ONde estou errando no meu dhcpd.conf???
Ola!!!
Estou configurando o DHCPd mas não estou tendo exito. Aqui esta o dhcpd.conf do meu Slackware 10.2:
ddns-update-style ad-hoc;
default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.0.0;
option broadcast-address 10.254.255.255;
option routers 10.254.0.2;
option domain-name-servers 200.253.8.2;
option domain-name "ondarapida.com.br";
subnet 10.254.0.0 netmask 255.255.0.0 {
range 10.254.1.2 10.254.255.2;
}
host admin {
hardware ethernet 00:30:4F:2E:6E:F4;
fixed-address 10.254.2.2;
}
E estsa é a menssagem qeu dá quando executo o dhcpd:
root@PANORAMA:/etc# dhcpd wlan0
Internet Systems Consortium DHCP Server V3.0.3
Copyright 2004-2005 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/
Wrote 0 deleted host decls to leases file.
Wrote 0 new dynamic host decls to leases file.
Wrote 0 leases to leases file.
Listening on Socket/wlan0/10.254/16
Sending on Socket/wlan0/10.254/16
root@PANORAMA:/etc# There's already a DHCP server running.
If you did not get this software from ftp.isc.org, please
get the latest from ftp.isc.org and install that before
requesting help.
If you did get this software from ftp.isc.org and have not
yet read the README, please read it before requesting help.
If you intend to request help from the [email protected]
mailing list, please read the section on the README about
submitting bug reports and requests for help.
Please do not under any circumstances send requests for
help directly to the authors of this software - please
send them to the appropriate mailing list as described in
the README file.
exiting.
root@PANORAMA:/etc#
Por favor me ajudem a solucionar este erro!!!!
Obrigado a todos!!!!
Re: ONde estou errando no meu dhcpd.conf???
Eu errei o servidor dhcpd estava roando quando postei aquela msg acima
agora sim, olhem:
root@PANORAMA:/etc# dhcpd wlan0
Internet Systems Consortium DHCP Server V3.0.3
Copyright 2004-2005 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/
Wrote 0 deleted host decls to leases file.
Wrote 0 new dynamic host decls to leases file.
Wrote 0 leases to leases file.
Listening on Socket/wlan0/10.254/16
Sending on Socket/wlan0/10.254/16
root@PANORAMA:/etc#
Mas na minha maquina ruindows não consigo pegar um ip automaticamente!!!!
Por favor me ajudem!!!
Re: ONde estou errando no meu dhcpd.conf???
Cara, a saída não acusa nenhum erro, então tente o seguinte:
execute um sniffer no servidro (tcpdump ou iptraf <-- recomendo o último) e verifique se existe tráfego nas portas 68 e 69 em broadcast, caso não exista force a máquina que roda windows a atulaizar as configurações de rede. Caso não funcione, coloque um live-cd na máquina cliente e verifique se esta consegue adquirir um endereço IP. Verifique saída do /var/log/messages por algo errado, as renovações de ip do dhcp ficam lá tb
Re: ONde estou errando no meu dhcpd.conf???
kara eu rodei o iptraf aki no meu servidor e eu vejo que ele recebe solicitações do ip 0.0.0.0:68 para 255.255.255.255:67. Ele faz algumas tentativas e libera para minha maquina cliente o ip 169.254.105.213.
Tenho um firewall rodando na minha maquina vou postar meu rc.firewall aki:
#>>>>>>>>>> Variáveis Gerais
IPT="/usr/sbin/iptables"
SCRIPT="/etc/rc.d/./rc.firewall"
NET="eth0"
LAN="wlan0"
MACLIST="/etc/maclist"
#>>>>>>>>>> Ativando os módulos
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
#>>>>>>>>>> Inicio Script Firewall
case $1 in
start)
echo "Iniciando o Firewall"
#>>>>> Comandos Basicos para o Firewall
$IPT -F
$IPT -t nat -F
$IPT -P FORWARD DROP
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#>>>>> Segurança local
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
$IPT -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
$IPT -A FORWARD -p tcp -m limit --limit 1/s -j ACCEPT
$IPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
$IPT -A FORWARD -p tcp --tcp-flags ALL SYN,ACK -j DROP
$IPT -A FORWARD -m unclean -j DROP
#>>>>> Bloqueio de trafego entre clientes
$IPT -A FORWARD -p all -i $LAN -o $LAN -j DROP
#>>>>> Bloqueio de acesso ao servidor
$IPT -A INPUT -i $LAN -s 0/0 -d 10.254.0.2 -p tcp --dport 10000 -j DROP
$IPT -A INPUT -i $NET -s 0/0 -d 200.xxx.xxx.xxx -p tcp --dport 3128 -j DROP
$IPT -A INPUT -i $NET -s 0/0 -d 200.xxx.xxx.xxx -p icmp -j DROP
$IPT -A INPUT -i $NET -s 0/0 -d 200.xxx.xxx.xxx -p udp --dport 33435:33535 -j DROP
#>>>>> Bloqueio de portas de netbios vindos da internet
$IPT -A FORWARD -i $NET -o $LAN -d 0/0 -p tcp -m multiport --dport 135,137,138,139,445 -j DROP
$IPT -A FORWARD -i $LAN -o $NET -d 0/0 -p tcp -m multiport --dport 135,137,138,139,445 -j DROP
$IPT -A FORWARD -i $NET -o $LAN -d 0/0 -p udp -m multiport --dport 135,137,138,139,445 -j DROP
$IPT -A FORWARD -i $LAN -o $NET -d 0/0 -p udp -m multiport --dport 135,137,138,139,445 -j DROP
#>>>>> Liberação dos MAC's dos servidores
$IPT -A FORWARD -i $NET -m mac --mac-source 00:50:73:6B:85:57 -j ACCEPT # Roteador CISCO 2500
$IPT -A FORWARD -i $NET -m mac --mac-source 00:E0:7D:C3:FF:05 -j ACCEPT # Servidor Medical
$IPT -A INPUT -i $NET -m mac --mac-source 00:E0:7D:C3:FF:05 -j ACCEPT # Servidor Medical
$IPT -A INPUT -i $LAN -m mac --mac-source 00:02:6F:32:89:94 -j ACCEPT # Servidor Panorama
#>>>>>>>>>> MACLIST <<<<<<<<<<#
for i in `cat $MACLIST`; do
STATUS=`echo $i | cut -d ';' -f1`
MACSOURCE=`echo $i | cut -d ';' -f2`
IPSOURCE=`echo $i | cut -d ';' -f3`
#>>> Se STATUS = a, então libera
if [ $STATUS = "a" ];then
$IPT -A INPUT -i $LAN -s $IPSOURCE -m mac --mac-source $MACSOURCE -j ACCEPT
$IPT -A FORWARD -i $LAN -s $IPSOURCE -m mac --mac-source $MACSOURCE -j ACCEPT
$IPT -A FORWARD -d $IPSOURCE -s 0/0 -j ACCEPT
$IPT -t nat -A POSTROUTING -s $IPSOURCE/32 -o $NET -j MASQUERADE
#>>> SE STATUS = b, entao bloqueia
else
$IPT -A FORWARD -m mac --mac-source $MACSOURCE -j DROP
$IPT -A INPUT -m mac --mac-source $MACSOURCE -j DROP
fi
done
#>>>>>>>>>> PROXY TRANSPARENTE <<<<<<<<<<#
$IPT -t nat -A POSTROUTING -o $NET -j MASQUERADE
$IPT -t nat -A PREROUTING -i $LAN -p tcp --dport 80 -j REDIRECT --to-port 3128
#>>>>>>>>>> DIVERSOS <<<<<<<<<<#
$IPT -A INPUT -i $NET -s 0/0 -d 200.253.8.5 -p tcp --dport 10000 -j ACCEPT
$IPT -A INPUT -i $NET -s 0/0 -d 200.253.8.5 -p tcp --dport 80 -j ACCEPT
$IPT -A FORWARD -i $LAN -m mac --mac-source FF:FF:FF:FF:FF:FF -j DROP
$IPT -A FORWARD -i $LAN -m mac --mac-source 00:00:00:00:00:00 -j DROP
$IPT -A FORWARD -i $LAN -m mac --mac-source ! FF:FF:FF:FF:FF:FF -j DROP
$IPT -A FORWARD -i $LAN -m mac --mac-source ! 00:00:00:00:00:00 -j DROP
$IPT -A INPUT -i $LAN -m mac --mac-source FF:FF:FF:FF:FF:FF -j DROP
$IPT -A INPUT -i $LAN -m mac --mac-source 00:00:00:00:00:00 -j DROP
$IPT -A INPUT -i $LAN -m mac --mac-source ! FF:FF:FF:FF:FF:FF -j DROP
$IPT -A INPUT -i $LAN -m mac --mac-source ! 00:00:00:00:00:00 -j DROP
$IPT -A FORWARD -i $NET -m mac --mac-source FF:FF:FF:FF:FF:FF -j DROP
$IPT -A FORWARD -i $NET -m mac --mac-source 00:00:00:00:00:00 -j DROP
$IPT -A FORWARD -i $NET -m mac --mac-source ! FF:FF:FF:FF:FF:FF -j DROP
$IPT -A FORWARD -i $NET -m mac --mac-source ! 00:00:00:00:00:00 -j DROP
$IPT -A INPUT -i $NET -m mac --mac-source FF:FF:FF:FF:FF:FF -j DROP
$IPT -A INPUT -i $NET -m mac --mac-source 00:00:00:00:00:00 -j DROP
echo "Firewall Pronto"
;;
stop)
echo "Parando o Firewall"
$IPT -F
$IPT -P INPUT DROP
$IPT -t nat -F
;;
restart)
echo "Reiniciando o Firewall"
$SCRIPT stop
sleep 1
$SCRIPT start
echo "Firewall Reiniciado"
;;
*)
echo "Use $0 start|stop|restart"
;;
esac
Por favor vejam se tem algo errado no meu firewall que impeça o DHCPd funcionar!!!
Grato!!!!
Re: ONde estou errando no meu dhcpd.conf???
essas são as ultimas linha do meu /var/log/messages:
Jun 8 17:44:01 PANORAMA dhcpd: Internet Systems Consortium DHCP Server V3.0.3
Jun 8 17:44:01 PANORAMA dhcpd: Copyright 2004-2005 Internet Systems Consortium.
Jun 8 17:44:01 PANORAMA dhcpd: All rights reserved.
Jun 8 17:44:01 PANORAMA dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
Jun 8 17:44:02 PANORAMA dhcpd: Wrote 0 deleted host decls to leases file.
Jun 8 17:44:02 PANORAMA dhcpd: Wrote 0 new dynamic host decls to leases file.
Jun 8 17:44:02 PANORAMA dhcpd: Wrote 0 leases to leases file.
Jun 8 17:44:02 PANORAMA dhcpd: Listening on Socket/wlan0/10.254/16
Jun 8 17:44:02 PANORAMA dhcpd: Sending on Socket/wlan0/10.254/16
Obrigado!!!
Re: ONde estou errando no meu dhcpd.conf???
Rode o tcpdump da seguinte forma:
#tcpdump -i wlan -n port 68
Poste por favor a qui o resultado depois de algum trafego capturado. Depois faça o mesmo na porta 69.
Tenho certeza que o trafego capturado vai mostrar o que estã acontecendo!!!
Lembrabdo que as portas acima devem ser liberadas no protocolo UDP.
mtec
Re: ONde estou errando no meu dhcpd.conf???
Quando ele associa à interface o endereço 169.x.x.x, é porque ele não conseguiu pegar o IP no servidor DHCP.
Tente dar um flush nesse firewall seu pra saber se tá bloqueando lá.
Re: ONde estou errando no meu dhcpd.conf???
Pessoal, se vc verem no meu firewaal a minha chain FORWARD esta DROP, isso atrapalha alguma coisa?
Re: ONde estou errando no meu dhcpd.conf???
aki esta a resposta do tcpdump -i wlan0 -n port 68:
15:42:40.653523 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:30:4f:2e:6e:f4, length: 300
15:42:40.657236 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:30:4f:2e:6e:f4, length: 300
15:42:47.653725 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:30:4f:2e:6e:f4, length: 300
15:42:47.657308 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:30:4f:2e:6e:f4, length: 300
15:43:04.653800 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:30:4f:2e:6e:f4, length: 300
15:43:04.657573 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:30:4f:2e:6e:f4, length: 300
15:43:40.156806 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:30:4f:2e:6e:f4, length: 300
15:43:40.160560 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:30:4f:2e:6e:f4, length: 300
15:43:44.154854 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:30:4f:2e:6e:f4, length: 300
15:43:44.158488 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:30:4f:2e:6e:f4, length: 300
15:43:53.157874 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:30:4f:2e:6e:f4, length: 300
15:43:53.161668 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:30:4f:2e:6e:f4, length: 300
15:44:08.154821 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:30:4f:2e:6e:f4, length: 300
15:44:08.158554 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:30:4f:2e:6e:f4, length: 300
Obrigado!!!
Re: ONde estou errando no meu dhcpd.conf???
O erro estava no meu firewall!!! Ele estava bloqueando as solicitações de todas as portas por mac, ai eu liberei os mac's das placas e ficou tido ok!!! Obrigado a todos!!!1
