Hi, My em1 is config'ed as: ifconfig em1 inet 10.10.10.1 up netmask 0xffffff00
The wifi is connected to and internet and working OK.
em1 is the lan.
I have the following /etc/dhcp/dhcpd.conf file
DHCPDARGS=em1; ddns-update-style interim; subnet 10.10.10.0 netmask 255.255.255.0 { option subnet-mask 255.255.255.0; broadcast-address 10.10.10.255; clientsoption routers 10.10.10.1; option domain-name-servers 10.10.10.1; }
I execute: sudo systemctl start dhcpd and I see it is running: ps -ef | grep dhcpd dhcpd 24671 1 0 19:30 ? 00:00:00 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid
However, the client, an old skype phone (from the days before MS bought skype), is unable to connect and obtain an ip addy.
I have ip forwarding enabled:
echo 1 > /proc/sys/net/ipv4/ip_forward /sbin/iptables -A FORWARD -i wlp12s0 -o em1 -m state --state ESTABLISHED -j ACCEPT /sbin/iptables -A FORWARD -i em1 -o wlp12s0 -m state --state ESTABLISHED -j ACCEPT /sbin/iptables -A FORWARD -i em1 -o wlp12s0 -j ACCEPT /sbin/iptables -A FORWARD -i wlp12s0 -o em1 -j ACCEPT /sbin/iptables -t nat -A POSTROUTING -o wlp12s0 -j MASQUERADE /sbin/iptables -t nat -A POSTROUTING -o em1 -j MASQUERADE
So, there must be a problem with the ip forwarding, and / or the dhcpd.conf file ???
If the device doesn't get an address, you're still before the iptables/forwarding stage.
Look in your log files for DHCP messages.
Bill
On 9/6/2017 3:46 PM, JD wrote:
Hi, My em1 is config'ed as: ifconfig em1 inet 10.10.10.1 up netmask 0xffffff00
The wifi is connected to and internet and working OK.
em1 is the lan.
I have the following /etc/dhcp/dhcpd.conf file
DHCPDARGS=em1; ddns-update-style interim; subnet 10.10.10.0 netmask 255.255.255.0 { option subnet-mask 255.255.255.0; broadcast-address 10.10.10.255; clientsoption routers 10.10.10.1; option domain-name-servers 10.10.10.1; }
I execute: sudo systemctl start dhcpd and I see it is running: ps -ef | grep dhcpd dhcpd 24671 1 0 19:30 ? 00:00:00 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid
However, the client, an old skype phone (from the days before MS bought skype), is unable to connect and obtain an ip addy.
I have ip forwarding enabled:
echo 1 > /proc/sys/net/ipv4/ip_forward /sbin/iptables -A FORWARD -i wlp12s0 -o em1 -m state --state ESTABLISHED -j ACCEPT /sbin/iptables -A FORWARD -i em1 -o wlp12s0 -m state --state ESTABLISHED -j ACCEPT /sbin/iptables -A FORWARD -i em1 -o wlp12s0 -j ACCEPT /sbin/iptables -A FORWARD -i wlp12s0 -o em1 -j ACCEPT /sbin/iptables -t nat -A POSTROUTING -o wlp12s0 -j MASQUERADE /sbin/iptables -t nat -A POSTROUTING -o em1 -j MASQUERADE
So, there must be a problem with the ip forwarding, and / or the dhcpd.conf file ??? _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org
On 09/07/2017 01:31 PM, Bill Shirley wrote:
On 9/6/2017 3:46 PM, JD wrote:
Hi, My em1 is config'ed as: ifconfig em1 inet 10.10.10.1 up netmask 0xffffff00
The wifi is connected to and internet and working OK.
em1 is the lan.
I have the following /etc/dhcp/dhcpd.conf file
DHCPDARGS=em1; ddns-update-style interim; subnet 10.10.10.0 netmask 255.255.255.0 { option subnet-mask 255.255.255.0; broadcast-address 10.10.10.255; clientsoption routers 10.10.10.1; option domain-name-servers 10.10.10.1; }
I execute: sudo systemctl start dhcpd and I see it is running: ps -ef | grep dhcpd dhcpd 24671 1 0 19:30 ? 00:00:00 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid
However, the client, an old skype phone (from the days before MS bought skype), is unable to connect and obtain an ip addy.
I have ip forwarding enabled:
echo 1 > /proc/sys/net/ipv4/ip_forward /sbin/iptables -A FORWARD -i wlp12s0 -o em1 -m state --state ESTABLISHED -j ACCEPT /sbin/iptables -A FORWARD -i em1 -o wlp12s0 -m state --state ESTABLISHED -j ACCEPT /sbin/iptables -A FORWARD -i em1 -o wlp12s0 -j ACCEPT /sbin/iptables -A FORWARD -i wlp12s0 -o em1 -j ACCEPT /sbin/iptables -t nat -A POSTROUTING -o wlp12s0 -j MASQUERADE /sbin/iptables -t nat -A POSTROUTING -o em1 -j MASQUERADE
So, there must be a problem with the ip forwarding, and / or the dhcpd.conf file ???
If the device doesn't get an address, you're still before the iptables/forwarding stage.
Look in your log files for DHCP messages.
Bill _______________________________________________
Well, I did look in all the log files under /var/log/ and found nothing related to failure to provide an IP addy.
But I do not understand what you mean by "you're still before the iptables/forwarding stage"
Do you mean that there are rules preceding the rules I provided for ip forwarding and masquerading, such that the incoming request (for an IP addy) is never making it down to the rules I had added?
On 09/07/2017 07:15 PM, JD wrote:
On 09/07/2017 01:31 PM, Bill Shirley wrote:
Look in your log files for DHCP messages.
Well, I did look in all the log files under /var/log/ and found nothing related to failure to provide an IP addy.
If the DHCP server is receiving requests, there will be log messages from it. You should also have a bunch of messages just from it starting up.
But I do not understand what you mean by "you're still before the iptables/forwarding stage"
Do you mean that there are rules preceding the rules I provided for ip forwarding and masquerading, such that the incoming request (for an IP addy) is never making it down to the rules I had added?
No, DHCP requests are broadcast, so they don't forward. They stay in the physical (or logical) subnet they are sent on. My understanding from your first message is that your computer is connected to the internet over wifi and it also has an ethernet port. Is the skype phone on wifi or ethernet? You could watch for DHCP requests by running:
tcpdump -vn -i em1 port 68
and you could verify that the server is running using:
lsof -i udp:68
On 09/08/2017 01:27 AM, Samuel Sieb wrote:
On 09/07/2017 07:15 PM, JD wrote:
On 09/07/2017 01:31 PM, Bill Shirley wrote:
Look in your log files for DHCP messages.
Well, I did look in all the log files under /var/log/ and found nothing related to failure to provide an IP addy.
If the DHCP server is receiving requests, there will be log messages from it. You should also have a bunch of messages just from it starting up.
But I do not understand what you mean by "you're still before the iptables/forwarding stage"
Do you mean that there are rules preceding the rules I provided for ip forwarding and masquerading, such that the incoming request (for an IP addy) is never making it down to the rules I had added?
No, DHCP requests are broadcast, so they don't forward. They stay in the physical (or logical) subnet they are sent on. My understanding from your first message is that your computer is connected to the internet over wifi and it also has an ethernet port. Is the skype phone on wifi or ethernet? You could watch for DHCP requests by running:
tcpdump -vn -i em1 port 68
and you could verify that the server is running using:
lsof -i udp:68
Hi Samuel, I believe Imentioned tat the ethernet port em1 is the LAN, not on the internet. The phone is connected to em1.
Today, I do not have the phone to try. I suspect that something might be wrong with my iptable rules. Also, I do not know the uuid nor the MAC addy of the skype phone, so, I have no idea how to hardcode the LAN ip addy for the phone in /etc/dhcp/dhcpd.conf. If I knew the MAC of the skype phone, it would perhaps simplify the handshake between the skype phone and the computer (dhcpd).
On Sep 8, 2017 3:47 PM, "JD" jd1008@gmail.com wrote:
On 09/08/2017 01:27 AM, Samuel Sieb wrote:
On 09/07/2017 07:15 PM, JD wrote:
On 09/07/2017 01:31 PM, Bill Shirley wrote:
Look in your log files for DHCP messages.
Well, I did look in all the log files under /var/log/ and found nothing
related to failure to provide an IP addy.
If the DHCP server is receiving requests, there will be log messages from it. You should also have a bunch of messages just from it starting up.
But I do not understand what you mean by "you're still before the
iptables/forwarding stage"
Do you mean that there are rules preceding the rules I provided for ip forwarding and masquerading, such that the incoming request (for an IP addy) is never making it down to the rules I had added?
No, DHCP requests are broadcast, so they don't forward. They stay in the physical (or logical) subnet they are sent on. My understanding from your first message is that your computer is connected to the internet over wifi and it also has an ethernet port. Is the skype phone on wifi or ethernet? You could watch for DHCP requests by running:
tcpdump -vn -i em1 port 68
and you could verify that the server is running using:
lsof -i udp:68
Hi Samuel, I believe Imentioned tat the ethernet port em1 is the LAN, not on the internet. The phone is connected to em1.
Today, I do not have the phone to try. I suspect that something might be wrong with my iptable rules. Also, I do not know the uuid nor the MAC addy of the skype phone, so, I have no idea how to hardcode the LAN ip addy for the phone in /etc/dhcp/dhcpd.conf. If I knew the MAC of the skype phone, it would perhaps simplify the handshake between the skype phone and the computer (dhcpd).
_______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org
If the client is plugged directly into the Ethernet port that dhcpd is listening on, why are you discussing packet forwarding and the wireless interface?
I would tcpdump on em1 to verify traffic. 'journalctl -u dhcpd' should show requests and such. Also verify that the phone is set up for dynamic and not static address assignment, and perhaps test with a different client.
--Pete
On 09/08/2017 03:49 PM, Pete Travis wrote:
On Sep 8, 2017 3:47 PM, "JD" <jd1008@gmail.com mailto:jd1008@gmail.com> wrote:
On 09/08/2017 01:27 AM, Samuel Sieb wrote: On 09/07/2017 07:15 PM, JD wrote: On 09/07/2017 01:31 PM, Bill Shirley wrote: Look in your log files for DHCP messages. Well, I did look in all the log files under /var/log/ and found nothing related to failure to provide an IP addy. If the DHCP server is receiving requests, there will be log messages from it. You should also have a bunch of messages just from it starting up. But I do not understand what you mean by "you're still before the iptables/forwarding stage" Do you mean that there are rules preceding the rules I provided for ip forwarding and masquerading, such that the incoming request (for an IP addy) is never making it down to the rules I had added? No, DHCP requests are broadcast, so they don't forward. They stay in the physical (or logical) subnet they are sent on. My understanding from your first message is that your computer is connected to the internet over wifi and it also has an ethernet port. Is the skype phone on wifi or ethernet? You could watch for DHCP requests by running: tcpdump -vn -i em1 port 68 and you could verify that the server is running using: lsof -i udp:68 Hi Samuel, I believe Imentioned tat the ethernet port em1 is the LAN, not on the internet. The phone is connected to em1. Today, I do not have the phone to try. I suspect that something might be wrong with my iptable rules. Also, I do not know the uuid nor the MAC addy of the skype phone, so, I have no idea how to hardcode the LAN ip addy for the phone in /etc/dhcp/dhcpd.conf. If I knew the MAC of the skype phone, it would perhaps simplify the handshake between the skype phone and the computer (dhcpd). _______________________________________________ users mailing list -- users@lists.fedoraproject.org <mailto:users@lists.fedoraproject.org> To unsubscribe send an email to users-leave@lists.fedoraproject.org <mailto:users-leave@lists.fedoraproject.org>If the client is plugged directly into the Ethernet port that dhcpd is listening on, why are you discussing packet forwarding and the wireless interface?
Because when I did have it working some months ago, I had to enable ip forwarding. Without it, I had no idea how to make it work.
I would tcpdump on em1 to verify traffic. 'journalctl -u dhcpd' should show requests and such. Also verify that the phone is set up for dynamic and not static address assignment, and perhaps test with a different client.
Yes, good idea. Will do so and report back to the list. It might take a couple of days to retry.
On 09/08/2017 01:46 PM, JD wrote:
I believe Imentioned tat the ethernet port em1 is the LAN, not on the internet.
I was just making sure I understood you.
The phone is connected to em1.
Today, I do not have the phone to try. I suspect that something might be wrong with my iptable rules.
Unless you have other iptables rules that you didn't mention, nothing there would affect dhcp. The forwarding rules are for after the phone has and address and is trying to connect to something.
Also, I do not know the uuid nor the MAC addy of the skype phone, so, I have no idea how to hardcode the LAN ip addy for the phone in /etc/dhcp/dhcpd.conf. If I knew the MAC of the skype phone, it would perhaps simplify the handshake between the skype phone and the computer (dhcpd).
That's unnecessary unless you want the phone to have a specific address. When you have the phone again, try the tcpdump command I gave you to see if it's actually making requests and if your computer is seeing them.
If you're unable to get an IP address, there's no use concerning yourself about firewalling/forwarding. First get an address and then look at forwarding.
If your DHCP is running, you should have messages in the log file. You can test your config with: dhcpd -t
Check that dhcp is running with: [0:root@elmo dhcp]$ netstat -anp | grep dhcp udp 0 0 0.0.0.0:67 0.0.0.0:* 3483/dhcpd udp 0 0 0.0.0.0:29091 0.0.0.0:* 3487/dhcpd udp 0 0 0.0.0.0:25164 0.0.0.0:* 3483/dhcpd
Your dhcpd.conf doesn't look right (assuming your running ISC DHCP): DHCPDARGS=em1; ddns-update-style interim; subnet 10.10.10.0 netmask 255.255.255.0 { option subnet-mask 255.255.255.0; broadcast-address 10.10.10.255; clientsoption routers 10.10.10.1; option domain-name-servers 10.10.10.1; } You don't have a subnet declaration nor any pools. Also, I'm unfamiliar with DHCPDARGS. 'clientsoptions' isn't a keyword.
You can watch the traffic with tcpdump: tcpdump -vv -e -n -i em1 'portrange 67-68' | tee 2017-09-06.dhcp.traffic This will show you the MAC address.
My guess is that your dhcpd is not running.
Bill
On 9/7/2017 10:15 PM, JD wrote:
On 09/07/2017 01:31 PM, Bill Shirley wrote:
On 9/6/2017 3:46 PM, JD wrote:
Hi, My em1 is config'ed as: ifconfig em1 inet 10.10.10.1 up netmask 0xffffff00
The wifi is connected to and internet and working OK.
em1 is the lan.
I have the following /etc/dhcp/dhcpd.conf file
DHCPDARGS=em1; ddns-update-style interim; subnet 10.10.10.0 netmask 255.255.255.0 { option subnet-mask 255.255.255.0; broadcast-address 10.10.10.255; clientsoption routers 10.10.10.1; option domain-name-servers 10.10.10.1; }
I execute: sudo systemctl start dhcpd and I see it is running: ps -ef | grep dhcpd dhcpd 24671 1 0 19:30 ? 00:00:00 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid
However, the client, an old skype phone (from the days before MS bought skype), is unable to connect and obtain an ip addy.
I have ip forwarding enabled:
echo 1 > /proc/sys/net/ipv4/ip_forward /sbin/iptables -A FORWARD -i wlp12s0 -o em1 -m state --state ESTABLISHED -j ACCEPT /sbin/iptables -A FORWARD -i em1 -o wlp12s0 -m state --state ESTABLISHED -j ACCEPT /sbin/iptables -A FORWARD -i em1 -o wlp12s0 -j ACCEPT /sbin/iptables -A FORWARD -i wlp12s0 -o em1 -j ACCEPT /sbin/iptables -t nat -A POSTROUTING -o wlp12s0 -j MASQUERADE /sbin/iptables -t nat -A POSTROUTING -o em1 -j MASQUERADE
So, there must be a problem with the ip forwarding, and / or the dhcpd.conf file ???
If the device doesn't get an address, you're still before the iptables/forwarding stage.
Look in your log files for DHCP messages.
Bill _______________________________________________
Well, I did look in all the log files under /var/log/ and found nothing related to failure to provide an IP addy.
But I do not understand what you mean by "you're still before the iptables/forwarding stage"
Do you mean that there are rules preceding the rules I provided for ip forwarding and masquerading, such that the incoming request (for an IP addy) is never making it down to the rules I had added? _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org
On 09/09/2017 01:03 PM, Bill Shirley wrote:
If you're unable to get an IP address, there's no use concerning yourself about firewalling/forwarding. First get an address and then look at forwarding.
If your DHCP is running, you should have messages in the log file. You can test your config with: dhcpd -t
Check that dhcp is running with: [0:root@elmo dhcp]$ netstat -anp | grep dhcp udp 0 0 0.0.0.0:67 0.0.0.0:* 3483/dhcpd udp 0 0 0.0.0.0:29091 0.0.0.0:* 3487/dhcpd udp 0 0 0.0.0.0:25164 0.0.0.0:* 3483/dhcpd
Your dhcpd.conf doesn't look right (assuming your running ISC DHCP): DHCPDARGS=em1; ddns-update-style interim; subnet 10.10.10.0 netmask 255.255.255.0 { option subnet-mask 255.255.255.0; broadcast-address 10.10.10.255; clientsoption routers 10.10.10.1; option domain-name-servers 10.10.10.1; } You don't have a subnet declaration nor any pools. Also, I'm unfamiliar with DHCPDARGS. 'clientsoptions' isn't a keyword.
You can watch the traffic with tcpdump: tcpdump -vv -e -n -i em1 'portrange 67-68' | tee 2017-09-06.dhcp.traffic This will show you the MAC address.
My guess is that your dhcpd is not running.
Bill
On 9/7/2017 10:15 PM, JD wrote:
On 09/07/2017 01:31 PM, Bill Shirley wrote:
On 9/6/2017 3:46 PM, JD wrote:
Hi, My em1 is config'ed as: ifconfig em1 inet 10.10.10.1 up netmask 0xffffff00
The wifi is connected to and internet and working OK.
em1 is the lan.
I have the following /etc/dhcp/dhcpd.conf file
DHCPDARGS=em1; ddns-update-style interim; subnet 10.10.10.0 netmask 255.255.255.0 { option subnet-mask 255.255.255.0; broadcast-address 10.10.10.255; clientsoption routers 10.10.10.1; option domain-name-servers 10.10.10.1; }
I execute: sudo systemctl start dhcpd and I see it is running: ps -ef | grep dhcpd dhcpd 24671 1 0 19:30 ? 00:00:00 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid
However, the client, an old skype phone (from the days before MS bought skype), is unable to connect and obtain an ip addy.
I have ip forwarding enabled:
echo 1 > /proc/sys/net/ipv4/ip_forward /sbin/iptables -A FORWARD -i wlp12s0 -o em1 -m state --state ESTABLISHED -j ACCEPT /sbin/iptables -A FORWARD -i em1 -o wlp12s0 -m state --state ESTABLISHED -j ACCEPT /sbin/iptables -A FORWARD -i em1 -o wlp12s0 -j ACCEPT /sbin/iptables -A FORWARD -i wlp12s0 -o em1 -j ACCEPT /sbin/iptables -t nat -A POSTROUTING -o wlp12s0 -j MASQUERADE /sbin/iptables -t nat -A POSTROUTING -o em1 -j MASQUERADE
So, there must be a problem with the ip forwarding, and / or the dhcpd.conf file ???
If the device doesn't get an address, you're still before the iptables/forwarding stage.
Look in your log files for DHCP messages.
Bill _______________________________________________
Well, I did look in all the log files under /var/log/ and found nothing related to failure to provide an IP addy.
But I do not understand what you mean by "you're still before the iptables/forwarding stage"
Do you mean that there are rules preceding the rules I provided for ip forwarding and masquerading, such that the incoming request (for an IP addy) is never making it down to the rules I had added?
$ netstat -anp | grep dhcp udp 0 0 0.0.0.0:32389 0.0.0.0:* 32096/dhcpd udp 0 0 0.0.0.0:67 0.0.0.0:* 32096/dhcpd udp6 0 0 :::47925 :::* 32096/dhcpd raw 0 0 0.0.0.0:1 0.0.0.0:* 7 32096/dhcpd unix 2 [ ACC ] STREAM LISTENING 21743 728/NetworkManager /var/run/NetworkManager/private-dhcp unix 3 [ ] STREAM CONNECTED 26939069 32096/dhcpd unix 2 [ ] DGRAM 26939072 32096/dhcpd
$ dhcpd -t Internet Systems Consortium DHCP Server 4.2.7 Copyright 2004-2014 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
PS: The skype phone is not connected.
On 09/06/2017 02:46 PM, JD wrote:
Hi, My em1 is config'ed as: ifconfig em1 inet 10.10.10.1 up netmask 0xffffff00
The wifi is connected to and internet and working OK.
em1 is the lan.
I have the following /etc/dhcp/dhcpd.conf file
DHCPDARGS=em1; ddns-update-style interim; subnet 10.10.10.0 netmask 255.255.255.0 { option subnet-mask 255.255.255.0; broadcast-address 10.10.10.255; clientsoption routers 10.10.10.1; option domain-name-servers 10.10.10.1; }
I execute: sudo systemctl start dhcpd and I see it is running: ps -ef | grep dhcpd dhcpd 24671 1 0 19:30 ? 00:00:00 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid
However, the client, an old skype phone (from the days before MS bought skype), is unable to connect and obtain an ip addy.
What Skype phone? Back in July, Skype stopped supporting old client software, and that made all of the old Skype phones (including my GE 31591) forever unusable on Skype. That's got nothing to do with your phone obtaining an IP address from your DHCP server, but even if you get the address and forwarding all worked out, you probably won't be able to connect to a Skype server. I can give you a link to a support forum thread with 400+ people complaining about that, but there's not much point.
On 09/09/2017 06:12 PM, Robert Nichols wrote:
On 09/06/2017 02:46 PM, JD wrote:
Hi, My em1 is config'ed as: ifconfig em1 inet 10.10.10.1 up netmask 0xffffff00
The wifi is connected to and internet and working OK.
em1 is the lan.
I have the following /etc/dhcp/dhcpd.conf file
DHCPDARGS=em1; ddns-update-style interim; subnet 10.10.10.0 netmask 255.255.255.0 { option subnet-mask 255.255.255.0; broadcast-address 10.10.10.255; clientsoption routers 10.10.10.1; option domain-name-servers 10.10.10.1; }
I execute: sudo systemctl start dhcpd and I see it is running: ps -ef | grep dhcpd dhcpd 24671 1 0 19:30 ? 00:00:00 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid
However, the client, an old skype phone (from the days before MS bought skype), is unable to connect and obtain an ip addy.
What Skype phone? Back in July, Skype stopped supporting old client software, and that made all of the old Skype phones (including my GE 31591) forever unusable on Skype. That's got nothing to do with your phone obtaining an IP address from your DHCP server, but even if you get the address and forwarding all worked out, you probably won't be able to connect to a Skype server. I can give you a link to a support forum thread with 400+ people complaining about that, but there's not much point.
Interesting. Thanx!
-
Bill Shirley -
JD -
Pete Travis -
Robert Nichols -
Samuel Sieb