View Single Post
  #5   (View Single Post)  
Old 20th December 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

From man dhcpd.conf
Code:
The fixed-address declaration

	 fixed-address address [, address ... ];

	 The fixed-address declaration is used to assign one or more fixed  IP
	 addresses  to a client.  It should only appear in a host declaration.
	 If more than one address is supplied, then when the client boots,  it
	 will be assigned the address that corresponds to the network on which
	 it is booting.  If none of the addresses in the fixed-address	state-
	 ment are valid for the network to which the client is connected, that
	 client will not match the host  declaration  containing  that	fixed-
	 address  declaration.	 Each address in the fixed-address declaration
	 should be either an IP address or a domain name that resolves to  one
	 or more IP addresses.
So a client site can retrieve multiple IP addresses from a DHCP server.

A bit earlier in the same man page
Code:
SPAWNING CLASSES
       It is possible to declare a spawning class.   A	spawning  class  is  a
       class  that  automatically produces subclasses based on what the client
       sends.	The reason that spawning classes were created was to  make  it
       possible  to  create lease-limited classes on the fly.	The envisioned
       application is a cable-modem environment where the ISP wishes  to  pro-
       vide  clients  at  a particular site with more than one IP address, but
       does not wish to provide such clients with their own subnet,  nor  give
       them  an  unlimited  number of IP addresses from the network segment to
       which they are connected.

       Many cable modem head-end systems can be  configured  to  add  a  Relay
       Agent Information option to DHCP packets when relaying them to the DHCP
       server.	 These systems typically add a circuit ID or remote ID	option
       that  uniquely  identifies  the	customer  site.   To take advantage of
       this, you can write a class declaration as follows:

       class "customer" {
	 spawn with option agent.circuit-id;
	 lease limit 4;
       }

       Now whenever a request comes in from a customer site,  the  circuit  ID
       option  will be checked against the class's hash table.	 If a subclass
       is found that matches the circuit ID, the client will be classified  in
       that subclass and treated accordingly.	If no subclass is found match-
       ing the circuit ID, a new  one  will  be  created  and  logged  in  the
       dhcpd.leases file, and the client will be classified in this new class.
       Once the client has been classified, it will be	treated  according  to
       the  rules  of the class, including, in this case, being subject to the
       per-site limit of four leases.

       The use of the subclass spawning mechanism is not restricted  to  relay
       agent  options  - this particular example is given only because it is a
       fairly straightforward one.
So it looks like that the purpose of this all is to assign IP's to different machines behind one dhcp relay agent.

It could be interesting to use tcpdump to wiretap the DHCP traffic
Code:
# tcpdump -eni nfe0 -s1500 -w dhcp.dump
You then run dhclient from another xterm or console. After the IP address has been assigned, press CNTRL-C to stop the tcpdump capture.
Read the dump with
Code:
# tcpdump -envv -s1500 -r dhcpd.dump
In case you are using ssh to access the firewall append 'not port ssh' to the capture command. That will prevent ssh packet pollution of your dump.

BTW how does your netstat -rn output look like after having received leases for nfe as well as ngeth0?
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote