dhcp config - 2 subnets on one phys net

Glenn Satchell Glenn.Satchell at uniq.com.au
Fri Sep 29 11:31:49 UTC 2006 

>X-Original-To: dhcp-users at webster.isc.org
>X-Authentication-Warning: dionis.sai.msu.ru: igor owned process doing -bs
>Date: Fri, 29 Sep 2006 13:50:21 +0400 (MSD)
>From: Igor Antokhin <igor at sai.msu.ru>
>To: dhcp-users at isc.org
>Subject: Re: dhcp config - 2 subnets on one phys net
>X-archive-position: 1865
>X-ecartis-version: Ecartis v1.0.0
>X-original-sender: igor at sai.msu.ru
>List-software: Ecartis version 1.0.0
>X-List-ID: <dhcp-users.isc.org>
>X-list: dhcp-users
>
>On Fri, 29 Sep 2006, Simon Hobson wrote:
>
>> Igor Antokhin wrote:
>>
>>> Sorry for a question from a newbie, but I could not find a clear answer to
>>> mu problem - only pieces of the puzzle...
>>>
>>> I have a computer on a physical network 195.208.220.0. It runs Linux
>>> Fedora Core 5. It is just a client machine not providing any general
>>> use services like dns printing etc. Now for some reasons I want to create
>>> a private network for my department using the same physical ethernet.
>>> I understand that what I have to do is this:
>>
>> The problem is that you CANNOT provide DHCP to only one of the
>> subnets - at least not without co-ordination with the admin of the
>> existing DHCP.
>>
>> The problem is that even though you can apparently run two interfaces
>> (one 'real', one 'virtual'), DHCP relies on broadcasts which do not
>> respect the distinction between the subnets/interfaces.
>
>I know that and I am willing to coordinate my efforts with the sysadmins.
>
>> To make it work you will have to be able to identify every client
>> that will be part of your private network (MAC address is usually
>> easiest). On your new dhcp server you will have to service ONLY those
>> clients and ignore all others.
>
>Right, this is what I do.
>
>> The admin of the existing dhcp server
>> will have to explicitly ignore your clients.
>
>Hmm, here I am not quite sure. All my clients are on the private network 
>192.168.0.0. I thought their broadcast requests would not be transferred 
>to the external network (if I do not explicitely relay them). As for the 
>other clients on the main network, there is not need to worry - my server 
>will never serve their requests so they will always be servised by another 
>dhcp server. The problem you mention would potentially affect my clients 
>only - has to be solved, of course...

You said earlier that the two networks run on the same physical
ethernet. When a dhcp client broadcasts it does not know what network
it is on, and so it broadcasts to 255.255.255.255. Your dhcp server
cannot tell which network the client is supposed to be on based on this
broadcast address. The same goes for the main production dhcp server -
your clients could be offered addresses by that server.

>> If you don't do this
>> then you will have two dhcp servers fighting each other - yours will
>> offer a private address, the other will offer a public address, and
>> whichever the client decides to accept, one or other dhcp server will
>> reply with a NAK.
>
>So if I am correct above there should be no fight...

Unfortunately, with the information you have provided, you are not correct.

>> Unless you specifically want to play with the dhcp, you might be
>> better talking with the network admin and see if he can just set up
>> the dhcp for your private network on the existing server - be a whole
>> lot less effort overall.
>
>That's the whole problem. Unfortunately our local administration is not 
>very reliable and professional :(. Right now the main dhcp server is not 
>working (for two days already) and nobody seem to care. Actually nobody 
>of those two people who are responsible are at work... My clients 
>complain... So I just forsed to provide an independent service. As I said 
>in my first message my current problem is that I am not sure how I setup 
>my computer as a router and how to setup NAT.

Setting up the router really is beyond the scope of this group.

You might try looking for an appropriate HOWTO at the Linux
documentation project site http://www.tldp.org. To configure NAT try
the Netfilter home page at http://www.netfilter.org and also look at
the man pages for iptables.

http://www.linuxhomenetworking.com also has lots of procedure documents
for doing many Linux tasks. Don't let the "home" part put you off -
there's lots of info that's useful for work too.

>Thanks for your help.

This is quite a lot of work, mabe it would be better to just "take
over" the functionality of the main dhcp server? I guess there may be
other work related factors that mean you can or can't do that.

regards,
-glenn
--
Glenn Satchell     mailto:glenn.satchell at uniq.com.au | Some days we are
Uniq Advances Pty Ltd         http://www.uniq.com.au | the flies;  some
PO Box 70 Paddington NSW Australia 2021              | days we  are the
tel:0409-458-580  tel:02-9380-6360  fax:02-9380-6416 | windscreens...

More information about the dhcp-users mailing list