Proper behavior of dhcp on linux

I have a RedHat 9 box that I have to NICs installed. I only want one of
the NICs to serve up IP addresses dynamically using dhcpd. I read in
the manual page for dhcpd that to accomplish this, just list the
interface on the command line, which I did after editing the appropriate
script.

However, the dhcpd port shows as open (using nmap) on both interfaces
(that is, UDP port scanning both ip addresses of the respective NICs).
Is this the expected behavior?

---------------------------------------------
Andrew R. Falanga (a non-HP employee)
Hewlett-Packard Company
11311 Chinden Blvd.
Boise, Idaho
---------------------------------------------
Please note: The e-mail address is purposely
mangled. I do not wish my account at HP to
become a spam haven.

Andrew Falanga wrote:
> I have a RedHat 9 box that I have to NICs installed. I only want one of
> the NICs to serve up IP addresses dynamically using dhcpd. I read in
> the manual page for dhcpd that to accomplish this, just list the
> interface on the command line, which I did after editing the appropriate
> script.
>
> However, the dhcpd port shows as open (using nmap) on both interfaces
> (that is, UDP port scanning both ip addresses of the respective NICs).
> Is this the expected behavior?

I don't list eth0 on my DHCP server at home and the log does have the
following:
No subnet declaration for eth0 (x.x.x.x).
** Ignoring requests on eth0. If this is not what
you want, please write a subnet declaration
in your dhcpd.conf file for the network segment
to which interface eth0 is attached. **

--
Paul Black mailto(E-Mail Removed)
Oxford Semiconductor Ltd http://www.oxsemi.com
25 Milton Park, Abingdon, Tel: +44 (0) 1235 824 909
Oxfordshire. OX14 4SH Fax: +44 (0) 1235 821 141

Andrew Falanga <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
> I have a RedHat 9 box that I have to NICs installed. I only want one of
> the NICs to serve up IP addresses dynamically using dhcpd. I read in
> the manual page for dhcpd that to accomplish this, just list the
> interface on the command line, which I did after editing the appropriate
> script.

You may be reading into the man page what you want to hear -- I've
done that many times when reading the rather terse entries ;-)
It seems to suggest what you mean, but all it really says is that you
_should_ do this on systems where dhcpd would have trouble discerning
that no broadcasts will arrive on the interface. It doesn't actually
say that dhcpd will not "double check" behind your back, so to speak.

> However, the dhcpd port shows as open (using nmap) on both interfaces
> (that is, UDP port scanning both ip addresses of the respective NICs).
> Is this the expected behavior?
>
> Andrew R. Falanga (a non-HP employee)

Not familiar with the dhcpd code or ever tried to do what I think
you're trying. You expect dhcp client requests to come in from only
one of the two nics -- right?

You don't want to listen on the other nic, as you
a) don't have legit dhcp requests incoming from there anyway and
b) you sure don't want to hand out a lease if a request does manage to
come in from there.

Sure would be nice to be able to tell dhcpd _not_ to listen on that
second nic. Maybe someone familar with using dhcpd in such a scenario
will chime in -- not that up on the docs for the daemon, myself.

Did you try the web site for docs that might help:
http://www.isc.org/

A FW seems heavy handed if one is not already running on the server.
Policy routing could do it, I'm pretty sure, but might be tricky to
set up correctly. Might even require TOS inspection. I'm trying
desparately (and successfully, I hope) to let you know I've not tried
this kind of port/application filtering via the ip tools before -- my
uses have been much more prosaic.

You can always look for ideas in the lartc howto:
http://www.lartc.org/howto/
and maybe
Guide to IP Layer Network Administration with Linux
http://linux-ip.net/
or
http://www.policyrouting.org/PolicyR...NLINE/TOC.html

good luck,
prg
email above disabled

On Fri, 07 May 2004 08:50:06 -0600, Andrew Falanga wrote:
> I have a RedHat 9 box that I have to NICs installed. I only want one of
> the NICs to serve up IP addresses dynamically using dhcpd. I read in
> the manual page for dhcpd that to accomplish this, just list the
> interface on the command line, which I did after editing the appropriate
> script.
>
> However, the dhcpd port shows as open (using nmap) on both interfaces
> (that is, UDP port scanning both ip addresses of the respective NICs).
> Is this the expected behavior?

I get the same result:
#v+
# netstat -punta | grep dhcpd
udp 0 0 0.0.0.0:67 0.0.0.0:* 7736/dhcpd
# ps aux | grep [d]hcpd
root 7736 0.0 0.2 2512 736 ? S Mar30 0:02 dhcpd eth0
#v-

dhcpd started without the "eth0" parameter gives the error about
"ignoring requests on eth1" because I have no subnet declaration for
that interface, but in either case it binds to all interfaces.

I'd say it might be a dhcpd bug. Try the <dhcp-(E-Mail Removed)> mailing
list.
--
/dev/rob0 - preferred_email=i$((28*28+28))@softhome.net
or put "not-spam" or "/dev/rob0" in Subject header to reply