From man dhcpd.conf
Code:
The fixed-address declaration
fixed-address address [, address ... ];
The fixed-address declaration is used to assign one or more fixed IP
addresses to a client. It should only appear in a host declaration.
If more than one address is supplied, then when the client boots, it
will be assigned the address that corresponds to the network on which
it is booting. If none of the addresses in the fixed-address state-
ment are valid for the network to which the client is connected, that
client will not match the host declaration containing that fixed-
address declaration. Each address in the fixed-address declaration
should be either an IP address or a domain name that resolves to one
or more IP addresses.
So a client site can retrieve multiple IP addresses from a DHCP server.
A bit earlier in the same man page
Code:
SPAWNING CLASSES
It is possible to declare a spawning class. A spawning class is a
class that automatically produces subclasses based on what the client
sends. The reason that spawning classes were created was to make it
possible to create lease-limited classes on the fly. The envisioned
application is a cable-modem environment where the ISP wishes to pro-
vide clients at a particular site with more than one IP address, but
does not wish to provide such clients with their own subnet, nor give
them an unlimited number of IP addresses from the network segment to
which they are connected.
Many cable modem head-end systems can be configured to add a Relay
Agent Information option to DHCP packets when relaying them to the DHCP
server. These systems typically add a circuit ID or remote ID option
that uniquely identifies the customer site. To take advantage of
this, you can write a class declaration as follows:
class "customer" {
spawn with option agent.circuit-id;
lease limit 4;
}
Now whenever a request comes in from a customer site, the circuit ID
option will be checked against the class's hash table. If a subclass
is found that matches the circuit ID, the client will be classified in
that subclass and treated accordingly. If no subclass is found match-
ing the circuit ID, a new one will be created and logged in the
dhcpd.leases file, and the client will be classified in this new class.
Once the client has been classified, it will be treated according to
the rules of the class, including, in this case, being subject to the
per-site limit of four leases.
The use of the subclass spawning mechanism is not restricted to relay
agent options - this particular example is given only because it is a
fairly straightforward one.
So it looks like that the purpose of this all is to assign IP's to different machines behind one dhcp relay agent.
It could be interesting to use tcpdump to wiretap the DHCP traffic
Code:
# tcpdump -eni nfe0 -s1500 -w dhcp.dump
You then run
dhclient from another xterm or console. After the IP address has been assigned, press CNTRL-C to stop the tcpdump capture.
Read the dump with
Code:
# tcpdump -envv -s1500 -r dhcpd.dump
In case you are using ssh to access the firewall append 'not port ssh' to the capture command. That will prevent ssh packet pollution of your dump.
BTW how does your
netstat -rn output look like after having received leases for nfe as well as ngeth0?