DHCP Relay over transit-network
Simon Hobson
simon at thehobsons.co.uk
Tue Dec 30 11:24:41 UTC 2014
"Muenz, Michael" <m.muenz at spam-fetish.org> wrote:
> I'm not an expert regarding dhcp relay, but I unterstand the principle and got it running when DHCP server is at the other interface of the firewall.
> Now I have 2 networks, connected at 2 firewalls which have a transit network:
>
> LAN1: 10.0.0.0/24 - FIREWALL1 --- 10.5.5.0 transit --- FIREWALL2 - LAN2: 10.0.1.0/24
That should work - what is in between (whether one hop or some long chain of WAN links) shouldn't really matter as long as the routing is all configured correctly.
> In both networks (LAN1, LAN2) is a DHCP server and has to be the failover for the other one, configured via delayed replies.
> When I start dhcp-relay on FW1 with "/usr/local/dhcp/sbin/dhcrelay -i eth1 10.0.1.100", I can see the packet on FW2 going to 10.0.1.100, but with the source ip 10.5.5.1.
> The dhcp-server on LAN2 doesn't reply to this one.
Just bear in mind that I've limited experience with the ISC relay agent ...
That doesn't sound right. The relay agent on firewall 1 should be using an address in the 10.0.0.0/24 subnet as that is how the server identifies the packet as coming from that subnet.
But can I clarify, is the 10.5.5.1 in the packet header source address, or the DHCP GI-Addr field ? The server should not have a problem with it in the packet header as long as the GI Addr field is correct. Does each server have a route to the 10.5.5.0 subnet ?
More information about the dhcp-users
mailing list