# dhcp wrong subnet

## zebbedi

Hi,

The networking on my laptop has recently gone completely crazy and stopped worked. I use NetworkManager to auto configure a wired connection. When I do it fails to setup correctly. I end up with an IP address of 192.168.168.100 however all my network is on 192.168.0.x with my main router (dhcp and gateway) being on 192.168.0.1.

I've tried running 

```
# dhcpcd -T -4

DUID 00:01:00:01:21:c5:48:b8:9c:eb:e8:35:4f:1f

dummy0: IAID e8:2e:eb:e0

enp0s20f0u2: IAID e8:35:4f:1f

docker0: waiting for carrier

br-dde597106864: waiting for carrier

wlp2s0: waiting for carrier

enp0s20f0u2: soliciting a DHCP lease

enp0s20f0u2: offered 192.168.168.100 from 192.168.168.1

interface=enp0s20f0u2

pid=27649

protocol=dhcp

reason=TEST

ifcarrier=up

ifflags=4163

ifmtu=1500

ifwireless=0

new_broadcast_address=192.168.168.255

new_dhcp_lease_time=300

new_dhcp_message_type=2

new_dhcp_server_identifier=192.168.168.1

new_ip_address=192.168.168.100

new_network_number=192.168.168.0

new_routers=192.168.168.1

new_subnet_cidr=24

new_subnet_mask=255.255.255.0

dhcpcd exited
```

This sticks out:  enp0s20f0u2: offered 192.168.168.100 from 192.168.168.1

If i'm reading it correctly, it thinks my dhcp server is 192.168.168.1 and I have no idea where that is coming from. I get the same response from dhclient.  Why is it trying to go on to a subnet of 192.168.168? and where is that coming from? I've run out of ideas. If i configure manually i can connect fine. My router and other devices on the network all seem to be fine. 

It's worth mentioning that this all went wrong after running some docker compose stuff which creates 10 odd containers and about a similar number of virtual network devices.

----------

## Ant P.

You have a rogue dhcp server running. You say you've been downloading and running mystery code off the internet, so it's likely coming from there.

----------

## zebbedi

Definitely not been running mystery code from anywhere? The docker compose stuff is my work. 

Don't think there is a rogue server anywhere. It's just my home network. Only this laptop picks it up, all other machines and devices are fine.

----------

## NeddySeagoon

zebbedi,

On Wifi ?

Maybe its not your network you are connected to at all.

Do you recognise the public IP that 192.168.0.1 leads to?

----------

## Ant P.

Run wireshark and see which MAC address the responses are coming from. It should show the manufacturer name and make it easier to find the machine responsible.

----------

## Hu

Docker's preference to fetch from Dockerhub makes it dangerously easy to run questionable software, so it's quite reasonable to assume that is what happened.  Even though you likely ran the containers you intended to run, and did not intend them to be dangerous, I would still suspect one of them.  Since all your other systems still behave normally, that suggests to me that a bad dhcpd in one of the containers is confusing the laptop, but none of the other systems see it because Docker is not forwarding that out onto the general network.

Does the problem stop if you bring down all your containers?

Would you mind sharing your Docker compose configuration file?  Redact anything non-public, if you like.  I want to see what it does to your network configuration, particularly around bridging.

----------

## zebbedi

It's a hard wired connection. It's using USB dongle over ethernet.  Wifi actually gets the correct ip from dhcp. 

I've completely shut down docker and all containers have been deleted. The images all come from our own local corporate docker repo. I'm afraid I really wouldn't be able to share it due to IP.

The problem still persists though even with docker shut down.

----------

## papas

Are you on your company"s network? Check your router interfaces,  wifi and ethernet ports  are on the same subnet? Which router do you have. Arp-scan, ip addr may have interesting information.

----------

## zebbedi

It's my own home network. DrayTek 2862 router. 

Any advice on what to run to check these things? Ok, so i've just run wireshark on my windows pc. I ran 

```

ipconfig /release

ipconfig /renew

```

and then captured the output with wireshark. The windows PC ran in to the same problem with 192.168.168.100 broadcasting dhcp. The problem appears has as src of NestLabs. I do have 2 Nest thermostats and 2 Nest Protect smoke alarms so I think one of them is running a rogue dhcp as suggested. 

I just have no idea how to resolve it.

----------

## papas

so you  have 2 dhcp servers, but  as you wrote above your pc was  working fine for some time. NeddySeagoon was right, you are connecting in different network and seems that docker has nothing to do with it. Did you change the switchport that your pc usually connect to? You must  attach your pc to the right network.

Your router is a powerful machine but i never had the chance to work with it.(Who has configured it?)

Btw there is several configurations to make it work. I think the easiest way is to assign a switchport to the same subnet as the wifi or you can connect your alarm-dhcp server in the second wan port of your router (you  have two wan ports), but is still  mystery to me, how your wired-network was working before.

----------

## Ant P.

Right, so it's not the docker stuff. My bad.

You'll need to either figure out how to turn the DHCP server off on those things, or put them on an isolated LAN segment behind a real multi-homed router or managed switch.

----------

## zebbedi

I think i've found the problem. I was infact misreading the wireshark analysis (i've not used it before so not massively familiar with it) but it wasn't nest. It was a cctv security camera. I turned off all wireless in order to try to block the nest smoke alarm but it continued to happen so by a process of elimination i removed each hard wired device one by one and eventually discovered it's the camera that is spamming the network. I don't know why yet but at least the network is now working again properly with all devices.

----------

## Tony0945

The last two posts were very interesting. I was just thinking this morning of buying a thermostat that connects to the internet. Except I've been resisting that. The only reason for buying one is that the high end better T-stats all are internet connected, I was thinking I could set the firewall to block all incoming and outgoing traffic to that external address. It sounds like that's not sufficient.  Best of all would be to make my own T-stat from a Raspberry Pi.

This ties into those two posts, but please, Mr. moderator, split it if it's not.

----------

