Relay agents, NAT, and offers to giaddr
Chris De Young
chd at chud.net
Thu Sep 14 18:52:21 UTC 2006
Hi,
We have a problem where a proposed architecture is not currently
working, and I want to determine whether or not what they are trying
to do is legal.
We have a DHCP client connected to a network with a relay agent, all
on private address space, then later there's a NAT box, and then later
there's the DHCP server on a public address.
---------- --------------- ------- ----------------------
| Client |----| Relay-agent |---| NAT |-----| Public DHCP server |
---------- | 10.1.1.1 | | | | 128.196.128.x |
--------------- ------- ----------------------
The relay agent does NOT do the routing for this segment (it's a
wireless controller), that's done at the NAT box.
The problem is that the relay agent puts 10.1.1.1 into the giaddr
field of the DISCOVER packet, so when the server gets it, it sends the
OFFER back to 10.1.1.1. Alas, from the server's point of view, it has
no route to the 10.* network.
My questions is: is the server *required* to send the offer back to
the address in giaddr (in which case this architecture is
fundamentally flawed?), or can it be configured to send the offer to
the source IP address in the forwarded discover packet that it
received instead (which has been natted to public space by then and so
is reachable)?
Thanks much!
-Chris
More information about the dhcp-users
mailing list