Prev: FTP account forwarding
Next: How to use nmap to discover IPs and mac addresses.
From: itba on 1 Jun 2010 10:45
Pascal Hambourg wrote on 06/01/2010 09:17 ET :
> Hello,
>
> Tauno Voipio a écrit :
>>
>> The DHCP server in dnsmasq ia a simple one intended for a
>> simple single network. Install a dedicated DHCP server
>> instead and disable the DHCP service in dnsmasq.
>>
>>
>>
> Or maybe each VLAN should have a dedicated instance of dnsmasq serving a
> single IP subnet.
>
>> How do you intend to tell the server which VLAN a
>> client is intended to go? The operating system
>> is not telling the server which VLAN was used
>> for the requests.
>>
>>
>>
> According to the log, it is. What puzzles me is how the hell the same
> request is received on each VLAN.
>
"According to the log, it is. What puzzles me is how the hell the same
request is received on each VLAN."
that's exactly what is confusing me,
maybe since DHCP REQUESTs are Broadcast has something to do,
But linux should be identify this broadcast for this particular subinterface,
right ? so dnsmasq only must reply by the same VLAN I think
From: Pascal Hambourg on 1 Jun 2010 11:09
itba a �crit :
> Pascal Hambourg wrote on 06/01/2010 09:17 ET :
>>
>> What puzzles me is how the hell the same
>> request is received on each VLAN.
>
> "According to the log, it is. What puzzles me is how the hell the same
> request is received on each VLAN."

This is Usenet here, not some web forum. Please don't requote nor use
those """ tags.

> that's exactly what is confusing me,
> maybe since DHCP REQUESTs are Broadcast has something to do,

AFAIK, broadcast is VLAN-specific. Could it be the switch attached to
eth0 that forwards broadcasts on all VLAN ? If you have some spare time
it may be interesting to run a packet sniffer (showing ethernet header,
e.g. tcpdump -e -i eth0) on eth0 to check whether multiples copies of
each packet are actually received with each VLAN ID tag or there is
something wrong in the internal VLAN logic of the box.

> But linux should be identify this broadcast for this particular subinterface,

Indeed.

> right ? so dnsmasq only must reply by the same VLAN I think

It receives the same request on each VLAN so it replies on each VLAN
too. From this point of view, dnsmasq is consistant.
From: itba on 2 Jun 2010 10:40
Tauno Voipio wrote on 06/01/2010 09:43 ET :
> On 1.6.10 4:17 , Pascal Hambourg wrote:
>> Hello,
>>
>> Tauno Voipio a écrit :
>>>
>>> The DHCP server in dnsmasq ia a simple one intended for a
>>> simple single network. Install a dedicated DHCP server
>>> instead and disable the DHCP service in dnsmasq.
>>>
>>>
>>
>> Or maybe each VLAN should have a dedicated instance of dnsmasq serving a
>> single IP subnet.
>>
>>> How do you intend to tell the server which VLAN a
>>> client is intended to go? The operating system
>>> is not telling the server which VLAN was used
>>> for the requests.
>>>
>>>
>>
>> According to the log, it is. What puzzles me is how the hell the same
>> request is received on each VLAN.
>>
>>
>>
>>
> The DHCPDISCOVER message is an UDP broadcast. It seems to me that
> the VLAN association is not forwarded to the server process, but
> it responds to the broadcast with all the associations it knows.
>
> Getting multiple DHCPOFFERS is not a breach of the DHCP protocol.
> The client is free to pick the server it wants to proceed with.
>
> The DHCP server in dnsmasq is a rudimentary one. Please start with
> a dedicated DHCP server, like dhcp3.
>
>
> Tauno Voipio
> tauno voipio (at) iki fi
>
Yes, it seems DHCP Discover isn't associating whit the right vlan,
so I could try whit dhcp3 instead, but if this is a OS problem I can't see
how dhcp3 would help me.
From: Tauno Voipio on 2 Jun 2010 11:44
On 2.6.10 5:40 , itba wrote:
> Tauno Voipio wrote on 06/01/2010 09:43 ET :
>> On 1.6.10 4:17 , Pascal Hambourg wrote:
>>> Hello,
>>>
>>> Tauno Voipio aécrit :
>>>>
>>>> The DHCP server in dnsmasq ia a simple one intended for a
>>>> simple single network. Install a dedicated DHCP server
>>>> instead and disable the DHCP service in dnsmasq.
>>>>
>>>>
>>>
>>> Or maybe each VLAN should have a dedicated instance of dnsmasq serving a
>>> single IP subnet.
>>>
>>>> How do you intend to tell the server which VLAN a
>>>> client is intended to go? The operating system
>>>> is not telling the server which VLAN was used
>>>> for the requests.
>>>>
>>>>
>>>
>>> According to the log, it is. What puzzles me is how the hell the same
>>> request is received on each VLAN.
>>>
>>>
>>>
>>>
>> The DHCPDISCOVER message is an UDP broadcast. It seems to me that
>> the VLAN association is not forwarded to the server process, but
>> it responds to the broadcast with all the associations it knows.
>>
>> Getting multiple DHCPOFFERS is not a breach of the DHCP protocol.
>> The client is free to pick the server it wants to proceed with.
>>
>> The DHCP server in dnsmasq is a rudimentary one. Please start with
>> a dedicated DHCP server, like dhcp3.
>>
>>
>> Tauno Voipio
>> tauno voipio (at) iki fi
>>
> Yes, it seems DHCP Discover isn't associating whit the right vlan,
> so I could try whit dhcp3 instead, but if this is a OS problem I can't see
> how dhcp3 would help me.


IIRC (sorry no manuals available to me now), dhcp3 can associate
an instance of the program with a specific interface. I have never
tried it with VLANs, though.

I'd try to start 3 copies of dhcp3, one for each VLAN. You cannot do
the same with dnsmasq, as it would mess up the DNS part.

--

Tauno Voipio
tauno voipio (at) iki fi

From: itba on 2 Jun 2010 12:03
Pascal Hambourg wrote on 06/01/2010 11:09 ET :
> itba a écrit :
>> Pascal Hambourg wrote on 06/01/2010 09:17 ET :
>>>
>>> What puzzles me is how the hell the same
>>> request is received on each VLAN.
>>>
>>>
>>
>> "According to the log, it is. What puzzles me is how the hell the
>> same
>> request is received on each VLAN."
>>
>>
>>
> This is Usenet here, not some web forum. Please don't requote nor use
> those """ tags.
>
>> that's exactly what is confusing me,
>> maybe since DHCP REQUESTs are Broadcast has something to do,
>>
>>
>>
> AFAIK, broadcast is VLAN-specific. Could it be the switch attached to
> eth0 that forwards broadcasts on all VLAN ? If you have some spare time
> it may be interesting to run a packet sniffer (showing ethernet header,
> e.g. tcpdump -e -i eth0) on eth0 to check whether multiples copies of
> each packet are actually received with each VLAN ID tag or there is
> something wrong in the internal VLAN logic of the box.
>
>> But linux should be identify this broadcast for this particular
subinterface,
>>
>>
>>
> Indeed.
>
>> right ? so dnsmasq only must reply by the same VLAN I think
>>
>>
>>
> It receives the same request on each VLAN so it replies on each VLAN
> too. From this point of view, dnsmasq is consistant.
>
Hi Pascal,
I like your point of view, while thinking about you said, I made some dump of
traffic from eth0 (which contains eth0.100,eth0.200 and eth0.300), where all
things are messing up. Here is a log from tcpdump:
$> tcpdump -e -i eth0 > /tmp/dump-eth0.txt
$> grep DHCP /tmp/dump-eth0.txt

11:14:54.247429 00:0b:5d:b8:09:b0 (oui Unknown) > Broadcast, ethertype
802.1Q
(0x8100), length 594: vlan 300, p 0, ethertype IPv4, 0.0.0.0.bootpc >
255.255.255.255.bootps: BOOTP/DHCP, Request from 00:0b:5d:b8:09:b0 (oui
Unknown), length 548
11:14:54.247450 00:0b:5d:b8:09:b0 (oui Unknown) > Broadcast, ethertype
802.1Q
(0x8100), length 594: vlan 100, p 0, ethertype IPv4, 0.0.0.0.bootpc >
255.255.255.255.bootps: BOOTP/DHCP, Request from 00:0b:5d:b8:09:b0 (oui
Unknown), length 548
11:14:54.247827 00:0b:5d:b8:09:b0 (oui Unknown) > Broadcast, ethertype
802.1Q
(0x8100), length 594: vlan 200, p 0, ethertype IPv4, 0.0.0.0.bootpc >
255.255.255.255.bootps: BOOTP/DHCP, Request from 00:0b:5d:b8:09:b0 (oui
Unknown), length 548

11:15:02.288755 00:0b:5d:b8:09:b0 (oui Unknown) > Broadcast, ethertype
802.1Q
(0x8100), length 594: vlan 300, p 0, ethertype IPv4, 0.0.0.0.bootpc >
255.255.255.255.bootps: BOOTP/DHCP, Request from 00:0b:5d:b8:09:b0 (oui
Unknown), length 548
11:15:02.288770 00:0b:5d:b8:09:b0 (oui Unknown) > Broadcast, ethertype
802.1Q
(0x8100), length 594: vlan 100, p 0, ethertype IPv4, 0.0.0.0.bootpc >
255.255.255.255.bootps: BOOTP/DHCP, Request from 00:0b:5d:b8:09:b0 (oui
Unknown), length 548
11:15:02.289136 00:0b:5d:b8:09:b0 (oui Unknown) > Broadcast, ethertype
802.1Q
(0x8100), length 594: vlan 200, p 0, ethertype IPv4, 0.0.0.0.bootpc >
255.255.255.255.bootps: BOOTP/DHCP, Request from 00:0b:5d:b8:09:b0 (oui
Unknown), length 548


Here can we see again how this packets are received by all subinterfaces.
What you think about this log ?
First  |  Prev  |  Next  |  Last
Pages: 1 2 3
Prev: FTP account forwarding
Next: How to use nmap to discover IPs and mac addresses.