Re: dhcprelay troubleshooting, where next?

From: prg (rdgentry1_at_cablelynx.com)
Date: 05/26/05 

Date: 26 May 2005 13:37:44 -0700

Andy Richardson wrote:
> Hi again,
> well, I've whittled the network down to 3 boxes with crossover cables
> between them (made 'em myself, but they work nevertheless). So no
> route/modem/external firewalls to worry about.
>
> It would seem that your initial hunch that "etc.s may be useful" could
> be borne out here.
>
> 1. Jack issues a DHCP_DISCOVER (then times out a minute later)

Means jack never receives a DHCP_OFFER :(

> 2. in the meantime, Mrsdoyle says she'll forward this bootp request to
> 192.168.2.102(ted)

OK, she's doing this initial part :)

> 3. Then there is a who-has on both mrsdoyle's NICS(eth0:192.168.2.254
> and eth1:192.168.1.254) asking about 192.168.2.102(ted)

She's looking for ted's MAC -- just basic arp stuff.

> 4. On ted's side(eth0) the arp-reply is-at appears
>
> 5. Then I see
>
> 192.168.2.254.1036 > 192.168.2.102.domain 16566+ PTR?
> 102.2.168.192.in-addr.arpa. (44) (DF)
>
> 192.168.2.102 > 192.168.2.254: icmp: 192.168.2.102 udp port domain
> unreachable [tos 0xc0]

Knowing where these are appearing would be nice ;) mrsdoyle, I
presume.

Not sure if this is enough to make mrsdoyle "quit" in midstream or not.
 No time to look up anything :(

> and so on with the 1036 port incrementing by one each time. (I remember
> a few days back I saw 'blackjack' which according to /etc/services is
> port 1025.)
>
> 1025 is the lowest port I have seen in this position.
>
> Still on gateway/mrsdoyle:
> netstat -l --numeric-ports show that port 67 is active

Which will carry just the DHCP packets, nothing else (hopefully).

> iptables -vL shows that the policy is ACCEPT on all three chains, though
> I do notice that the FORWARD chain appears not to have dealt with any
> packets.

When dealing with network troubles, it is best if at _all_ possible, to
shut off firewalls completely just to be sure they aren't interferring.
 Also double check for _any_ kind of firewall (host or router) along
the path.

> One last question.
> Should I worry if tcpdump says "promiscuous mode not supported on the
> any device" ? - Does this mean that I'm only capturing packet involving
> that particular NIC?

Nothing you can do about it probably. It's usually a driver or chipset
limitation. Means you only see traffic directed to that nic, not any
of the other traffic passing by.

Tauno gave a heads up about DNS and there may be other things being
requested by jack that ted can't/won't provide.

It's been several years since I've set up a dhcrelay, so I'm pretty
useless (don't remember) any routine gotchas. Worse(?) I'm leaving
behind the computer for some time starting this evening and don't know
when I'll get back to one.

Maybe Tauno or one of the other regulars can help you out. Without
knowing the particulars of your network setup and not being on the
scene can make spotting the break difficult. It can be good(?)
incentive for learning how to track down a network problem -- ie.,
sniffing the wire and carefully watching the sequence of packets
exchanged and comparing this to the protocols.

Right now it seems like ted and mrsdoyle aren't talking to each other
properly. Set them up to communicate as "statically" as possible, eg.,
static host route entries and maybe even static arp entries if you know
how. Idea is to eliminate as many "dynamic" variables as possible and
zero in on the DHCP exchange.

Have jack request as little as possible, eg., just an IP/netmask to
start with. First thing is to get mrsdoyle to return _something_ to
jack and go from there.

sorry not more help,
prg
email above disabled

Relevant Pages

  • I built a firewall that is impossible to hack for 5 bucks
    ... no packets will pass this firewall since the ... network is segmented by a impervious section of air. ...
    (comp.security.firewalls)
  • Re: Really weird networking problem
    ... there is already a client computer, so a new network jack was installed. ... I got the "Network cable is unplugged" message. ... Tried to change settings on the card, but nothing worked, so we got a second ...
    (microsoft.public.windowsxp.network_web)
  • Re: Really weird networking problem
    ... there is already a client computer, so a new network jack was installed. ... I got the "Network cable is unplugged" message. ... Tried to change settings on the card, but nothing worked, so we got a second ...
    (microsoft.public.windowsxp.network_web)
  • Re: NHS (UK) N3 Connxn Cant see nww sites
    ... Jack (MS, MVP-Networking). ... First you have to make sure that the computers have a valid connection to ... You can check each computer's network configuration with the help of this ...
    (microsoft.public.windowsxp.network_web)
  • Re: NHS (UK) N3 Connxn Cant see nww sites
    ... First you have to make sure that the computers have a valid connection to ... You can check each computer's network configuration with the help of this ... Jack. ...
    (microsoft.public.windowsxp.network_web)