# 2 dhcp servers: how to force clients to listen to 2nd only?

## sepp

I have a DSL modem / router which has a built in DHCP server. Connected to this device is a file server which also acts as an VPN tunnel to a different network. On this file server I want to run dhcp so that all clients in the network get all the network configuration information needed in order to access computers over the VPN. My problem is that I can not turn off the DHCP on the modem / router (for various reasons). Is there a way to configure the second DHCP server (on my file server / VPN machine) so that clients will always use this dhcp server instead the other one? Is this technically possible to override a dhcp server?Last edited by sepp on Fri Aug 01, 2008 8:38 pm; edited 1 time in total

----------

## poly_poly-man

No, and this is why network admins have so much trouble when you plug in a router backwards.

The way DHCP works: The client sends a DHCPREQUEST to 255.255.255.255 (broadcast - should hit all computers on all networks, if nothing's stopping it.

Then, a valid DHCP server gives a DHCPOFFER to the client - addressing it by MAC address, because it doesn't have an IP yet.

Yada yada, the thing gets an IP and all is well.

Basically, you should have some sort of NAT/firewall/whatever between the modem and your network. For example, one method would be to throw another network card into your file server, one on the modem side, one on the network side, set up IPTABLES to be a NAT, and be happy.

Sure, DHCP is a flawed system... but we have nothing to replace it with yet...   :Confused: 

poly-p man

----------

## UberLord

 *sepp wrote:*   

> Is there a way to configure the second DHCP server (on my file server / VPN machine) so that clients will always use this dhcp server instead the other one? Is this technically possible to override a dhcp server?

 

Starting with dhcpcd-4.0.0-rc4 you can blacklist messages from a given DHCP server ID. So provided they aren't using the same ID (they should not, but technically they could) you can use that nice feature  :Smile: 

So if your router is on 192.168.0.1 and you want dhcpcd to ignore it do this

```
dhcpcd -X 192.168.0.1 eth0
```

OR this in /etc/conf.d/net

```
dhcpcd_eth0="-X 192.168.0.1"
```

OR this in /etc/dhcpcd.conf

```
blacklist 192.168.0.1
```

----------

## UberLord

 *poly_poly-man wrote:*   

> Sure, DHCP is a flawed system... but we have nothing to replace it with yet...  

 

Any system that provides auto-configuration is vulnerable to this. If it was otherwise it would NOT be 100% auto-configuration as you would have to do some configuration.

----------

