tux dhcpd: Copyright 1995-2003 Internet Software Consortium. Sep 8 15:28:02 tux dhcpd: All rights reserved. Sep 8 15:28:02 tux dhcpd: For info, please visit http://www.isc.org/products/DHCP Sep 8 15:28:02 tux dhcpd: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file Sep 8 15:28:02 tux dhcpd: Wrote 0 leases to leases file. Sep 8 15:28:02 tux dhcpd: Listening on Socket/eth1/192.168.0.0/24 Sep 8 15:28:02 tux dhcpd: Sending on Socket/eth1/192.168.0.0/24 Sep 8 15:28:02 tux dhcpd: Sending on Socket/fallback/fallback-net
Das interne Netz sollte eigentlich alles können.
Ein iptables -L ergibt tux:/home/lothar # iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere bad_packets all -- anywhere anywhere DROP all -- anywhere ALL-SYSTEMS.MCAST.NET ACCEPT all -- 192.168.0.0/24 anywhere ACCEPT all -- anywhere 192.168.0.255 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED tcp_inbound tcp -- anywhere anywhere udp_inbound udp -- anywhere anywhere icmp_packets icmp -- anywhere anywhere DROP all -- anywhere 255.255.255.255
Chain FORWARD (policy DROP) target prot opt source destination bad_packets all -- anywhere anywhere tcp_outbound tcp -- anywhere anywhere udp_outbound udp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain OUTPUT (policy DROP) target prot opt source destination DROP icmp -- anywhere anywhere state INVALID ACCEPT all -- localhost anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- tux.vorrath.home anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere LOG all -- anywhere anywhere limit: avg 3/min burst 3 LOG level warning prefix `OUTPUT packet died: '
Chain bad_packets (2 references) target prot opt source destination LOG all -- anywhere anywhere state INVALID LOG level warning prefix `Invalid packet: ' DROP all -- anywhere anywhere state INVALID bad_tcp_packets tcp -- anywhere anywhere RETURN all -- anywhere anywhere
Chain bad_tcp_packets (1 references) target prot opt source destination RETURN tcp -- anywhere anywhere LOG tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN state NEW LOG level warning prefix `New not syn: ' DROP tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN state NEW RETURN tcp -- anywhere anywhere
Chain icmp_packets (1 references) target prot opt source destination LOG icmp -f anywhere anywhere LOG level warning prefix `ICMP Fragment: ' DROP icmp -f anywhere anywhere LOG icmp -- anywhere anywhere icmp echo-request LOG level warning prefix `Ping detected: ' ACCEPT icmp -- anywhere anywhere icmp echo-request DROP icmp -- anywhere anywhere icmp echo-request ACCEPT icmp -- anywhere anywhere icmp time-exceeded RETURN icmp -- anywhere anywhere
Chain tcp_inbound (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:http RETURN tcp -- anywhere anywhere
Chain tcp_outbound (1 references) target prot opt source destination REJECT tcp -- anywhere anywhere tcp dpt:irc reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:telnet reject-with icmp-port-unreachable ACCEPT tcp -- anywhere anywhere
Chain udp_inbound (1 references) target prot opt source destination DROP udp -- anywhere anywhere udp dpt:netbios-ns DROP udp -- anywhere anywhere udp dpt:netbios-dgm ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc RETURN udp -- anywhere anywhere
Chain udp_outbound (1 references) target prot opt source destination ACCEPT udp -- anywhere anywhere
Lothar
Peter