On Tue, 2012-10-23 at 13:05 +0200, Christoph Pleger wrote: > Hello, Hello, > I am running a DHCP-Server that serves multiple subnets. The server has > an IP address in all of these subnets, and its primary IP address in a > subnet that is not served by DHCP. Every IP address has its own VLAN > Ethernet interface, eth0.102, eth0.104, etc. In this setup, the DHCP > server often does not send its unicast replies on the interface where it > received the corresponding request, but on the interface of its primary > IP address, and with that IP. My first thought how to change this was by > setting routes depending on destination addresses, but this would cause > big problems with other services running on the same machine, so I tried > to combine iproute2 and iptables, like this: Unless you implicitly defined an interface to bind on, your DHCP server should be listening on all broadcast interfaces. Alternatively, you can force your DHCP server to bind on the interfaces you want. If everything is OK on this point, some DHCP requests might come from the "primary IP" address making the server to respond on that interface. > iptables -t mangle -A OUTPUT -p udp --source-port bootps \ > -d xxx.xxx.22.0/24 -j MARK --set-mark 122 > > ip route add to xxx.xxx.22.0/24 dev eth0.122 table 122 > > ip rule add fwmark 122 table 122 > > Though I can see in my logs that iptables really sets that mark, routing > does not work as expected and the server still uses its primary IP address > for sending unicast DHCP replies. > > What am I doing wrong and what must be done to achieve the desired > behaviour? In OUTPUT chain, the outbound interface is already defined. You should be marking in PREROUTING. But check your network configuration first as the problem might come from there. Jimmy -- To unsubscribe from this list: send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
