[SOLVED] Any dhcpd gurus around ?

Questions about Wi-Fi and other network devices, file sharing, firewalls, connection sharing etc
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Locked
lidgaca

[SOLVED] Any dhcpd gurus around ?

Post by lidgaca »

Hi

I have a problem that seems simple, but I can't get a dhcpd config to match what I need to do.

The problem.

I hate adverts. With an all cosuming passion. I have an acer tablet that I use to watch movies that I stream from my local network. As soon as the tablet is connected to my network via wifi it gets a IP address from my linux server via dhcpd. It is also passed the router ip address that is naturally part of the dhcp response from the server.

As soon as it gets the default route I get ads :(

I don't want the tablet to be connected to the internet - it only needs to know about my local net to do the job in hand. So what I want is for the dhcpd server to pass a bogus option-router declaration for this specific mac address. This is proving difficult.

I could set up a completly bogus subnet declartion, but I don't want to do that - I would get lots of warning messages from my firewall telling me that it was seeing bogus packets on the internal net.

What I've tried

# These mac addresses will be given the bogus router information
# class can be extended with 'or' ...
class "bogus_router" {
match if substring(hardware,1,6) = "XXXX";
}

# This is for the acer tablet - don't know if I
# need this host declaration or not ...
host acer-tablet {
hardware ethernet XXXX;
}

shared-network local {

subnet 10.100.100.240 netmask 255.255.255.240 {
authoratative;
range 10.100.100.240 10.100.100.254;
option subnet-mask 255.255.255.0;
option broadcast-address 10.100.100.255;
option routers 10.100.100.1;
allow members of "bogus_router";
deny unknown-clients;
}

subnet 10.100.100.0 netmask 255.255.255.0 {
authoratative;
range 10.100.100.128 10.100.100.239;
option subnet-mask 255.255.255.0;
option broadcast-address 10.100.100.255;
option routers 10.100.100.2;
deny members of "bogus_router";
allow unknown-clients;
}
}

(My real router is 10.100.100.2, 10.100.100.1 is a bogus address).

which seems as if it ought to do what I want, except that dhcpd won't start, complaing about the "allow members of " and "deny membes of" lines. I think I'm doing the classing wrong.


Anybody any idea ?


-- Chris
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Top
lidgaca

Re: [SOLVED] Any dhcpd gurus around ?

Post by lidgaca »

So I solved this, eventually. Here's my working dhcpd.conf file

Code: Select all

# These mac addresses will be given the bogus router information
class "bogus_router" {
        match if ( substring(hardware, 1, 6) = 00:01:02:03:04:05 );
        log (info, (concat (binary-to-ascii(16,8, ":" ,hardware), " member of bogus_router")));
}

shared-network local {

        subnet 10.100.100.0 netmask 255.255.255.0 {
                authoratative;
                option subnet-mask             255.255.255.0;
                option broadcast-address       10.100.100.255;
                pool {
                        range                              10.100.100.240 10.100.100.254;
                        option routers                     10.100.100.1;
                        allow members of "bogus_router";
                        deny unknown-clients;
                }

                pool {
                        range                              10.100.100.128 10.100.100.239;
                        option routers                     10.100.100.2;
                        deny members of "bogus_router";
                        allow unknown-clients;
                }
        }
}
Notes

The match if statement matches the mac address of my tablet. Using substring() strips off the leading 1: from the hardware address, making the comparison easier to understand. One important point is that the substring reurned is not a string, the compare value must not be quoted ! The log clause is a handy addition so you can see what is happening.

The allow members of / deny members of statements are only valid within pool clauses - at least as far as I could see. I now have one subnet clause containing the pool clauses for the two sets of systems that I want to deal with. One key fact is that it's possible to put option-routers inside a pool clause - I never found an example of this on the net, but stumbled across it by trial and error. Dhcp folks say that using allow and deny together is gernerally problematic, but I think it's ok to use them the way I have.

This is a generically useul technique for a dhcp server, I was surprised it was a) as complicated as this to set up and b) very difficult to locate information about how to do it.


-- Chris
Top
Locked

Return to “Networking”