Multiple chrooted dhcp servers for vlans on Linux?
Muhammad Faisal
faisalusuf at yahoo.com
Fri Feb 26 20:39:05 UTC 2016
In case of different subnets on single interface the relay agents is a
mandatory requirement. You can then segregate subnets per agent IP in
the dhcp scope.
Relay agent IP is option routers in dhcpd
--
Thanks
F.
------ Original Message ------
From: "Chuck Anderson" <cra at WPI.EDU>
To: dhcp-users at lists.isc.org
Sent: 2/27/2016 1:22:23 AM
Subject: Re: Multiple chrooted dhcp servers for vlans on Linux?
>This won't work unless you use separate full virtual machines...
>
>You could make it work on a single machine maybe, but you'd need to
>recompile the dhcpd with USE_SOCKETS. Then dhcpd will only work to
>serve remote clients via a relay agent, not local clients directly
>connected to the same VLAN as the server. This is because local
>clients must be served via a raw socket rather than a normal udp
>socket. The reason is that responses to local, on-link clients must
>contain specific IP headers and MAC address headers that cannot be set
>via a regular udp socket, such as the all-ones broadcast address. I
>may have the exact details wrong, but that is the gist of it.
>
>On Fri, Feb 26, 2016 at 10:51:41AM -0800, stevel_isc at jbco.com wrote:
>> The goal is to have multiple chrooted dhcpd processes, one for each
>>of four
>> vlans, such that a compromise of a more public one won't affect a
>>more
>> private one.
>>
>>
>>
>> Server version is isc-dhcpd-4.3.3-P1 and Linux is a recent install of
>> Debian.
>>
>>
>>
>> I've got them all running but looking at dhcpd processes in netstat I
>>don't
>> think it'll actually work in practice.
>>
>>
>>
>> Even though each one is specified to a particular vlan interface they
>>all
>> appear to be listening to 0.0.0.0 and I see nothing visible
>>differentiating
>> them.
>>
>>
>>
>> Are they really all listing on every vlan, and does that mean
>>incoming
>> requests over one vlan will be handled by whatever server happens to
>>grab
>> the request (3 out of 4 chance it's the wrong one)?
>_______________________________________________
>dhcp-users mailing list
>dhcp-users at lists.isc.org
>https://lists.isc.org/mailman/listinfo/dhcp-users
More information about the dhcp-users
mailing list