| View previous topic :: View next topic |
| Author |
Message |
Skar
n00b
Joined: 23 May 2003
Posts: 22
|
 Posted: Sat Jun 12, 2004 12:02 pm Post subject: dhcpd: mac + range |
 |
|
Hi,
i wondered if its possible to assign an ip of a specific range to a specific hardware address. if i try to put the hardware address in the subnet declaration it won't work.
any ideas?
thx
Skar |
|
| Back to top |
|
 |
n3mo
l33t
Joined: 28 Mar 2004
Posts: 657
Location: In a Cruel World
|
| Posted: Sat Jun 12, 2004 1:17 pm Post subject: |
|
|
I think you better post your dhcp.conf but | Quote: | | if i try to put the hardware address in the subnet declaration it won't work |
 the static ip otion on my server looks like this:
| Code: |
host mobile
{
hardware ethernet 00:a0:cc:3d:0b:39;
fixed-address 192.168.0.32;
} |
|
|
| Back to top |
|
|
Skar
n00b
Joined: 23 May 2003
Posts: 22
|
| Posted: Sat Jun 12, 2004 1:27 pm Post subject: |
|
|
the problem is, i don't want to give a static ip to a hardware address.
i want to set up a pool of ips from which a pool of hardware addresses take one
if needed
so normally you either have a "subnet" with a range of ips or you have a
hardware address with exactly one ip.
I want both together, cause I've more potentially computers then ips 
my dhcpd.conf won't help, cause i've just the standard options in there
cause i don't know how to manage it like i want |
|
| Back to top |
|
|
nobspangle
Veteran
Joined: 23 Mar 2004
Posts: 1318
Location: Manchester, UK
|
| Posted: Sat Jun 12, 2004 1:33 pm Post subject: |
|
|
I don't understand,
what happens when a computer connects that isn't in the list of MAC addresses? Do they get an address if so what pool does that address come from?
I think it would help if you gave some figures like the number of devices you have and the number of IP addresses and the range that those IPs are in. |
|
| Back to top |
|
|
nobspangle
Veteran
Joined: 23 Mar 2004
Posts: 1318
Location: Manchester, UK
|
| Posted: Sat Jun 12, 2004 1:52 pm Post subject: |
|
|
looks like it is possible using a group decleration
it may also be possible using a pool decleration with permit and deny lists.
have a look at
man dhcpd.conf
loads of info in there |
|
| Back to top |
|
|
Skar
n00b
Joined: 23 May 2003
Posts: 22
|
| Posted: Sat Jun 12, 2004 1:52 pm Post subject: |
|
|
lets say i've 5 notebooks here and only 3 ip addresses.
So I want a dhcpd which gives one of the 3 ips to any of the five laptops, when
they become connected. So this you do normally with something like this:
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.13;
}
Now I want that ONLY these five laptops are allowed to get these addresses.
Normally you've to assign an ip to a specific computer with the option "hardware address"
like you've done it.
But I want these to things combined, so I want to define the hardware addresses
which are allowed to get an IP from a specific range. |
|
| Back to top |
|
|
nobspangle
Veteran
Joined: 23 Mar 2004
Posts: 1318
Location: Manchester, UK
|
| Posted: Sat Jun 12, 2004 1:59 pm Post subject: |
|
|
try
| Code: | group {
range 192.168.1.10 192.168.1.13;
host host1 { hardware ethernet 00:c0:c3:49:2b:57; }
host host2 { hardware ethernet 00:c0:c3:80:fc:32; }
} |
I'm not sure if that's right I haven't tested it
**** tested this doesn't work ***** |
|
| Back to top |
|
|
n3mo
l33t
Joined: 28 Mar 2004
Posts: 657
Location: In a Cruel World
|
| Posted: Sat Jun 12, 2004 2:12 pm Post subject: |
|
|
It seems only a trick but why don't use iptables to filter requests to your dhcp server ?
| Code: | iptables -A INPUT -m state -state NEW -m mac -mac-source xx:xx:xx:x:x -p udp --destination-port 67 -j ACCEPT
iptables -A INPUT -m state -state NEW -m mac -mac-source xx:xx:xx:x:x -p udp --destination-port 68 -j ACCEPT |
one for each laptop and finally:
| Code: | iptables -A INPUT -p udp --destination-port 67 -j DROP
iptables -A INPUT -p udp --destination-port 68 -j DROP |
|
|
| Back to top |
|
|
nobspangle
Veteran
Joined: 23 Mar 2004
Posts: 1318
Location: Manchester, UK
|
| Posted: Sat Jun 12, 2004 2:17 pm Post subject: |
|
|
looks like what you need to do is have a
| Code: | | host hostname { hardware ethernet ha:rd:wa:re:ma:ca;} |
statement for each host then you can create a pool
| Code: | subnet 10.0.0.0 netmask 255.255.255.0 {
option routers 10.0.0.254;
# Unknown clients get this pool.
pool {
option domain-name-servers bogus.example.com;
max-lease-time 300;
range 10.0.0.200 10.0.0.253;
allow unknown clients;
}
# Known clients get this pool.
pool {
option domain-name-servers ns1.example.com, ns2.example.com;
max-lease-time 28800;
range 10.0.0.5 10.0.0.199;
deny unknown clients;
}
} |
all clients with host statements are known clients all clients without are unknown. |
|
| Back to top |
|
|
Skar
n00b
Joined: 23 May 2003
Posts: 22
|
| Posted: Sat Jun 12, 2004 6:05 pm Post subject: |
|
|
| nobspangle wrote: | looks like what you need to do is have a
statement for each host then you can create a pool
|
this works for you?
I've got
| Code: | host mobile1 { hardware ethernet XX:XX:XX:XX:XX:XX; }
subnet 192.168.12.0 netmask 255.255.255.0 {
option routers 192.168.12.1;
unkownpool {
option domain-name-servers 134.155.50.51;
max-lease-time 300;
range 192.168.12.100 192.168.12.105;
allow unkown clients;
}
knownpool {
option domain-name-servers 134.155.50.51;
max-lease-time 28800;
range 192.168.12.110 192.168.12.115;
deny unkown clients;
}
}
|
but i get an "expecting a parameter or declaration." for unkownpool und knownpool |
|
| Back to top |
|
|
nobspangle
Veteran
Joined: 23 Mar 2004
Posts: 1318
Location: Manchester, UK
|
| Posted: Sat Jun 12, 2004 6:22 pm Post subject: |
|
|
| Code: | host mobile1 { hardware ethernet XX:XX:XX:XX:XX:XX; }
subnet 192.168.12.0 netmask 255.255.255.0 {
option routers 192.168.12.1;
pool {
option domain-name-servers 134.155.50.51;
max-lease-time 300;
range 192.168.12.100 192.168.12.105;
allow unkown clients;
}
pool {
option domain-name-servers 134.155.50.51;
max-lease-time 28800;
range 192.168.12.110 192.168.12.115;
deny unkown clients;
}
} |
That should be ok server won't understand unknownpool and knownpool |
|
| Back to top |
|
|
Skar
n00b
Joined: 23 May 2003
Posts: 22
|
| Posted: Sat Jun 12, 2004 7:16 pm Post subject: |
|
|
| nobspangle wrote: |
That should be ok server won't understand unknownpool and knownpool |
Even with "pool", the error message is the same |
|
| Back to top |
|
|
nobspangle
Veteran
Joined: 23 Mar 2004
Posts: 1318
Location: Manchester, UK
|
| Posted: Sat Jun 12, 2004 10:53 pm Post subject: |
|
|
after I corrected your spelling  it all worked fine.
| Code: | host mobile1 { hardware ethernet 00:5b:33:2a:ff:64; }
subnet 192.168.12.0 netmask 255.255.255.0 {
option routers 192.168.12.1;
pool {
option domain-name-servers 134.155.50.51;
max-lease-time 300;
range 192.168.12.100 192.168.12.105;
allow unknown clients;
}
pool {
option domain-name-servers 134.155.50.51;
max-lease-time 28800;
range 192.168.12.110 192.168.12.115;
deny unknown clients;
}
}
ddns-update-style ad-hoc;
|
|
|
| Back to top |
|
|
Skar
n00b
Joined: 23 May 2003
Posts: 22
|
| Posted: Sun Jun 13, 2004 7:44 am Post subject: |
|
|
I just copy&paste this stuff but if I try to start I get the error:
| Code: | root@chef:/etc# dhcpd
Internet Software Consortium DHCP Server 2.0pl5
Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium.
All rights reserved.
Please contribute if you find this software useful.
For info, please visit http://www.isc.org/dhcp-contrib.html
/etc/dhcpd.conf line 23: expecting a parameter or declaration.
pool
^
/etc/dhcpd.conf line 29: expecting a parameter or declaration.
pool
^
/etc/dhcpd.conf line 36: expecting a declaration.
ddns-update-style
^
Configuration file errors encountered -- exiting
exiting.
|
But ok, if it works for you, perhaps the error is somewhere else.
I'll go into this.
Thx for help |
|
| Back to top |
|
|
nobspangle
Veteran
Joined: 23 Mar 2004
Posts: 1318
Location: Manchester, UK
|
| Posted: Sun Jun 13, 2004 7:59 am Post subject: |
|
|
I don't know what you are copying and pasting, the conf I posted only has 20 lines your errors are talking about lines 23 29 and 36.
I suggest
| Code: | | rm -rf /etc/dhcp/dhcpd.conf |
and start again |
|
| Back to top |
|
|
Skar
n00b
Joined: 23 May 2003
Posts: 22
|
| Posted: Sun Jun 13, 2004 8:24 am Post subject: |
|
|
the errors where in other lines cause i've just outcommented the older settings.
If I start from beginning the error stays the same. |
|
| Back to top |
|
|
nobspangle
Veteran
Joined: 23 Mar 2004
Posts: 1318
Location: Manchester, UK
|
| Posted: Sun Jun 13, 2004 8:27 am Post subject: |
|
|
| could you post your current conf and the errors you currently get |
|
| Back to top |
|
|
Skar
n00b
Joined: 23 May 2003
Posts: 22
|
| Posted: Sun Jun 13, 2004 8:39 am Post subject: |
|
|
hm, after a clean reemerge and setting up clean config files, it seems to work
so I think i screwed it up somewhere but now it seems to be fine.
Thx for help and patience |
|
| Back to top |
|
|
nobspangle
Veteran
Joined: 23 Mar 2004
Posts: 1318
Location: Manchester, UK
|
| Posted: Sun Jun 13, 2004 8:48 am Post subject: |
|
|
| no worries glad you got it working |
|
| Back to top |
|
|
|
Networking & Security
