Hello, I''m trying to get a Shorewall installation on Debian and am running into some problems that actually related to DHCP, or at least that''s my theory. I''m writing to this list in hopes that enough people have already been through this that they know an answer. The problem I have is that the DHCP server doesn''t know what interface to listen to and, more importantly, not to listen to. The problem I have is that on the one subnet I have two DHCP servers in violent contention with each other and typically within minutes my entire network is fubar. What''s worse is this new DHCP server is much faster at responding. Because of the rather nasty effect it has on the subnet, testing is very limited this time of year as term papers come due and email, web, and printers are of absolute importance. I think there is a way to configure this under the dhcp server configuration but I''m curious what the shorewall people have to say about this one. Also, there is a lot of martian traffic. But I won''t really look into this one until I''ve been able to set this up for more than 5 minutes. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Tom Allison wrote:> Hello, > > I''m trying to get a Shorewall installation on Debian and am running into > some problems that actually related to DHCP, or at least that''s my > theory. I''m writing to this list in hopes that enough people have > already been through this that they know an answer. > > The problem I have is that the DHCP server doesn''t know what interface > to listen to and, more importantly, not to listen to. The problem I > have is that on the one subnet I have two DHCP servers in violent > contention with each other and typically within minutes my entire > network is fubar. What''s worse is this new DHCP server is much faster > at responding. > > Because of the rather nasty effect it has on the subnet, testing is very > limited this time of year as term papers come due and email, web, and > printers are of absolute importance. > > I think there is a way to configure this under the dhcp server > configuration but I''m curious what the shorewall people have to say > about this one. > > Also, there is a lot of martian traffic. But I won''t really look into > this one until I''ve been able to set this up for more than 5 minutes.Sounds like you have two interfaces connected to the same HUB/switch. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Shorewall Geek wrote:> Tom Allison wrote: >> Hello, >> >> I''m trying to get a Shorewall installation on Debian and am running into >> some problems that actually related to DHCP, or at least that''s my >> theory. I''m writing to this list in hopes that enough people have >> already been through this that they know an answer. >> >> The problem I have is that the DHCP server doesn''t know what interface >> to listen to and, more importantly, not to listen to. The problem I >> have is that on the one subnet I have two DHCP servers in violent >> contention with each other and typically within minutes my entire >> network is fubar. What''s worse is this new DHCP server is much faster >> at responding. >> >> Because of the rather nasty effect it has on the subnet, testing is very >> limited this time of year as term papers come due and email, web, and >> printers are of absolute importance. >> >> I think there is a way to configure this under the dhcp server >> configuration but I''m curious what the shorewall people have to say >> about this one. >> >> Also, there is a lot of martian traffic. But I won''t really look into >> this one until I''ve been able to set this up for more than 5 minutes. > > Sounds like you have two interfaces connected to the same HUB/switch.If course the Martians could also be caused by the DHCP server handing out IP addresses that don''t belong on that LAN segment. The interfaces that a Debian DHCP server listens on is specified in /etc/default/dhcpd, IIRC. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
>The problem I have is that the DHCP server doesn''t know what interface >to listen to and, more importantly, not to listen to. The problem I >have is that on the one subnet I have two DHCP servers in violent >contention with each other and typically within minutes my entire >network is fubar. What''s worse is this new DHCP server is much fasterThis is a bit off-topic for a shorewall list, and you haven''t even said what DHCP server you are running. For DNSMasq, you can specify the interface option in dnsmasq.conf like: interface=eth0 I imagine that other DHCP servers have a similar configuration option. I think that the ISC DHCPD takes the interface to bind to as a command-line option, but I can''t be sure. BTW, you might also want to make one of your servers authoritative. --Russel Riley ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
> This is a bit off-topic for a shorewall list, and you haven''t even said what > DHCP server you are running. > > For DNSMasq, you can specify the interface option in dnsmasq.conf like: > interface=eth0 > > I imagine that other DHCP servers have a similar configuration option. I > think that the ISC DHCPD takes the interface to bind to as a command-line > option, but I can''t be sure. > > BTW, you might also want to make one of your servers authoritative.Thanks to all, this is just the kind of tidbits I was looking for. And yes, it is OT but then it turns out there is some experience with this kind of problem on the Shorewall list. Which is what I was banking on. It''s not going to be far on a list like this to find someone who has done a number of network basics (DHCP, DNS, CUPS) on a firewall box. It''s an attractive option over having multiple machines on 24x7 for a very small network. It is ISC DHCP. Many thanks. I''ll have to get more Shorewall specific questions but first I had to keep my DHCP server from self distructing. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Tom Allison wrote:>It is ISC DHCP.In that case, it takes a list of interfaces to listen on on the command line. How you do this is distro specific - on Debian (and it''s derivatives) it is in /etc/default/dhcpd. Normally, if the DHCP server isn''t properly configured then it won''t start - and normally you wouldn''t define subnets it wasn''t supposed to serve. There is an ISC DHCP mailing list at https://lists.isc.org/mailman/listinfo -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/