# dhcpd w/ multiple interfaces and subnets

## chief_misses_alot

Hello all.. 

I'm setting up a dhcp server in gentoo for a wireless project.  The box it's going to be running on has two nic's, one with a routable IP and one with two non-routable ip's bound to it.  eth1 is 10.0.0.254/24 and eth1:0 is 172.16.0.0/24.  What I am trying to do is setup a dhcp table that will look at the requesting clients mac and if it isn't listed in one of the static leases listed, have the dhcp server give it an address from the 172 pool but if it is listed then have the dhcp server return the address fixed for it.. the conf file I have now is 

ddns-update-style none;

default-lease-time 3600;

max-lease-time-3600;

autoritative;

subnet 172.16.0.0 netmask 255.255.255.0  {

                          range 172.16.0.10 172.16.0.100;

                          option routers 172.16.0.254;

                          option domain-name-servers xxx.xxx.xxx.xxx

}

host newhost {

                  hardware ethernet de:ad:be:ef:ba:ba;

                  fixed-address 10.0.0.50;

                  option routers 10.0.0.254:

}

The problem is that the host with that mac address won't get the 10.x.x.x address, it will get one from the 172 pool instead.. If I setup a static entry for a host from the 172 pool, such as 172.16.0.50 then it will work, but not from a differnet subnet.  So I though to try this

subnet 10.0.0.0 netmask 255.255.255.0 {

              range 10.0.0.50 10.0.0.51;

              option routers 10.0.0.254;

              option domain-name-servers x.x.x.x;

} 

and add it right between the subnet declartion for the 172 pool and the static lease.

Once I do this I get an error when starting dhcpd saying that 

"interface eth1 matches multiple shared networks"

I've soured the net and had no luck on a solution.. 

The whole point for this is we are setting up a mac based authentication system for wireless, if you walk in the building and haven't registered with us you get an address from the 172 pool and we redirect all your page requests to a page asking you to register, once you have we setup perl scripts through a webpage to put a static lease based on mac in the dhcp conf and the 10.x addresses are natted and sent out on the net. 

Any help is greatly appreciated.. or if you can think of a better way to do this.. 

Thanks in advance!

----------

## morphal

This sounds exactly like NetReg. http://www.netreg.org

----------

## themelon

What you want is a Shared Network.

You will setup all of your clients that you have mac address for as known clients and then restrict the 10.x.x.x network to known clients only.  You will then restrict the 172.x.x.x subnet to unknown clients.

```

## This makes a client "known"

host known-host-1 {

       hardware ethernet 00:0e:0c:05:07:aa;

       }

## This sets up a shared network with one pool for each network

shared-network "home" {

       subnet 10.0.0.0 netmask 255.255.255.0 {

              option routers 10.0.0.254;

              # Known clients get this pool.

              pool {

                       option domain-name-servers bogus.example.com;

                       max-lease-time 300;

                       range 10.0.0.200 10.0.0.253;

                       deny unknown-clients;

                       }

               }

       subnet 172.16.0.0 netmask 255.255.255.0 {

               option routers 172.16.0.254;

               # Unknown clients get this pool.

               pool {

                        option domain-name-servers ns1.example.com, ns2.example.com;

                        max-lease-time 28800;

                        range 172.16.0.10 172.16.0.100;

                        allow unknown-clients;

                        }

               }

       }

```

I have not personally tested this but it should work fine.

----------

## 1clue

Two things:

First, every network DHCPD knows about needs a specification for that network.  The previous poster is right, you need a shared-network clause wrapping both your eth1s.

As well, you ALMOST had it right.  You want:

```

shared-network "home" {

option domain-name-servers 10.0.0.3,10.0.0.4;

subnet 172.16.0.0 netmask 255.255.255.0 {

  authoritative;

  option routers 172.16.0.254;

  allow unknown-clients;

  range 172.16.0.10 172.16.0.100;

}

subnet 10.0.0.0 netmask 255.255.255.0 {

  authoritative;

  deny unknown-clients;

  option routers 10.0.0.254;

  host myhost { fixed-address 10.0.0.50; hardware ethernet de:ad:be:ef:ba:ba; }

}

}

```

You might want to reduce your lease times to about a minute for your testing.  Makes a huge amount of traffic but makes it easier to test and tinker.

dhcpd.conf is very structured.  If you think of every component as being "inside" something else, then you know where to put it.  You have a shared network, and that structure was made exactly for the situation you're describing.  Also, you have two distinct networks inside there, so you want two subnets listed there.  Anything specific to that network should be inside the subnet clause.  Anything pertaining to the shared network should be at the same level as the subnets.

----------

## morphal

Heh, I should have clarified more. Both of the previous posters are correct. NetReg is just the complete package. They have a bit of a how-to for configuring the dhcpd.conf file and they also walk you through configuring the Apache server and scripts to handle the registration.

----------

## 1clue

dhcpd is an incredibly useful tool.

If you don't want to learn a whole lot about network configuration, learn this.  Often, setting up a DHCP client to use a service is a one line affair, where the normal way requires at least one separate configuration file.  NTP (time service) is a good example, you just tell the client where the NTP server is and it writes the file for you on the client, and makes firewall alterations if necessary, and starts the service for you.

I use mine to serve several separate physical networks.  The switches forward the ICMP request to my DHCP server, and it handles everything.  I'm ALMOST tempted to make it configure my servers, but I'm not quite there yet.   :Smile: 

----------

