Chris Knipe wrote:
>
> > > In some revere cases, this may cause some confusion with some
> > > applications and routing from a client side. I am not to sure however.
> >
> > Hmm, lack of insight prevents me from seeing a problem here.
> > Are you thinking of apps, that should not be able to 'see' across
> > different segments, courtesy of firewallrules, but may be able to do so
> > due to the broadcasts allowed by dhcrelay?
> > The latter should AFAIK broadcast only dhcp-stuff.
>
> Like I pointed out, I am talking under correction. But I believe that
> (especially NT servers), relies on broadcasts for the ability to change /
> update / figure out routes. The bottom of the line is just that arp
> cache may become messy if and when a server / client on one segment ads a
> machine to asp while the machine is on another segment. In this case,
> the client will not send data to its default gateway, and thus the route
> will be seen as a local one, which in fact it is not. Bottom of the
> line, the client will not route.
>
> There is however options you can specify in your DHCP scope to 1) force
> all clients to ALWAYS use the default gateway for routing, and 2) you can
> force a broadcast address to be used, which means that you will be able
> to perhaps minimise the mess of broadcasts :)
Could well be you can skib this 'talking under correction' :o:
I got some nic problems sorted out today, so I can have the five
interfaces I need. DHCP works fine over the three segments needing DHCP.
However, it's a bit worse when it comes to normal traffic.
Sometimes I can get a connection from a client through the
firewall/router, especially immidiately after rebooting the firewall.
Shortly after, I get no replies, or it takes an immensely long time.
I can ping any interface, but not all traceroute's goes through.
Unfortunately, my customer closes early, so I didn't have time to script
tcpdumps, but from what I remember, I saw some 10.12.255.255 broadcasts
on a 10.12.0.0 segment.
Now I have the feeling that those 255.255.255.255 routes nessesary for
dhcp and dhcrelay to work, are mixing up normal broadcasts; not an
expert on the subject, though.
As you said, I can force specific broadcasts; true, but this will only
work _after_ the client gets its config, right? M$ clients still need
that 4x255 route to locate the dhcp-server. Didn't have time to test
this either.
I do specify a router on each segment, i.e. 10.13.0.1 for a 10.13.0.0
net:
subnet 10.13.0.0 netmask 255.255.0.0 {
default-lease-time 86400; # One day
max-lease-time 604800; # seven days
option subnet-mask 255.255.0.0;
option routers 10.13.0.1;
range 10.13.0.10 10.13.0.250;
}
--
Regards,
Mogens Valentin
Networking - Security - Programming
Linux configuration and troubleshooting
http://www.danbbs.dk/~monz - monz@danbbs.dk
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
