ISC DHCP has no interface to listen to

[KdeBruin]

I'm using an sysutils/py3-iocage as my jail manager and have created a jail for handling local DNS (dns/bind911) and DCHP (net/isc-dhcp43-server). I'm using a cloned lo2 interface using IP address 10.16.123.2. On the host system I forward DNS requests into the jail and this works like a charm.

However, my DHCP service won't start as it has no subnet declaration for lo2 as I want the DCHP service for my host domain (172.16.123.0/24. I have the following configuration:

# jail configuration (iocage get ip4_addr ns)
ip4_addr:lo2|10.16.123.2

# rc.conf
# Enable DHCP server
dhcpd_enable="NO"
dhcpd_flags="-q"
dhcpd_conf="/usr/local/etc/dhcpd.conf"
dhcpd_ifaces="lo2"
dhcpd_withumask="022"

# dhcpd.conf
option domain-name "home.lan";
option domain-name-servers 172.16.123.11;
option subnet-mask 255.255.255.0;

default-lease-time 600;
max-lease-time 72400;
ddns-update-style none;

subnet 172.16.123.0 netmask 255.255.255.0 {
        range 172.16.123.100 172.16.123.150;
        option routers 172.16.123.1;
}

When I start the DCHP server with service isc-dhcpd onestart I get the following error in the logs:

Jul 22 13:42:31 ns dhcpd:
Jul 22 13:42:31 ns dhcpd: No subnet declaration for lo2 (10.16.123.2).
Jul 22 13:42:31 ns dhcpd: ** Ignoring requests on lo2.  If this is not what
Jul 22 13:42:31 ns dhcpd:    you want, please write a subnet declaration
Jul 22 13:42:31 ns dhcpd:    in your dhcpd.conf file for the network segment
Jul 22 13:42:31 ns dhcpd:    to which interface lo2 is attached. **
Jul 22 13:42:31 ns dhcpd:
Jul 22 13:42:31 ns dhcpd: Not configured to listen on any interfaces!

So, is there a way to fix the DCHP configuration or do I have to change to running the jail on a cloned host interface?

 

[leebrown66]

You have restricted DHCP to listening only on lo2 in the rc.conf, but the subnet doesn't match lo2's (judging by the message).

The problem seems to be that 172.16.123.0/24 isn't associated with any allowed interfaces. Try removing the dhcpd_ifaces="lo2" from rc.conf. DHCP should now see your other interfaces and associate that subnet statement with the correct interface.

The output from ifconfig(8)? may help.

 

[KdeBruin]

The problem for the DHCP server is that only interface lo2 has an IP address. Output from ifconfig:

re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
        ether bc:5f:f4:45:80:16
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        groups: lo
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        groups: lo
lo2: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet 10.16.123.2 netmask 0xffffffff
        groups: lo
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33160
        groups: pflog

Removing the line from the config doesn't help, only the interface in the error message changes.

 

[leebrown66]

The DHCP server won't work this way. It has to have an interface on the subnet it is serving with the appropriate subnet and address setup.

So you probably need another interface configured, for example, with 172.16.123.1/24

I didn't realize you are running the DHCP server within a jail, you may need to tweak the jail's properties because DHCP uses Berkeley sockets to listen to the network.

 

[KdeBruin]

I've indeed moved the jail from its own mapped localhost IP to a shared host IP and now things work as expected. I kinda followed the instructions found here: https://dan.langille.org/2013/08/18/creating-a-freebsd-jail-to-run-dhcp-and-dns/. This includes some devfs configuration to allow for the Berkeley packet stuff.