DHCP Server on each VLAN

aveek · 25 May 2020 20:19

Hello together,

i have the following ipfire configuration:

|Network |IP address |
|LAN |192.168.190.1/24 | DHCP on
|Wireless |192.168.196.1/24 | <---- VLAN16 DHCP on
|DMZ |192.168.192.1/24 |
|OpenVPN |192.168.195.0/24 |

No i added a new VLAN Net on green0 in /etc/sysconfig/rc.local

ip link add link green0 name vlan18 type vlan id 18
ip addr add 192.168.191.1/24 dev vlan18
ip link set vlan18 up

on this Net i want to have also a DHCP Server, so i added on
/var/ipfire/dhcp/dhcpd.conf.local the following

subnet 192.168.191.0 netmask 255.255.255.0
{
        range 192.168.191.100 192.168.191.200;
        option subnet-mask 255.255.255.0;
        option domain-name "veek.testnet";
        option routers 192.168.191.1;
        option domain-name-servers 1.1.1.1, 1.0.0.1;
        default-lease-time 3600; 
        max-lease-time 7200; 
}

But my problem is that no client on VLAN18 becomes a IP-Adress from the Server, but with static IP everthing went fine. What i have to do also that the DHCP is working on VLAN18?
Do i need to set a firewall rule?
Thanks for your tipps.

Greetings

skirmantas · 25 October 2020 19:58

Have you managed to solve this issue? I have same problem too…

hvacguy · 25 October 2020 22:43

Not an Expert.
But I think you can only have a maximum of 4 zones. Sadly

skirmantas · 26 October 2020 10:57

Yes, but this should not be related to zone number

aveek · 27 October 2020 11:09

@skirmantas
sorry until now i did not solve that problem, but mybe @ms can give us a hint!?

@hvacguy
you can create under cli a lot of VLANs, but yes under GUI you will not see them all, hope to see the in ipfire v3.x

Greetings

skirmantas · 31 October 2020 15:50

No answer…

bonnietwin · 31 October 2020 17:21

As the green dhcp server is on a different subnet from your vlan18, then when a computer on vlan18 asks for an ip address it will broadcast a dhcp discover packet on the vlan18 subnet only and will not reach the dhcp server on the green subnet. As it is a broadcast then you cannot forward these packets via a firewall rule.

If you google there is information about using dhcrelay to communicate dhcp requests from one subnet to another. The dhcrelay command is present in IPFire but I have no idea how you would use this within IPFire to do what you want. You would also need to figure out how to maintain this dhcrelay setup across reboots and upgrades.

The simplest setup in my mind would be to put a simple dhcp server on your vlan18 subnet. This could be done quite easily with a RPi. I use this approach for my orange dmz subnet, where I have things like my tv and dvd player to get access to the Internet without getting anywhere near my green and blue networks.

hvacguy · 31 October 2020 17:24

Please note that:

Due to backwards compatibility reasons, you can't assign more than one VLAN to a zone
One NIC can't be accessed natively by more than one zone
You can't use the same VLAN tag more than once per NIC
A NIC that is assigned to RED can't be accessed by any other zone if RED is in PPP mode

Sorry that I’m of no help to you.
Good luck

skirmantas · 7 November 2020 13:54

I just created DHCP server on one of my virtual machines and it works now, thanks, Adolf Belka, for a tip.