SPAM: dhcpd Doesn't Run
Folks, I'm running a 2-subnet LAN with SUSE Pro 9.3 as the server, which is also running a dhcp server, and a dual bootable WinXP/SUSE Pro 9.3 laptop on one subnet and a Win2k PC on the other. I'm unable to get IP addresses for the PC or the laptop; I've been wracking my brains over this for a few days now, and I could use some pointers. Using the PC as an example (I get the same results from the laptop, whether as XP or SUSE), the following is what I've been able to find (appended as quotations): a jobs request implies that the dhcpd is running:
ps ax | grep dhcp 7735 ? Ss 0:00 /usr/sbin/dhcpd -chroot /var/lib/dhcp/ -lf /db/dhcpd.leases -user dhcpd -group nogroup eth0
yet dhcping gets a "no answer" response when it's run. The laptop (as SUSE) has a <dhcpd-eth1.timestamp> file, but it's empty. ethereal traces, on both the PC and the server, run until the PC autoconfigured to an IP address of 168.254.something.something shows the PC sending a brief series of DHCP DISCOVER messages to 0.0.0.0 255.255.255.255 (which should be correct) and the server receiving them, but absolutely no response at all from the dhcpd. the server's rc.dhcpd.log has the following:
Internet Systems Consortium DHCP Server V3.0.2 Copyright 2004 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/ Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file lease 192.168.1.9: no subnet. lease 192.168.1.8: no subnet. Wrote 0 deleted host decls to leases file. Wrote 0 new dynamic host decls to leases file. Wrote 1 leases to leases file. Listening on Socket/eth0/192.168.1.0/24 Sending on Socket/eth0/192.168.1.0/24 Sending on Socket/fallback/fallback-net
This implies, to my newbie eyes, that the daemon is dealing only with the .1.0 interface (which faces the Internet), and not with the two subnets (which are .2.0 and .3.0)? my dhcpd.conf file contains the following (failed experiments, and all):
# Test Accounting Inc default-lease-time 86400; max-lease-time 172800; default-lease-time 86400;
option ntp-servers 192.168.2.2; option domain-name "test.biz"; # option domain-name-servers 192.168.1.2, 192.168.2.2, 192.168.3.1; option domain-name-servers 192.168.1.2, 192.168.2.2, 192.168.3.1, 4.2.2.2; option netbios-name-servers 192.168.1.2, 192.168.2.2, 192.168.3.1; ### NOTE ### # netbios-node-type=8 means set clients to Hybrid Mode # so they will use Unicast communications with the WINS # server and thus reduce the level of UDP broadcast # traffic by up to 90%. ############ option netbios-node-type 8; # Enable Dynamic DNS ddns-updates on; ddns-update-style interim;
subnet 192.168.3.0 netmask 255.255.255.0 { range dynamic-bootp 192.168.3.3 192.168.3.9; option subnet-mask 255.255.255.0; option routers 192.168.3.1; # added 271205 to see if dhcp will start occurring option static-routes 0.0.0.0 192.168.3.1; allow unknown-clients; }
subnet 192.168.2.0 netmask 255.255.255.0 { range dynamic-bootp 192.168.2.2 192.168.2.9; option subnet-mask 255.255.255.0; option routers 192.168.2.2; # added 271205 to see if dhcp will start occurring option static-routes 0.0.0.0 192.168.2.2; allow unknown-clients; }
subnet 127.0.0.0 netmask 255.0.0.0 { }
subnet 192.168.1.0 netmask 255.255.255.0 { # commented out the following to see if that's what's blocking dhcp from occurring # range dynamic-bootp 192.168.1.3 192.168.1.9; host ML1450 { hardware ethernet 00:C0:02:D6:C4:64; fixed-address 192.168.1.10; } }
It seems that having the dhcp daemon cycling, and actually running and responding, are two different things (unless the daemon really is listening only on the Net facing interface? If so, then how do I get it to deal with the two subnets, also?) I really appreciate your help. Eric Hines There is no nonsense so errant that it cannot be made the creed of the vast majority by adequate governmental action. --Bertrand Russell
Not sure why this got labeled spam--it's not. Eric Hines At 12/27/05 16:45, you wrote:
<snip>
There is no nonsense so errant that it cannot be made the creed of the vast majority by adequate governmental action. --Bertrand Russell
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2005-12-27 at 16:48 -0600, Eric Hines wrote:
Not sure why this got labeled spam--it's not.
As I run my own spamassassin locally, I can not see the SA headers added by SuSE servers. My guess is that you probably hit the bayes filter somehow, but it is a wild guess. My SA says: BIZ_TLD - Contains an URL in the BIZ top-level domain That gives around 2 points of "spamminess". It could be the line "For info, please visit..." from the log excerpt you included. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFDsec4tTMYHG2NR9URAtZuAJ9ngY9Kpkdh9X7beOrN2mAhPpV3+QCbBzou fcMu1kGMCeEpm3/caNJtRtw= =YVWe -----END PGP SIGNATURE-----
At 12/27/05 19:15, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Tuesday 2005-12-27 at 16:48 -0600, Eric Hines wrote:
Not sure why this got labeled spam--it's not.
As I run my own spamassassin locally, I can not see the SA headers added by SuSE servers. My guess is that you probably hit the bayes filter somehow, but it is a wild guess.
My SA says:
BIZ_TLD - Contains an URL in the BIZ top-level domain
That gives around 2 points of "spamminess". It could be the line "For info, please visit..." from the log excerpt you included.
- -- Cheers, Carlos Robinson
Yeah, and even though it's pasted in as a quote, the URL is functional. That's the most likely reason I've heard, and I need to be more careful about such in future. Thanks Eric Hines There is no nonsense so errant that it cannot be made the creed of the vast majority by adequate governmental action. --Bertrand Russell
On Tuesday 27 December 2005 17:45, Eric Hines wrote: <big snippage> Hi Eric, What's upstream from your server? How is your Internet connection obtained? regards, - Carl
At 12/27/05 17:12, Carl Hartung wrote:
On Tuesday 27 December 2005 17:45, Eric Hines wrote: <big snippage>
Hi Eric,
What's upstream from your server? How is your Internet connection obtained?
regards,
- Carl
My server feeds into our Linksys router/switch that does firewall and NAT. That connects to our cable modem, and then to our ISP. But I've sent emails to this list before; this is the first time I've had that label attached. Is it because I included a command line command? But I've done that on rare occasions, too, and received them, as well. Thanks Eric Hines There is no nonsense so errant that it cannot be made the creed of the vast majority by adequate governmental action. --Bertrand Russell
At 12/27/05 17:12, Carl Hartung wrote:
On Tuesday 27 December 2005 17:45, Eric Hines wrote: <big snippage>
Hi Eric,
What's upstream from your server? How is your Internet connection obtained?
regards,
- Carl
Oh, now I see the _big_ snippage note. What's upstream of my server is as I described just a bit ago. However, the two subnets, .2.0 and .3.0, are set up (or are supposed to be set up) to go through the Internet-facing NIC--the one that's on .1.0. One addendum that I should have mentioned in the snippage part is that the Lynksys is at 192.168.1.1 (which is why the server is at .1.2) and is the default gateway for both the server and for any devices not hooked through the server. My wife, for instance, runs her business laptop directly to the Linksys so she's not effected by any of this. However, one time she booted up while I had my server running, and her laptop got an IP address from the dhcpd running on the server (discernible by the scope which the address fit--the server and the Linksys have, of course, different scopes). She had to have gone into the server through the Linksys. However, that address was useless, in that with it, she had no Internet access. Thanks Eric Hines There is no nonsense so errant that it cannot be made the creed of the vast majority by adequate governmental action. --Bertrand Russell
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2005-12-27 at 16:45 -0600, Eric Hines wrote:
This implies, to my newbie eyes, that the daemon is dealing only with the .1.0 interface (which faces the Internet), and not with the two subnets (which are .2.0 and .3.0)?
In /etc/sysconfig/dhcpd, define "DHCPD_INTERFACE" as appropiate. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFDsdeEtTMYHG2NR9URAhRfAJkBi692ZiyiJa9CiLxA/dW8EwUrewCfY0UH 7WHcOMpYA0OSKFqmOj1gpxg= =sQku -----END PGP SIGNATURE-----
At 12/27/05 18:08, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Tuesday 2005-12-27 at 16:45 -0600, Eric Hines wrote:
This implies, to my newbie eyes, that the daemon is dealing only with the .1.0 interface (which faces the Internet), and not with the two subnets (which are .2.0 and .3.0)?
In /etc/sysconfig/dhcpd, define "DHCPD_INTERFACE" as appropiate.
- -- Cheers, Carlos Robinson
Added both NICs to the one (which was the NIC facing the Internet) already in DHCPD_INTERFACE and restarted dhcpd. rc.dhcpd.log confirms that the daemon now is listening on all three NICs. That works like a champ. Thanks a million. Eric Hines There is no nonsense so errant that it cannot be made the creed of the vast majority by adequate governmental action. --Bertrand Russell
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2005-12-27 at 21:21 -0600, Eric Hines wrote:
Added both NICs to the one (which was the NIC facing the Internet) already in DHCPD_INTERFACE and restarted dhcpd. rc.dhcpd.log confirms that the daemon now is listening on all three NICs. That works like a champ.
But... do you really need a dhcpd _server_ in the interface on the internet side?
Thanks a million.
Welcome :-) - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFDsocAtTMYHG2NR9URAhVeAJ9d8xDyrx499LkQKU3RrfVcDKmIPQCfWrod ONg4k5wrr6V4TuY3LfC5BeE= =kJn9 -----END PGP SIGNATURE-----
At 12/28/05 06:37, you wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Tuesday 2005-12-27 at 21:21 -0600, Eric Hines wrote:
Added both NICs to the one (which was the NIC facing the Internet) already in DHCPD_INTERFACE and restarted dhcpd. rc.dhcpd.log confirms that the daemon now is listening on all three NICs. That works like a champ.
But... do you really need a dhcpd _server_ in the interface on the internet side?
I think so. What I'm doing is teaching myself Linux and Samba, and getting this setup to work is an exercise along that path, and teaching me a bit about DHCP and DNS, also (I've still not got name resolution working correctly within the LAN, but that's another problem for me to work). If my dhcpd.conf file came through in this thread, you were able to see that I have my printer right up there with the one NIC facing the Net--that's a terrible place to stick a printer. However, until I get around to figuring out how to put the printer on one subnet and have it available to the other subnet, this is where it needs to be. I can get away with this arrangement, for a bit, because the whole shebang sits behind a separate router/switch that's my firewall. The ultimate configuration, though, after I've learned enough to get really dangerous, is to have just the one NIC (and server) facing the NET and handling the various services--mail, browsing, etc--for the two subnets, one of which will be for my wife and the other for me, with the server also being a Samba server for print handling, data back ups, etc. And for the sake of this (probably unnecessarily, but it's an exercise for the student), I want the server to do the DHCP and DNS stuff for the LAN, also. This is overkill for a dinky little LAN, but I'm also hoping this will give me enough skills that I can leave my current job and go do something interesting. Eric Hines There is no nonsense so errant that it cannot be made the creed of the vast majority by adequate governmental action. --Bertrand Russell
On Wed, 2005-12-28 at 08:17 -0600, Eric Hines wrote:
At 12/28/05 06:37, you wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Tuesday 2005-12-27 at 21:21 -0600, Eric Hines wrote:
Added both NICs to the one (which was the NIC facing the Internet) already in DHCPD_INTERFACE and restarted dhcpd. rc.dhcpd.log confirms that the daemon now is listening on all three NICs. That works like a champ.
But... do you really need a dhcpd _server_ in the interface on the internet side?
I think so. What I'm doing is teaching myself Linux and Samba, and getting this setup to work is an exercise along that path, and teaching me a bit about DHCP and DNS, also (I've still not got name resolution working correctly within the LAN, but that's another problem for me to work). If my dhcpd.conf file came through in this thread, you were able to see that I have my printer right up there with the one NIC facing the Net--that's a terrible place to stick a printer. However, until I get around to figuring out how to put the printer on one subnet and have it available to the other subnet, this is where it needs to be. I can get away with this arrangement, for a bit, because the whole shebang sits behind a separate router/switch that's my firewall.
The ultimate configuration, though, after I've learned enough to get really dangerous, is to have just the one NIC (and server) facing the NET and handling the various services--mail, browsing, etc--for the two subnets, one of which will be for my wife and the other for me,
Why do you think you need two separate subnets for you and your wife?
with the server also being a Samba server for print handling, data back ups, etc.
If this server is going to be connected to the internet I highly suggest -not- keeping important data on it.
And for the sake of this (probably unnecessarily, but it's an exercise for the student), I want the server to do the DHCP and DNS stuff for the LAN, also.
This is overkill for a dinky little LAN, but I'm also hoping this will give me enough skills that I can leave my current job and go do something interesting.
To be quite honest it will take more than a little tinkering in your home lan to get the "interesting" jobs. It will require formal training and practical experience. A CCNA cert from Cisco won't hurt either. Better to buy a couple of books. O'Reilly has many good books to choose from. DNS and BIND is very good for learning about DNS. I am sure they have one for DHCP as well. Better to do a little reading before getting the wife mad and upset as to why see can't reach the internet or print. http://www.oreilly.com/ These are a couple of snippets that deal with DHCP and subnets. http://www.onlamp.com/pub/a/bsd/2003/05/15/FreeBSD_Basics.html http://www.onlamp.com/pub/a/bsd/2003/04/17/FreeBSD_Basics.html -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998
At 12/28/05 08:49, you wrote:
On Wed, 2005-12-28 at 08:17 -0600, Eric Hines wrote:
A<snip>
The ultimate configuration, though, after I've learned enough to get really dangerous, is to have just the one NIC (and server) facing the NET and handling the various services--mail, browsing, etc--for the two subnets, one of which will be for my wife and the other for me,
Why do you think you need two separate subnets for you and your wife?
We each do a fair amount of work-related stuff at home. The separation may be overkill (and inadequate), but it's a holdover from our USAF days when we also didn't talk to each other about what we did because of what that was and the clearances involved.
<snip>
This is overkill for a dinky little LAN, but I'm also hoping this will give me enough skills that I can leave my current job and go do something interesting.
To be quite honest it will take more than a little tinkering in your home lan to get the "interesting" jobs. It will require formal training and practical experience. A CCNA cert from Cisco won't hurt either.
Better to buy a couple of books. O'Reilly has many good books to choose from. DNS and BIND is very good for learning about DNS. I am sure they have one for DHCP as well. Better to do a little reading before getting the wife mad and upset as to why see can't reach the internet or print.
These are a couple of snippets that deal with DHCP and subnets.
http://www.onlamp.com/pub/a/bsd/2003/05/15/FreeBSD_Basics.html http://www.onlamp.com/pub/a/bsd/2003/04/17/FreeBSD_Basics.html
I was unclear here. I didn't intend to putz around a bit and then go throw my shoes onto someone's desk and expect to get picked up. The formal training and certs are certainly on my list. I'm already in the reading program (thanks for the FreeBSD point outs--I'd missed those). But before I drop a dime on the formal training and the cert training/testing, I'm going through this little bit to see whether I have the aptitude for this work, and to see whether this work is what interests me (I've already changed careers radically 4 times; now I have to worry about continuity so my retirement doesn't leave me a burden on my family or on the US' version of the dole). Not to cut anything off, but that's probably enough bandwidth on this subject. My email is in the header if anyone wants to continue this privately; I'm certainly willing. Thanks Eric Hines There is no nonsense so errant that it cannot be made the creed of the vast majority by adequate governmental action. --Bertrand Russell
participants (4)
-
Carl Hartung -
Carlos E. R. -
Eric Hines -
Ken Schneider