Tools How to ignore requests in dhcpd?


 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers Tools How to ignore requests in dhcpd?
# 1  
Old 02-12-2013
Tools Tools How to ignore requests in dhcpd?

Hi there,

I setup a dhcp server on a debian.
It is designed to only assign ip addresses to a list of known hosts.
The config file looks like :
Code:
log-facility local6;
ignore unknown-clients;
subnet 172.16.0.0 netmask 255.255.0.0 { }
host 1 { hardware ethernet 00:03:2d:xx:xx:xx; fixed-address 172.16.101.151; }
host 2 { hardware ethernet 00:03:2d:yy:yy:yy; fixed-address 172.16.102.151; }
host 3 { hardware ethernet 00:03:2d:zz:zz:zz; fixed-address  172.16.103.151; }

The problem is that the log file show thousands of requests from unknown hosts that I was hopping to drop.
Code:
Feb 12 17:54:33 debian dhcpd: DHCPDISCOVER from 00:0b:3b:xx:xx:xx via 172.16.106.2: network 172.16/16: no free leases
Feb 12 17:54:33 debian dhcpd: DHCPDISCOVER from 00:04:a3:xx:xx:xx via 172.16.169.2: network 172.16/16: no free leases
Feb 12 17:54:35 debian dhcpd: DHCPDISCOVER from 00:04:8b:xx:xx:xx via  172.16.158.2: network 172.16/16: no free leases

Is there any way I can completely ignore the requests from unknown hosts (not even logging them)?

Thanks for your help
Santiago
# 2  
Old 02-12-2013
Add a firewall ?
This User Gave Thanks to DGPickett For This Post:
# 3  
Old 02-13-2013
Hi DGPickett,

I admit that's a good idea.
Although, I can only administrate the dhcp daemon on that server. I can still contact the main administrator to try and work on a firewall that would serve both our needs but I'm still expecting a solution to exist within the dhcpd configuration.
Any other ideas?

Regards
Santiago
# 4  
Old 02-13-2013
I think that dhcpd wants host ... { } statements within the appropriate subnet ... { }
Code:
man dhcpd.conf

further suggests to put deny unknown-clients; within the subnet ... { }
Give it a try - maybe it will stop the logging?
# 5  
Old 02-13-2013
A DHCPDISCOVER just means that a newly-born IP interface without an assigned IP address has issued a broadcast. It does NOT mean your server has answered it. As the IP interface does not (and should not) know where the DHCP server is located it can only issue a broadcast and take whatever answer it gets (usually a DHCPACK from a server willing to give out a lease). It is in the nature of broadcasts that every system gets them.

Of course these attempted contacts are logged in the servers log, but this does only mean your log level is high enough to do that. You server still won't give out any leases to these systems. Try to reduce the log level if you don't like these log entries.

I hope this helps.

bakunin
This User Gave Thanks to bakunin For This Post:
# 6  
Old 02-13-2013
Hi bakunin,

Thanks for your explanation.
Which brings me to think that DGPickett's idea was the best option: "Add a firewall".
So that I can just refuse any incoming request from unknown hosts.
I'll try and figure that out with the system administrator.

Regards
Santiago
# 7  
Old 02-13-2013
Well, all requests on a subnet look alike, since the host IP has not been set. This firewall needs to be MAC oriented or somehow hit the via host.

I wonder why the via hosts are configured to send requests to you? Dynamic Host Configuration Protocol - Wikipedia, the free encyclopedia
 
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

How to ignore requests in dhcpd?

Hi there, I setup a dhcp server on a debian. It is designed to only assign ip addresses to a list of known hosts. The config file looks like : log-facility local6; ignore unknown-clients; subnet 172.16.0.0 netmask 255.255.0.0 { } host 1 { hardware ethernet 00:03:2d:xx:xx:xx; fixed-address... (3 Replies)
Discussion started by: chebarbudo
3 Replies

2. Linux

dhcpd failover with static IP

Hi I am a bit confused, I want to setup failover within dhcpd. There are multiple subnets and hosts with static IP's. however it seems I need to set up an IP range for the subnets for failover to work is this correct or am I missing something (1 Reply)
Discussion started by: eeisken
1 Replies

3. IP Networking

dhcpd-related questions

I have two items, only related because they are both regarding dhcpd. First of all, I keep seeing dhcpd responding to DHCPREQUESTs on eth1 which is my cable modem. For example: Sep 12 21:00:09 plague dhclient: DHCPREQUEST on eth1 to 204.186.xxx.xxx port 67 Sep 12 21:00:09 plague dhcpd:... (2 Replies)
Discussion started by: NESter
2 Replies

4. UNIX for Advanced & Expert Users

dhcpd - range parameter

Hi All, I'm curious about what this community would think about this portion of a dhcpd.conf file: subnet 192.168.1.0 netmask 255.255.255.0 { ... ...other parameters/options... ... range 192.168.1.3 192.168.1.253 range 172.16.0.2 172.16.0.50 } I tested this and dhcpd did not barf... (2 Replies)
Discussion started by: Keene44
2 Replies

5. IP Networking

dhcpd - range parameter

Hi All, I'm curious about what this community would think about this portion of a dhcpd.conf file: subnet 192.168.1.0 netmask 255.255.255.0 { ... ...other parameters/options... ... range 192.168.1.3 192.168.1.253 range 172.16.0.2 172.16.0.50 } I tested this and dhcpd did not barf... (1 Reply)
Discussion started by: Keene44
1 Replies

6. Linux

dhcpd - range parameter

Hi All, I'm curious about what this community would think about this portion of a dhcpd.conf file: subnet 192.168.1.0 netmask 255.255.255.0 { ... ...other parameters/options... ... range 192.168.1.3 192.168.1.253 range 172.16.0.2 172.16.0.50 } I tested this and... (1 Reply)
Discussion started by: Keene44
1 Replies

7. UNIX for Advanced & Expert Users

dhcpd password

I want to change the password for dhcpd so I can give it to the dhcp operator to handle dhcp server. however, when I use passwd to change the password, it prompt me with changing password for dhcpd. old password: my question is that I have never set dhcpd password before, so what is the old... (1 Reply)
Discussion started by: fredao
1 Replies

8. Linux

dhcpd.conf

I have intall a REdhat 9.0 as a server and Ive configure to act as a DHCP however Im having technical problems b/c the file /etc/dhcpd.conf does not exists. I went to the text edit and I created : subnet 192.192.168.100.0 netmask 255.255.255.0 { range 192.168.100.10 192.168.100.150;... (1 Reply)
Discussion started by: keliy1
1 Replies

9. UNIX for Advanced & Expert Users

dhcpd

(GNU/Linux) Ain't it possible to force dhcpd to NOT send any DHCP Offers on a specific interface? I dont want dhcpd to answer on eth0 but do answer on eth1. best regards /Esaia (2 Replies)
Discussion started by: Esaia
2 Replies
Login or Register to Ask a Question