dhcp and IP-Masquerade

I have a network connecting to the internet
through a Linux box that masquerades local
machines. It is further hidden by a NAT.
Approximately like this:


internet --> NAT --> Linux box --> internal network
(10.21.xx.xx) (192.168.xx.xx)

It works fine, except for a recent change. I need
to assign some addresses through DHCP. When I try
it, computers (running Windows) do obtain a
network address and have access to the internal
network but cannot go through to the internet.
These same computers have no problem when
assigned a static IP (192.168.xx.xx). It seems
strange, since I think once an address is
assigned, the masquerading process should occur
transparently. Here is the relevant data:

---------------
dhcpd.conf:
---------------
option domain-name "my.domain";
option domain-name-servers 221.74.107.1,
221.74.107.2;

subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.1 192.168.0.10;
default-lease-time 86400;
max-lease-time 86400;
option routers 192.168.0.254;
}

# I don't know why I should have to include
# this subnet, since I don't intend to serve
# any requests from this side, but dhcpd
# says I have to include it:
subnet 10.21.48.0 netmask 255.255.255.0 {
deny unknown-clients;
deny bootp;
option routers 10.21.48.254;
}

-------------
A portion of the dhcpd.log:
-------------
Jan 27 12:45:37 marvin dhcpd: Listening on
LPF/eth1/00:40:f4:30:04:b6/192.168.0.0
Jan 27 12:45:37 marvin dhcpd: Sending on
LPF/eth1/00:40:f4:30:04:b6/192.168.0.0
Jan 27 12:45:37 marvin dhcpd: Listening on
LPF/eth0/00:04:76:38:e1:7f/10.21.48.0
Jan 27 12:45:37 marvin dhcpd: Sending on
LPF/eth0/00:04:76:38:e1:7f/10.21.48.0
Jan 27 12:45:37 marvin dhcpd: Sending on
Socket/fallback/fallback-net
Jan 27 12:45:37 marvin dhcpd: dhcpd startup succeeded
Jan 27 12:46:21 marvin dhcpd: DHCPREQUEST for
192.168.0.8 from 00:03:93:13:7f:d8 via eth0
Jan 27 12:46:21 marvin dhcpd: DHCPNAK on
192.168.0.8 to 00:03:93:13:7f:d8 via eth0
Jan 27 12:46:21 marvin dhcpd: DHCPREQUEST for
192.168.0.8 from 00:03:93:13:7f:d8 via eth1
Jan 27 12:46:21 marvin dhcpd: DHCPACK on
192.168.0.8 to 00:03:93:13:7f:d8 via eth1
Jan 27 12:46:21 marvin dhcpd: DHCPDISCOVER from
00:03:93:13:7f:d8 via eth0
Jan 27 12:46:21 marvin dhcpd: no free leases on
subnet 10.21.48.0
Jan 27 12:46:21 marvin dhcpd: DHCPDISCOVER from
00:03:93:13:7f:d8 via eth1
Jan 27 12:46:21 marvin dhcpd: DHCPOFFER on
192.168.0.8 to 00:03:93:13:7f:d8 via eth1
Jan 27 12:46:23 marvin dhcpd: DHCPREQUEST for
192.168.0.8 from 00:03:93:13:7f:d8 via eth0
-------------

Any suggestions will be greatly appreciated.

Thanks,
Gerardo Juarez



Searching for the best free email? Try MetaCrawler Mail, from the #1 metasearch service on the Web, http://www.metacrawler.com
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: dhcp and IP-Masquerade

If I understand you, the linux router has something like this:

eth0 - the link to your local network.
eth1 - the link to your NAT router

It is a strange setup, but it shuld work fine. I say that it is strange
becouse your NAT router should do the trick without the need of another
linux router. Why don't you use the 10.21.0.0 class for the local
network?
If you can use a subnet from that IP range, you only need a DHCP server on
your local LAN, wich will have only one eth card.

First of all, you should set dhcpd to listen on only eth1.
You should do that like this:
When you start up the server, add "eth1" like:

dhcpd eth1

Then you should remove the part from your dhcpd.conf file concearning
eth0 (10.21.48.0/24). In your original setup, you MUST configure this
becouse the dhcpd by default listens on all interfaces he has found on
your linux machine.

A better solution of the problem is to instruct the NAT router to actually
masquerade the local network (192.168.0.0/24) along with 10.21.48.0/24
network. In this case, the linux router should have default routes for
192.168.0.0/24 pointing to your NAT router. The linux router won't do any
masquerading of that IP addresses, only routing will be involved.


This is all.
I hope that this will help you.


____ ____ o ~
// // / __ \ // \ // //'''' //\\
//_____// / / / / //___ / // // // \\
// // / /_/ / // \ // // //____\\
// // \____/ // \ // \\.... // \\
------------------------------------------------------------ ------------
Comtec Net Romania
----------------------------------------------------
WEB: www.eltop.ro IRC: irc.eltop.ro NEWS: news.eltop.ro
----------------------------------------------------
Horia Chirculescu root@eltop.ro
Connex: +40 723 205 086
Zapp: +40 788 374 059

On Mon, 2 Feb 2004, gerardo juarez-mondragon wrote:

>
> I have a network connecting to the internet
> through a Linux box that masquerades local
> machines. It is further hidden by a NAT.
> Approximately like this:
>
>
> internet --> NAT --> Linux box --> internal network
> (10.21.xx.xx) (192.168.xx.xx)
>
> It works fine, except for a recent change. I need
> to assign some addresses through DHCP. When I try
> it, computers (running Windows) do obtain a
> network address and have access to the internal
> network but cannot go through to the internet.
> These same computers have no problem when
> assigned a static IP (192.168.xx.xx). It seems
> strange, since I think once an address is
> assigned, the masquerading process should occur
> transparently. Here is the relevant data:
>
> ---------------
> dhcpd.conf:
> ---------------
> option domain-name "my.domain";
> option domain-name-servers 221.74.107.1,
> 221.74.107.2;
>
> subnet 192.168.0.0 netmask 255.255.255.0 {
> range 192.168.0.1 192.168.0.10;
> default-lease-time 86400;
> max-lease-time 86400;
> option routers 192.168.0.254;
> }
>
> # I don't know why I should have to include
> # this subnet, since I don't intend to serve
> # any requests from this side, but dhcpd
> # says I have to include it:
> subnet 10.21.48.0 netmask 255.255.255.0 {
> deny unknown-clients;
> deny bootp;
> option routers 10.21.48.254;
> }
>
> -------------
> A portion of the dhcpd.log:
> -------------
> Jan 27 12:45:37 marvin dhcpd: Listening on
> LPF/eth1/00:40:f4:30:04:b6/192.168.0.0
> Jan 27 12:45:37 marvin dhcpd: Sending on
> LPF/eth1/00:40:f4:30:04:b6/192.168.0.0
> Jan 27 12:45:37 marvin dhcpd: Listening on
> LPF/eth0/00:04:76:38:e1:7f/10.21.48.0
> Jan 27 12:45:37 marvin dhcpd: Sending on
> LPF/eth0/00:04:76:38:e1:7f/10.21.48.0
> Jan 27 12:45:37 marvin dhcpd: Sending on
> Socket/fallback/fallback-net
> Jan 27 12:45:37 marvin dhcpd: dhcpd startup succeeded
> Jan 27 12:46:21 marvin dhcpd: DHCPREQUEST for
> 192.168.0.8 from 00:03:93:13:7f:d8 via eth0
> Jan 27 12:46:21 marvin dhcpd: DHCPNAK on
> 192.168.0.8 to 00:03:93:13:7f:d8 via eth0
> Jan 27 12:46:21 marvin dhcpd: DHCPREQUEST for
> 192.168.0.8 from 00:03:93:13:7f:d8 via eth1
> Jan 27 12:46:21 marvin dhcpd: DHCPACK on
> 192.168.0.8 to 00:03:93:13:7f:d8 via eth1
> Jan 27 12:46:21 marvin dhcpd: DHCPDISCOVER from
> 00:03:93:13:7f:d8 via eth0
> Jan 27 12:46:21 marvin dhcpd: no free leases on
> subnet 10.21.48.0
> Jan 27 12:46:21 marvin dhcpd: DHCPDISCOVER from
> 00:03:93:13:7f:d8 via eth1
> Jan 27 12:46:21 marvin dhcpd: DHCPOFFER on
> 192.168.0.8 to 00:03:93:13:7f:d8 via eth1
> Jan 27 12:46:23 marvin dhcpd: DHCPREQUEST for
> 192.168.0.8 from 00:03:93:13:7f:d8 via eth0
> -------------
>
> Any suggestions will be greatly appreciated.
>
> Thanks,
> Gerardo Juarez
>
>
>
> Searching for the best free email? Try MetaCrawler Mail, from the #1 metasearch service on the Web, http://www.metacrawler.com
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>

-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html