DHCP from Green to Orange

stef97 · 22 April 2020 15:32

Hi,

I need to have the servers connecting on Orange getting their IP from a DHCP server residing on Green

It seems no DHCP is not allowed on Orange

How can I allow DHCP traffing from Green to Orange ?

Many thanks
Steven

cfusco · 22 April 2020 17:18

You can’t. However you can set up a DHCP service in a server in the orange network.

argh · 23 April 2020 09:32

Just keep in mind, that DHCP is working with broadcast’s on the local subnet. So - unless you create a layer2-bridge between the interfaces, this won’t work - but then a layer2-bridge would make any fiewall-rules useless.
See OSI-Model

cfusco · 23 April 2020 11:33

Honest question, If you set up a second IPFire router (IPFIre2) and DHCP server in the the DMZ subnet whereby you have a new red zone - that is the incoming traffic - and a new green zone that corresponds to the DMZ of the internet border router (IPFire1), and assign static routes on the IPFire1 side to reach IPFire2 for the DMZ traffic, it’s not layer 2. What do you think?

stef97 · 23 April 2020 15:13

Hi,
Thanks for taking the trouble to provide guidance

I have switched from RED-GREEN-ORANGE to RED-GREEN-BLUE

I have a DHCP server deployed on GREEN and it is successfully allocating IPs on GREEN subnet

Can I use the same DHCP server to allocate IPs on BLUE ( obviously on a different subnet) by simply allowing UDP traffic between GREEn and BLUE on port 67 and 68 ?

I am asking because I tried and did not work so not sure if I simply not create the rules correctly or I am missing something

Any examples/suggestions would be greatly appreciated

Many thanks

Steven

bbitsch · 23 April 2020 15:35

With IPFire in RED-GREEN-BLUE config you do have a DHCP server GREEN and BLUE, already.

stef97 · 23 April 2020 18:28

I need to inject a static route that will send traffic for GREEN through BLUE gateway

I was hoping to be able to use the DHCP on GREEN because all the scope options are already working while ipFire DHCP classless route is not

If any of you managed to make it working please provide details

I’ve tried adding below to /var/ipfire/dhcp/advoptions-list

option rfc3442-classless-static-routes code 121 = array of integer 8;
option ms-classless-static-routes code 249 = array of integer 8;

and then enter the details in GUI

The scope selections gets something like this
DHCP Scope Section:
option rfc3442-classless-static-routes 24, 10, 3, 1, 192, 168, 1, 99;
option ms-classless-static-routes 24, 10, 3, 1, 192, 168, 1, 99;

But the DHCP crashes because “DHCP option name not recognized: rfc3442-classless-static-route”

bbitsch · 24 April 2020 10:16

The problem/bug is that ‘array of integer’ isn’t allowed in dhcp.cgi ( the WUI ).
Please file a bug at bugzilla

stef97 · 24 April 2020 12:40

Thanks
while waiting for the bug to be fixed, is there a workaround ?

Maybe allow Blue to get DHCP leases from GREEN ? Has anyone done that ?