# DHCRELAY just doesnt work!!! grrr

## petrjanda

And theres nothing in the logs to indicate why!

dhcrelay conf file has this:

```

# Configure which interface or interfaces to for dhcp to listen on

# list all interfaces space separated.

IFACE="eth2"

# Insert any other options needed.  See dhcrelay(8) for details.

DHCRELAY_OPTS="-q"

# Space separated list of IPs to forward BOOTP/DHCP packets to.

DHCRELAY_SERVERS="192.168.1.2"

```

eth2 connects the my LAN, eth1 is the interface 192.168.1.2(which is DMZ) is connected to, and eth0 goes to the internet. Dont understand why it doesnt work. Shorewall has ports 67-68 opened in both directions.

----------

## petrjanda

Just want to add: i dont think the relay sends it the dhcp server, because if it did and the server got it it would have been written to the dhcpd.leases file wouldnt it?

----------

## thepustule

From what I can tell, everyone seems to have this problem, and there is no good solution.  If you search google for the three words dhcrelay doesn't work (without the quotes) you'll get all kinds of hits on similar queries on mailing list archives, none of which has been answered - sometimes in over a year.

from the man page, you should run dhcrelay as follows:

```

dhcrelay -i <listening interface> <server ip>

```

There are a couple other options as well.

The gentoo startup scripts for dhcrelay seem to support this method, but it just doesn't work.  From tcpdumping and watching the syslog on the dhcp server, I can see the dhcp relay picking up the request, relaying it successfully to the dhcp server, and then the dhcp server replies, but dhcrelay doesn't pick up the reply and send it back to the client.  The only thing I have seen sometimes is someone getting it to work by doing this:

```

dhcrelay -i <listening interface> <server ip> -i <server-reachable interface>

```

so, if I want dhcrelay to listen on eth0 and then send to the dhcp server at 10.1.1.1 which is reachable by eth1, I would do 

```

dhcrelay -i eth0 10.1.1.1 -i eth1

```

This is really strange!  The man page does NOT describe it this way, and the gentoo startup scripts, because they follow the man page, don't allow for this kind of setup either.  What does the -i do anyway?  Is the first -i different than the second -i?  In the above example, will dhcrelay also listen on eth1?  That's not clear.  What if I NEED it to NOT listen on eth1 because I have some other dhcp server there that runs (for instance) PXE?  

This situation seems to have been outstanding for soooooo long that I can only conclude that very few people actually run dhcrelay, or the dhcp people created dhcrelay as a little "quick'n'dirty" side-task and don't really care much about it.

If this thread is like any of the other many threads that I've seen on this topic in many other mailinglists and forums, we'll likely get no help.

I'll add my GRRRR to yours.

----------

## rmh3093

 *petrjanda wrote:*   

> And theres nothing in the logs to indicate why!
> 
> dhcrelay conf file has this:
> 
> ```
> ...

 

dhcrelay DOES work. i am bringing up this old thread because I ran into this problem today at work. the man page for dhcrelay actually says that you are supposed to configure dhcrelay to listen on both the network(s) running the dhcp server(s) AND the network(s) with the dhcp clients.

so if your dhcp server is on a network interface eth0 and you have networks that need dhcp on eth1 and eth2 then in dhcrelay.conf you would need 'IFACE="eth0 eth1 eth2"

----------

## UberLord

Updated the comments in cvs to describe this - thanks  :Smile: 

----------

## chucks

Here is some additional information:

I got frustrated with this while setting up some extra subnets tonight.  My problem was not from the relay agent working, but from my firewall configuration.

I simply allow any and all outgoing traffic on my machine's iptables configurations.  This saves me massive headache and time, and I don't need to be so draconian as to filter outgoing traffic.

On the DHCP Server's segment, make sure that the server allows incoming traffic:

1. from the DHCP Client port to the DHCP Server Port (this is for DHCP clients on the server's subnet)

2. from the DHCP Server port to the DHCP Server Port (this is for the DHCP relay agents on other subnets to communicate with the server)

DHCP Server - eth0 192.168.0.0/24:

iptables --append INPUT --protocol udp --match udp --source-port 68 --destination-port 67 --jump ACCEPT

iptables --append INPUT --protocol udp --match udp --source-port 67 --destination-port 67 --jump ACCEPT

DHCP Relay Router - eth0 192.168.0.0/24, eth1 192.168.1.0/24:

iptables --append INPUT --in-interface eth0 --protocol udp --match udp --source-port 67 --destination-port 67 --jump ACCEPT

iptables --append INPUT --in-interface eth1 --protocol udp --match udp --source-port 68 --destination-port 67 --jump ACCEPT

Hope that one helps the next guy, because you probably read the same iptables configuration guide I did!

----------

