Hi Marcus,
Thank you a lot for responding.
Aha so dhcpd(8) will only listen to the interfaces that correspond to
the subnets specified in dhcpd.conf(8), thank you for clarifying.
What you say is, that dhcpd will make touch the interfaces that
equivalence-match with subnets listed in dhcpd.conf, only -
E.g., if dhcpd.conf is specified to serve the 1.2.whatever.whatever/16
subnet (e.g. "subnet 1.2.123.234 netmask 255.255.0.0 { .. }"), then
from among the interfaces (per config of IP/subnet) 1.2.3.4/8,
1.2.3.5/16, and 1.2.3.6/24, only the middle one will be touched.
Correct?
For completeness, two questions:
1)
I was trying to read this answer out of dhcpd(8)'s and dhcpd.conf(8)'s
man pages.
Also right now searching through these documents for the word "subnet"
and otherwise skimming them through, I do not see what you clarified
now stated clearly there.
dhcpd(8)'s man page says this though, which in absence of other
clarifications would have a contrary meaning:
"If no interface names are specified on the command line, and the -u
option is not given, dhcpd will identify all network interfaces which
are up, eliminating non-broadcast interfaces if possible, and listen
for DHCP broadcasts on each interface."
Can you please clarify how I mis-read the manual, or, is there an
understanding that for some reason is implied and not needs to be
written up here (..that of the interfaces that make up the "all network
interfaces which are up [..] and listen for DHCP broadcasts on each
interface" set, only those addressed by subnet definitions in the
config file will be touched)?
Where I'm coming from is I want DHPCD to touch the particular intended
LAN interface and no WAN or other interface as that would sound like a
screwup - maybe a malevolent actor could try to steal all the LAN IP:s
if he could access my DHPCD from another interface - so it's nice to
know exactly how DHCP's interface selection works.
2)
For final clarity can you please walk me through how to get the subnet
selection to hit right - say I have these interfaces:
em0: IP 187.76.85.45, netmask /24, and the system's default route is
187.76.85.252
em1: IP 192.168.100.195, netmask /31
em2: IP 192.168.100.2, netmask /24
em3: IP 192.168.100.1, netmask /16
and this /etc/dhcpd.conf:
subnet 192.168.100.0 netmask 255.255.255.0 {
range 192.168.100.3 192.168.100.254;
option routers 192.168.100.2;
}
I'll now run dhcpd and instead of specifying the argument "em2" as I
always did before to ensure that only em2 is touched, I won't specify
anything.
Will dhcpd pick em2 on the basis of the 192.168.100.XXX/24 subnet of
dhcpd.conf being equivalent to em2 only and none other?
(So for instance, em1 is a subnet of em2's subnet but the matching is
by equivalence only and hence em1 will not be selected - and not
considering the netmask, em3 overlaps with em1's subnet, but since it's
subnet + IP that are equivalence-checked then that one is not taken
also.)
If you can please explain how/why this works out would be great, maybe
with doc/code ref.
Thanks,
Tinker
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On February 27, 2018 3:41 PM, Marcus MERIGHI <mcmer-open...@tor.at> wrote:
> t1...@protonmail.ch (Tinker), 2018.02.27 (Tue) 07:12 (CET):
>
> > Just so I not missed anything in reading the man pages \[1\]:
> >
> > If you have a machine with an external and an internal NIC e.g. em0 and
> >
> > em1 , and you want to serve DHCP only on em1 , then the only way to do
> >
> > that is as a dhcpd argument, e.g. add a line 'dhcpd="em1"' to
> >
> > /etc/rc.conf.local or alternatively add a line "dhcpd em1" to
> >
> > /etc/rc.local - there is no way to specify in /etc/dhcpd.conf which
> >
> > network interfaces dhcpd will bind/serve on, right?
> >
> > Has this been for a particular reason (i.e. it's a feature) or just
> >
> > noone bothered?
> >
> > The usecase I describe above should be typical.
>
> dhcpd(8) reads the subnet declarations from dhcpd.conf(5) and get's to
>
> the interface from there. It does not listen like other network daemons
>
> but uses bpf(4). Try to block it with pf(4)... ;-)
>
> Marcus
