No subnet declaration; Can't open /var/lib/dhcp/dhcpd.leases for append

Simon Hobson dhcp1 at thehobsons.co.uk
Sun Jan 28 09:38:26 UTC 2018 

A <publicface at bak.rr.com> wrote:

>> OK, so this box is your gateway, AP, etc, etc. In that case I believe that your setup is fundamentally broken - you have TWO SEPARATE networks (one wired, one wireless) running the same subnet.
> 
> Yes, that's how I was told to set it up by a helpful individual.  I was told since it was one subnet, no routing would be needed.  The wireless & wired interfaces would be bridged.  Seemed reasonable.  It sounds like you are suggesting exactly the same thing so "fundamentally broken" seems a bit harsh.

Key thing there is BRIDGED - ONE bridge interface with ONE address in the subnet, more than one port assigned to the bridge. What you have is NOT a bridged network, it is two SEPARATE networks with the same subnet - it's is fundamentally broken and will NOT work (at least without a lot of fudging around to work around the brokenness.


> I removed the bridge because I was unable to reach the Internet from yellow (nor blue).  And that is how things stand now.  Bridge up, Internet down.  Bridge down, Internet up.

OK, so there's a different issue there, and it'll be to do with your masq setup.

You probably need to take a step back and get the basics working first. Forget your DHCP for the moment and statically configure some clients - that way you can work on one issue at a time.

Get the internal networking going (devices can connect between wired and wireless).

Get the internet connection working - ie setup your masq rules.

THEN work on dhcp etc.

As it is, I think you are trying to troubleshoot multiple issues at once which makes it much harder - especially when, as it appears here, networking isn't you specialist subject.

BTW - you MUST also configure filters on inbound traffic, while a GNU/Linux system is fairly secure out of the box, it is likely to be running services that you don't want to expose. So configure rules that permit only the traffic inbound to the firewall that you want, and drop everything else.
I'm another that doesn't normally work direct with iptables - I use Shorewall too.

More information about the dhcp-users mailing list