DHCP-Relay gestört: Offers nicht geforwarded /LCOS 7.22

[Rougu]

Hallo,

Unter LCOS 7.22 funktioniert das DHCP-Relaying aus dem WLAN anscheinend nicht mehr korrekt. Die Antworten des DHCP-Servers im LAN werden im Router nicht mehr weitergeleitet an den anfragenden Client im WLAN.

Meine Konfiguration

Router 1811
LAN-1 : INTRANET : BRG-1 : Routing-Tag 1 : RouterIP 10.1.8.1/20 : DHCP-Server 10.1.12.1
WLAN-1-2 : DMZ : BRG-2 : Routing Tag 1 : RouterIP 10.1.254.254/24
DHCP-Konfiguration: DMZ: forwarding an 10.1.12.1

Laut LCOS720-Appendum sind alle Stationen in DMZ für INTRANET sichtbar, also gibt es eine implizite Route dorthin.


1. Station im WLAN schickt DHCP-DISCOVER per Broadcast

DHCP] 2007/09/18 18:21:08,460
DHCP Rx (WLAN-1-2, DMZ):
DHCP Client Message (request) from 0.0.0.0: DHCPDISCOVER
Op = 01 | HType = 01 | HLen = 06 | Hops = 00
XId = B1672FA9 | Secs = 0000 | Flags = 0000
CIAdr = 0.0.0.0 | YIAdr = 0.0.0.0
SIAdr = 0.0.0.0 | GIAdr = 0.0.0.0
CHAdr = 00 0b cd 8d 4d e1 00 00 00 00 00 00 00 00 00 00

=> forwarded to master server 10.1.12.1


2. DHCP-Server schickt ein DHCP-OFFER

Sep 18 19:05:51 server dhcpd: DHCPDISCOVER from 00:0b8d:4d:e1 (mypc) via 10.1.254.254
Sep 18 19:05:52 server dhcpd: DHCPOFFER on 10.1.254.66 to 00:0b8d:4d:e1 (mypc) via 10.1.254.254


3. Router behandelt die DHCPOFFER nicht, keine Spur mit "trace + ip-r dhcp", Sniffern im WLAN ebenfalls negativ. Nach etlichen Versuche schlägt ein "ipconfig /renew" schließlich fehl.


Dieses Setup hat bis LCOS 6.32 funktioniert. Jetzt nicht mehr (übrigens auch nicht mit Routingtag "0" auf allen Netzen). Wenn das WLAN in das INTRANET mit BRG-1 umgehängt wird, funktioniert DHCP natürlich sofort, nämlich ohne Relaying!

Nach langem Debugging und Sniffering wage ich diesen Thread. Kennt jemand Rat?

Gruß,
Rougu

[backslash]

Hi Rougu

weiß der DHCP-Server auch, daß die 10.1.8.1 das Gateway zum Netz 10.1.254.0 ist?

Was sagt ein Ethereal-/Wireshark Sniff (auf den LAN) dazu?

Was sagt ein Firewall-Trace?


Gruß
Backslash

[Rougu]

Hi Backslash,

(Kleine Netzänderung im Setup: WLAN : Router-IP 10.1.254.65/28)

Ja, der DHCP-Server kennt den Weg (via def rt):

dhcp-server # ping 10.1.254.65
PING 10.1.254.65 (10.1.254.65) 56(84) bytes of data.
64 bytes from 10.1.254.65: icmp_seq=1 ttl=60 time=0.725 ms
64 bytes from 10.1.254.65: icmp_seq=2 ttl=60 time=0.726 ms


Snifferdetails siehe unten: Zusammenfassung:

LAN:
DHCP-DISCOVER -> DHCP-OFFER (für 10.1.254.66) -> usw.

WLAN:
DHCP-DISCOVER -> ARP-REQ für vergebene DHCP-IP !!! Aha, das Relay lebt!
Aber kein DHCP-OFFER, sondern wieder DHCP-DISCOVER vom Client

Router:
DHCP-DISCOVER relayed
ICMP-EchoReq von DHCP-Server an prospektierte IP relayed
DHCP-OFFER not relayed.


Muss vielleicht noch eine Firewallregel her, um DHCP-Offers zu erlauben?
???

Was nun?

Gruß,
Rougu






WireShark im LAN (filter: 67/udp)


No. Time Source Destination Protocol Info
1 0.000000 10.1.254.65 10.1.12.1 DHCP DHCP Discover - Transaction ID 0x650f35db

Frame 1 (342 bytes on wire, 342 bytes captured)
Ethernet II, Src: Lancom_0f:b5:a4 (00:a0:57:0f:b5:a4), Dst: AsustekC_b1:5d:73 (00:0e:a6:b1:5d:73)
Internet Protocol, Src: 10.1.254.65 (10.1.254.65), Dst: 10.1.12.1 (10.1.12.1)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootps (67)
Bootstrap Protocol
Message type: Boot Request (1)
Hardware type: Ethernet
Hardware address length: 6
Hops: 1
Transaction ID: 0x650f35db
Seconds elapsed: 3072
Bootp flags: 0x8000 (Broadcast)
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 10.1.254.65 (10.1.254.65)
Client MAC address: CompaqHp_8d:4d:e1 (00:0b8d:4d:e1)
Server host name not given
Boot file name not given
Magic cookie: (OK)
Option: (t=53,l=1) DHCP Message Type = DHCP Discover
Option: (t=251,l=1) Private
Option: (t=61,l=7) Client identifier
Option: (t=50,l=4) Requested IP Address = 10.1.254.66
Option: (t=12,l=8) Host Name = "as00w002"
Option: (t=60,l=8) Vendor class identifier = "MSFT 5.0"
Option: (t=55,l=10) Parameter Request List
End Option
Padding

No. Time Source Destination Protocol Info
2 0.000280 10.1.12.1 10.1.254.65 DHCP DHCP Offer - Transaction ID 0x650f35db

Frame 2 (364 bytes on wire, 364 bytes captured)
Ethernet II, Src: AsustekC_b1:5d:73 (00:0e:a6:b1:5d:73), Dst: Lancom_0f:b5:a4 (00:a0:57:0f:b5:a4)
Internet Protocol, Src: 10.1.12.1 (10.1.12.1), Dst: 10.1.254.65 (10.1.254.65)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootps (67)
Bootstrap Protocol
Message type: Boot Reply (2)
Hardware type: Ethernet
Hardware address length: 6
Hops: 1
Transaction ID: 0x650f35db
Seconds elapsed: 3072
Bootp flags: 0x8000 (Broadcast)
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 10.1.254.66 (10.1.254.66)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 10.1.254.65 (10.1.254.65)
Client MAC address: CompaqHp_8d:4d:e1 (00:0b8d:4d:e1)
Server host name: honeypot WLAN DHCP Server (MSFT)
Boot file name not given
Magic cookie: (OK)
Option: (t=53,l=1) DHCP Message Type = DHCP Offer
Option: (t=54,l=4) Server Identifier = 10.1.12.1
Option: (t=51,l=4) IP Address Lease Time = 30 minutes
Option: (t=81,l=3) Client Fully Qualified Domain Name
Option: (t=1,l=4) Subnet Mask = 255.255.255.240
Option: (t=15,l=15) Domain Name = "en.i-asystec.de"
Option: (t=3,l=4) Router = 10.1.254.65
Option: (t=6,l=4) Domain Name Server = 10.1.12.1
Option: (t=44,l=4) NetBIOS over TCP/IP Name Server = 10.1.12.1
Option: (t=46,l=1) NetBIOS over TCP/IP Node Type = P-node
Option: (t=31,l=1) Perform Router Discover = Disabled
Option: (t=43,l=9) Vendor-Specific Information
Option: (t=116,l=1) DHCP Auto-Configuration
End Option

(und Wiederholungen)



Wireshark im WLAN

No. Time Source Destination Protocol Info
9 371.336677 0.0.0.0 255.255.255.255 DHCP DHCP Discover - Transaction ID 0x650f35db

Frame 9 (342 bytes on wire, 342 bytes captured)
Ethernet II, Src: CompaqHp_8d:4d:e1 (00:0b8d:4d:e1), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol, Src: 0.0.0.0 (0.0.0.0), Dst: 255.255.255.255 (255.255.255.255)
User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)
Bootstrap Protocol
Message type: Boot Request (1)
Hardware type: Ethernet
Hardware address length: 6
Hops: 0
Transaction ID: 0x650f35db
Seconds elapsed: 0
Bootp flags: 0x8000 (Broadcast)
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 0.0.0.0 (0.0.0.0)
Client MAC address: CompaqHp_8d:4d:e1 (00:0b8d:4d:e1)
Server host name not given
Boot file name not given
Magic cookie: (OK)
Option: (t=53,l=1) DHCP Message Type = DHCP Discover
Option: (t=251,l=1) Private
Option: (t=61,l=7) Client identifier
Option: (t=50,l=4) Requested IP Address = 169.254.161.44
Option: (t=12,l=8) Host Name = "as00w002"
Option: (t=60,l=8) Vendor class identifier = "MSFT 5.0"
Option: (t=55,l=10) Parameter Request List
End Option
Padding

No. Time Source Destination Protocol Info
10 371.667383 MS-NLB-PhysServer-11_6b:30:73:e5 Broadcast ARP Who has 10.1.254.66? Tell 10.1.254.65

Frame 10 (42 bytes on wire, 42 bytes captured)
Ethernet II, Src: MS-NLB-PhysServer-11_6b:30:73:e5 (02:0b:6b:30:73:e5), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request)
Hardware type: Ethernet (0x0001)
Protocol type: IP (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: request (0x0001)
Sender MAC address: MS-NLB-PhysServer-11_6b:30:73:e5 (02:0b:6b:30:73:e5)
Sender IP address: 10.1.254.65 (10.1.254.65)
Target MAC address: Broadcast (ff:ff:ff:ff:ff:ff)
Target IP address: 10.1.254.66 (10.1.254.66)

No. Time Source Destination Protocol Info
11 376.324889 0.0.0.0 255.255.255.255 DHCP DHCP Discover - Transaction ID 0x650f35db

Frame 11 (342 bytes on wire, 342 bytes captured)
Ethernet II, Src: CompaqHp_8d:4d:e1 (00:0b8d:4d:e1), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol, Src: 0.0.0.0 (0.0.0.0), Dst: 255.255.255.255 (255.255.255.255)
User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)
Bootstrap Protocol
Message type: Boot Request (1)
Hardware type: Ethernet
Hardware address length: 6
Hops: 0
Transaction ID: 0x650f35db
Seconds elapsed: 1280
Bootp flags: 0x8000 (Broadcast)
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 0.0.0.0 (0.0.0.0)
Client MAC address: CompaqHp_8d:4d:e1 (00:0b8d:4d:e1)
Server host name not given
Boot file name not given
Magic cookie: (OK)
Option: (t=53,l=1) DHCP Message Type = DHCP Discover
Option: (t=251,l=1) Private
Option: (t=61,l=7) Client identifier
Option: (t=50,l=4) Requested IP Address = 169.254.161.44
Option: (t=12,l=8) Host Name = "as00w002"
Option: (t=60,l=8) Vendor class identifier = "MSFT 5.0"
Option: (t=55,l=10) Parameter Request List
End Option
Padding

No. Time Source Destination Protocol Info
12 379.990471 MS-NLB-PhysServer-11_6b:30:73:e5 CompaqHp_8d:4d:e1 LLC U, func=UI; DSAP NULL LSAP Individual, SSAP NULL LSAP Command

Frame 12 (36 bytes on wire, 36 bytes captured)
IEEE 802.3 Ethernet
Logical-Link Control
Data (19 bytes)

0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0010 00 00 00 ...

No. Time Source Destination Protocol Info
13 383.327190 0.0.0.0 255.255.255.255 DHCP DHCP Discover - Transaction ID 0x650f35db

Frame 13 (342 bytes on wire, 342 bytes captured)
Ethernet II, Src: CompaqHp_8d:4d:e1 (00:0b8d:4d:e1), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol, Src: 0.0.0.0 (0.0.0.0), Dst: 255.255.255.255 (255.255.255.255)
User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)
Bootstrap Protocol
Message type: Boot Request (1)
Hardware type: Ethernet
Hardware address length: 6
Hops: 0
Transaction ID: 0x650f35db
Seconds elapsed: 3072
Bootp flags: 0x8000 (Broadcast)
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 0.0.0.0 (0.0.0.0)
Client MAC address: CompaqHp_8d:4d:e1 (00:0b8d:4d:e1)
Server host name not given
Boot file name not given
Magic cookie: (OK)
Option: (t=53,l=1) DHCP Message Type = DHCP Discover
Option: (t=251,l=1) Private
Option: (t=61,l=7) Client identifier
Option: (t=50,l=4) Requested IP Address = 169.254.161.44
Option: (t=12,l=8) Host Name = "as00w002"
Option: (t=60,l=8) Vendor class identifier = "MSFT 5.0"
Option: (t=55,l=10) Parameter Request List
End Option
Padding

No. Time Source Destination Protocol Info
14 389.989781 MS-NLB-PhysServer-11_6b:30:73:e5 CompaqHp_8d:4d:e1 LLC U, func=UI; DSAP NULL LSAP Individual, SSAP NULL LSAP Command

Frame 14 (36 bytes on wire, 36 bytes captured)
IEEE 802.3 Ethernet
Logical-Link Control
Data (19 bytes)

0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0010 00 00 00 ...



> trace + ip-r fire dhcp
IP-Router ON
Firewall ON
DHCP ON

root@as00r001:/
>
[DHCP] 2007/09/19 13:24:20,480
DHCP Rx (WLAN-1-2, OWLAN):
DHCP Client Message (request) from 0.0.0.0: DHCPDISCOVER
Op = 01 | HType = 01 | HLen = 06 | Hops = 00
XId = 7DAC9F70 | Secs = 0000 | Flags = 8000
CIAdr = 0.0.0.0 | YIAdr = 0.0.0.0
SIAdr = 0.0.0.0 | GIAdr = 0.0.0.0
CHAdr = 00 0b cd 8d 4d e1 00 00 00 00 00 00 00 00 00 00

=> forwarded to master server 10.1.12.1

[IP-Router] 2007/09/19 13:24:20,480 : IP-Router Rx (intern, RtgTag: 2):
DstIP: 10.1.12.1, SrcIP: 10.1.254.65, Len: 328, DSCP: CS0/BE (0), ECT: 0, CE: 0
Prot.: UDP (17), DstPort: 67, SrcPort: 67
Route: BRG-1 Tx (INTRANET):

[IP-Router] 2007/09/19 13:24:20,480
IP-Router Rx (LAN-1, INTRANET, RtgTag: 1):
DstIP: 10.1.254.66, SrcIP: 10.1.12.1, Len: 48, DSCP: AF21 (18), ECT: 0, CE: 0
Prot.: ICMP (1), echo request, id: 0xe069, seq: 0x0000
Route: BRG-2 Tx (OWLAN):

[DHCP] 2007/09/19 13:24:24,480
DHCP Rx (WLAN-1-2, OWLAN):
DHCP Client Message (request) from 0.0.0.0: DHCPDISCOVER
Op = 01 | HType = 01 | HLen = 06 | Hops = 00
XId = 7DAC9F70 | Secs = 0400 | Flags = 8000
CIAdr = 0.0.0.0 | YIAdr = 0.0.0.0
SIAdr = 0.0.0.0 | GIAdr = 0.0.0.0
CHAdr = 00 0b cd 8d 4d e1 00 00 00 00 00 00 00 00 00 00

=> forwarded to master server 10.1.12.1

[IP-Router] 2007/09/19 13:24:24,480
IP-Router Rx (intern, RtgTag: 2):
DstIP: 10.1.12.1, SrcIP: 10.1.254.65, Len: 328, DSCP: CS0/BE (0), ECT: 0, CE: 0
Prot.: UDP (17), DstPort: 67, SrcPort: 67
Route: BRG-1 Tx (INTRANET):