Reconfig of dhcp.conf

Glenn Satchell Glenn.Satchell at uniq.com.au
Wed Nov 25 14:25:48 UTC 2009 

>Date: Wed, 25 Nov 2009 09:14:56 -0500
>From: Chris Arnold <carnold at electrichendrix.com>
>
>On 11/25/09 9:04 AM, "Glenn Satchell" <Glenn.Satchell at uniq.com.au> wrote:
>
>> 
>>> Date: Wed, 25 Nov 2009 08:32:48 -0500
>>> From: Chris Arnold <carnold at electrichendrix.com>
>>> 
>>> On 11/25/09 1:12 AM, "Glenn Satchell" <Glenn.Satchell at uniq.com.au> wrote:
>>> 
>>>> Hi Chris
>>>> 
>>>> Do you still have a shared network with 192.168.123.0 and 192.168.124.0
>>>> on the same physical segment?
>>> 
>>> No sir, they are not on the same physical segment
>>> 
>>>> If not then your new config should be fine, and hosts on each of the
>>>> physical networks will get addresses in that range.
>>> 
>>> Nothing on any subnet is getting ip's. Is there a dhcp log I can take a look
>>> at? I have opened dhcp-relay ports (67 and 68) from both the dmz to trust
>>> and trust to dmz to no avail. The dhcp server is on the dmz network. This
>>> server has dual nic's and each nic has a different ip/subnet. Ex. eth0
>>> 192.168.124.x with gateway of 192.168.124.x and eth1 192.168.123.x with
>>> gateway of 192.168.123.x. I have also, on the juniper firewall, enabled
>>> dhcp-relay on the interfaces (dmz and trust).
>> 
>> So are the networks where the clients are different IP ranges to the
>> server's networks?
>Yes, sir
>> Does that mean the firewall bridges between the
>> different parts of the  two subnets?
>Yes, sir (I would assume so)
>> Can you snoop traffic on the server to see if the discover packets are
>> making it to the server? Getting dhcp through a firewall also requires
>> allowing broadcast traffic from src ip 0.0.0.0 to destination
>> 255.255.255.255. The dhcp logs should help a bit.
>I only see 192.168.124 traffic in the dhcp logs. Nothing from 192.168.123
>network; which makes sense, since 192.168.124 is dmz traffic and the dhcp
>server is in the dmz = no need for a policy to allow dhcp traffic. When I
>insert a policy for 255.255.255.255 broadcast traffic, the firewall errors
>out and says something about VPN (I have not made it that far yet), so I
>don't think this is needed in the firewall (I could be wrong)?
>I would offer a "webex" meeting using mikogo if you like so you can see
>exactly what is happenning. Let me know

With a bit of ascii art can you draw the network diagram showing where
the various networks, server and firewall are set up? Here's a starting
point based on how I think you've described things so far:

192.168.124.0   dhcp server   192.168.123.0            192.168.123.0?
----------------eth0==eth1-------------------Firewall----------------
| | | |                                                      | | | |
dhcp clients                                             dhcp clients

And can you include dhcpd.conf again please?

regards,
-glenn

More information about the dhcp-users mailing list