Solved DHCPD interface matches multiple shared networks

byrnejb

byrnejb

Code: 
FreeBSD-12.1p10
isc-dhcpd 4.4.2_1

I am attempting to temporarily move a dhcpd service to a host which is used for testing. This host has multiple IPv4 aliases on a single NIC. When I try to start dhcpd I get this error:

Code: 
dhcpd -cf /usr/local/etc/dhcpd.conf -lf /var/db/dhcpd/dhcpd.leases
Internet Systems Consortium DHCP Server 4.4.2
Copyright 2004-2020 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Config file: /usr/local/etc/dhcpd.conf
Database file: /var/db/dhcpd/dhcpd.leases
PID file: /var/run/dhcpd.pid
Wrote 0 leases to leases file.
Interface igb0 matches multiple shared networks
. . .
exiting.

ifconfig shows this:

Code: 
igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=e523bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
    ether 70:85:c2:da:88:4f
    inet 216.185.71.41 netmask 0xffffff80 broadcast 216.185.71.127
    inet 192.168.216.41 netmask 0xffffff00 broadcast 192.168.216.255
    inet 192.168.18.162 netmask 0xffffffff broadcast 192.168.18.162
    inet 192.168.216.162 netmask 0xffffffff broadcast 192.168.216.162
    inet 192.168.216.88 netmask 0xffffffff broadcast 192.168.216.88
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
    inet 127.0.0.1 netmask 0xff000000
    inet 127.0.162.1 netmask 0xffffffff
    inet 127.0.88.1 netmask 0xffffffff
    groups: lo
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
vm-public: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    ether 0a:78:ea:29:ca:2d
    id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
    maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
    root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
    member: igb0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 1 priority 128 path cost 20000
    groups: bridge vm-switch viid-4c918@
    nd6 options=1<PERFORMNUD>

I am aware that this is likely a shared network configuration issue. However, I cannot seem to hit upon the correct configuration. Another set of eyeballs would be helpful to correct what error/misunderstanding I have in /usr/local/etc/dhcpd.conf:

Code: 
. . .
shared-network 192-216 {
  subnet 192.168.6.0 netmask 255.255.255.0 {
  }

  subnet 192.168.7.0 netmask 255.255.255.0 {
  }

  subnet 192.168.8.0 netmask 255.255.255.0 {
  }

  subnet 192.168.18.0 netmask 255.255.255.0 {
  }

  subnet 192.168.216.0 netmask 255.255.255.0 {
  }

  subnet 216.185.71.0 netmask 255.255.255.128 {
  }
}
# Declaration of brockley AD-DC Domain
# SMB4-2 [192.168.18.162]

subnet 192.168.18.0 netmask 255.255.255.0 {
  range dynamic-bootp             192.168.18.32 192.168.18.127;
  allow                           unknown-clients;
  option domain-name              "brockley.harte-lyne.ca";
  option domain-name-servers      192.168.18.162, 216.185.71.33;
  option netbios-name-servers     192.168.18.162;
  option netbios-dd-server        192.168.18.162;
  option netbios-node-type        8;
  option ntp-servers              192.168.18.162;
  option routers                  192.168.18.1;
}
 
This is really bad form:
Code: 
    inet 216.185.71.41 netmask 0xffffff80 broadcast 216.185.71.127
    inet 192.168.216.41 netmask 0xffffff00 broadcast 192.168.216.255
    inet 192.168.18.162 netmask 0xffffffff broadcast 192.168.18.162
    inet 192.168.216.162 netmask 0xffffffff broadcast 192.168.216.162
    inet 192.168.216.88 netmask 0xffffffff broadcast 192.168.216.88
Not only do you mix different subnets you're also mixing private ranges with internet addresses. That's bound to cause problems and/or configuration issues in the long run. Learn to use the magic of vlan(4) to separate these. To keep your own sanity, never use more than a single subnet on an interface. Never put multiple subnets on the same wire (without VLAN tagging that is).
 
In an ideal world I would be able to undo decisions made 25 years ago. However, what is, is, and must be handled as such. Likewise, we have to make do with the equipment that we have, none of which handle vlans. Whether it is bad form or not a very similar setup has been working for years using isc-dhcp43-server-4.3.6_1 on a FreeBSD-10.3 host. In that case the configuration did not include the shared-network clause at all. It just declared a subnet for each IP aliased to its NIC. However, that configuration does not work with 4.4.

I cannot be the only one in this situation as many of the examples about how to use shared-network{} appear to be variants of what we have here.

I have altered the configuration to remove all but the 192.168.18.0/24 network. I have altered the shared-network parameters to remove the 192.169.18.0/24 stanza and replace it with the main subnet settings. None of these have changed the error I am getting.
 
Duhh. It helps if the file one modifies is actually the file that the configuration is read from. Final working shared-netwrok settings are:

Code: 
shared-network 192-216 {

#  option domain-name "brockley.harte-lyne.ca";
#  option domain-name-servers 192.168.18.162, 216.185.71.33, 216.185.71.34;

  subnet 192.168.6.0 netmask 255.255.255.0 {
    option routers                  192.168.6.1;
  }
#
  subnet 192.168.7.0 netmask 255.255.255.0 {
    option routers                  192.168.7.1;
  }
#
  subnet 192.168.8.0 netmask 255.255.255.0 {
    option routers                  192.168.8.1;
  }
#
#  subnet 192.168.18.0 netmask 255.255.255.0 {
#    option routers                  192.168.18.1;
#  }
#
  subnet 192.168.216.0 netmask 255.255.255.0 {
    option routers                  192.168.216.1;
  }

  subnet 216.185.71.0 netmask 255.255.255.128 {
    option routers                  216.185.71.1;
  }
#}
# Declaration of brockley AD-DC Domain
# SMB4-2 [192.168.18.162]

  subnet 192.168.18.0 netmask 255.255.255.0 {
    authoritave;
    range dynamic-bootp             192.168.18.32 192.168.18.127;
    allow                           unknown-clients;
    option domain-name              "brockley.harte-lyne.ca";
    option domain-name-servers      192.168.18.162, 216.185.71.33;
    option netbios-name-servers     192.168.18.162;
    option netbios-dd-server        192.168.18.162;
    option netbios-node-type        8;
    option ntp-servers              192.168.18.162;
    option routers                  192.168.18.1;
  }
}
 
You must log in or register to reply here.
Back
Top