No subnet declaration; Can't open /var/lib/dhcp/dhcpd.leases for append

Hello,

I've never setup a dhcp server before and I've been struggling with the below issues for several days.  While I did find two solutions that worked for others, they didn't work for me.  Hopefully someone here can tell me how & where I'm messing things up.

As you can see from the below output, I'm getting "No subnet declaration" and also "Can't open /var/lib/dhcp/dhcpd.leases for append".  Perhaps they're related?

Thank you in advance for any solutions and/or helpful suggestions!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ubuntu 16.04

root@yellow:~# dhcpd -d -user dhcpd -group dhcpd

Internet Systems Consortium DHCP Server 4.3.3
Copyright 2004-2015 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Config file: /etc/dhcp/dhcpd.conf
Database file: /var/lib/dhcp/dhcpd.leases
PID file: /var/run/dhcpd.pid
Can't open /var/lib/dhcp/dhcpd.leases for append.

If you think you have received this message due to a bug rather
than a configuration issue please read the section on submitting
bugs on either our web page at www.isc.org or in the README file
before submitting a bug.  These pages explain the proper
process and the information we find helpful for debugging..

exiting.
root@yellow:~#

root@yellow:~# dhcpd -t -user dhcpd -group dhcpd
Internet Systems Consortium DHCP Server 4.3.3
Copyright 2004-2015 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Config file: /etc/dhcp/dhcpd.conf
Database file: /var/lib/dhcp/dhcpd.leases
PID file: /var/run/dhcpd.pid

# systemctl restart isc-dhcp-server

# systemctl status isc-dhcp-server
● isc-dhcp-server.service - ISC DHCP IPv4 server
   Loaded: loaded (/lib/systemd/system/isc-dhcp-server.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2018-01-26 10:49:55 PST; 23s ago
     Docs: <a class="moz-txt-link-freetext" href="man:dhcpd(8)">man:dhcpd(8)
 Main PID: 20023 (dhcpd)
   CGroup: /system.slice/isc-dhcp-server.service
           └─20023 dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid -cf /etc/dhcp

Jan 26 10:49:55 yellow dhcpd[20023]: Sending on   LPF/br0/c8:3a:35:da:42:72/10.1.1.0/24
Jan 26 10:49:55 yellow dhcpd[20023]:
Jan 26 10:49:55 yellow dhcpd[20023]: No subnet declaration for wlp2s0 (no IPv4 addresses).
Jan 26 10:49:55 yellow dhcpd[20023]: ** Ignoring requests on wlp2s0.  If this is not what
Jan 26 10:49:55 yellow dhcpd[20023]:    you want, please write a subnet declaration
Jan 26 10:49:55 yellow dhcpd[20023]:    in your dhcpd.conf file for the network segment
Jan 26 10:49:55 yellow dhcpd[20023]:    to which interface wlp2s0 is attached. **
Jan 26 10:49:55 yellow dhcpd[20023]:
Jan 26 10:49:55 yellow dhcpd[20023]: Sending on   Socket/fallback/fallback-net
Jan 26 10:49:55 yellow dhcpd[20023]: Server starting service.

# cat /etc/dhcp/dhcpd.conf

ddns-update-style none;
option domain-name "FQDN";
option domain-name-servers 10.1.1.1, 8.8.4.4, 50.23.197.95;

default-lease-time 86400;
max-lease-time 604800;

authoritative;

log-facility local7;


subnet 10.1.1.0 netmask 255.255.255.0 {
        interface wlp2s0;
        option domain-name-servers 10.1.1.1;
        max-lease-time 7200;
        default-lease-time 600;
        range 10.1.1.10 10.1.1.250;
        option subnet-mask 255.255.255.0;
        option broadcast-address 10.1.1.255;
        option routers 10.1.1.1;


    group {


        host yellow {
            hardware ethernet f0:7d:24:c2:c4:13;
            fixed-address 10.1.1.1;
        }

        host blue {
            hardware ethernet 00:23:ea:d1:c2:61;
            fixed-address 10.1.1.2;
        }
    }
}

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Thank you for your response!

Does wlp2s0 have an IP in 10.1.1.0 assigned to it?

# ip addr show wlp2s0
4: wlp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether f0:7d:68:c1:b4:13 brd ff:ff:ff:ff:ff:ff

I found a mistake in /etc/default/isc-dhcp-server

It said INTERFACES="wlp2s0 br0", which was a virtual bridge I'm no longer using.

Now it says INTERFACES="wlp2s0 enp4s5"

That changed the results for the worse, but those are the interfaces I need.  /etc/network/interfaces below.  Please note I'm also using hostapd as mentioned below.

root@yellow:~# systemctl status isc-dhcp-server
● isc-dhcp-server.service - ISC DHCP IPv4 server
   Loaded: loaded (/lib/systemd/system/isc-dhcp-server.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Fri 2018-01-26 13:04:57 PST; 5min ago
     Docs: <a class="moz-txt-link-freetext" href="man:dhcpd(8)">man:dhcpd(8)
 Main PID: 30014 (code=exited, status=1/FAILURE)

Jan 26 13:04:57 yellow sh[30014]: Not configured to listen on any interfaces!
Jan 26 13:04:57 yellow sh[30014]: If you think you have received this message due to a bug rather
Jan 26 13:04:57 yellow sh[30014]: than a configuration issue please read the section on submitting
Jan 26 13:04:57 yellow sh[30014]: bugs on either our web page at www.isc.org or in the README file
Jan 26 13:04:57 yellow sh[30014]: before submitting a bug.  These pages explain the proper
Jan 26 13:04:57 yellow sh[30014]: process and the information we find helpful for debugging..
Jan 26 13:04:57 yellow sh[30014]: exiting.
Jan 26 13:04:57 yellow systemd[1]: isc-dhcp-server.service: Main process exited, code=exited, status
Jan 26 13:04:57 yellow systemd[1]: isc-dhcp-server.service: Unit entered failed state.
Jan 26 13:04:57 yellow systemd[1]: isc-dhcp-server.service: Failed with result 'exit-code'.

# cat /etc/network/interfaces
# Set up the local loopback interface
auto lo
iface lo inet loopback
    dns-nameservers 10.1.1.1 8.8.8.8 8.8.4.4 50.23.197.95
    dns-search myFQDN

# Set up the external interface
auto enp6s0

########################################
# Keep the dhcp allocated IP as our primary address
########################################
iface enp6s0 inet dhcp
    dns-nameservers 10.1.1.1 8.8.8.8 8.8.4.4 50.23.197.95
    dns-search myFQDN

auto enp4s5
allow-hotplug enp4s5
iface enp4s5 inet static
    address 10.1.1.2/24
    gateway 10.1.1.1
    network 10.1.1.0
    netmask 255.255.255.255
    broadcast 10.1.1.255

    pre-up ip link set enp4s5 down
    up ip link set enp4s5 up



# Do not auto-start wireless.  Let hostapd do it.
#auto wlp2s0
allow-hotplug wlp2s0


iface wlp2s0 inet static
    address 10.1.1.3/24
    gateway 10.1.1.1
    network 10.1.1.0
    netmask 255.255.255.255
    broadcast 10.1.1.255
    #pre-up ip address 0.0.0.0 dev wlp2s0
    #up ip link set wlp2s0 up

# What is the difference between ip link set up and ifconfig up?
    pre-up ip link set wlp2s0 down
    up ip link set wlp2s0 up
    down ip link set wlp2s0 down
    # post-down <insert command here>

    wireless-mode master
    wireless-essid BHNDG1670B1Z12
    wireless-channel 1
    wpa-ssid BHNDG1670B1Z12

    # encrypted passwd
    wpa-psk b455C4A3XXX7EFB53A0C5D7E9220ZZZZ52DD82A5ZZZZ5282A757C38827f0f7ba
    gateway 10.1.1.1

subnet 10.1.1.0 netmask 255.255.255.0 {

        interface wlp2s0;

Does wlp2s0 have an IP in 10.1.1.0 assigned to it?

On Fri, Jan 26, 2018 at 2:10 PM, A <[hidden email]> wrote:

Hello,

I've never setup a dhcp server before and I've been struggling with the below issues for several days.  While I did find two solutions that worked for others, they didn't work for me.  Hopefully someone here can tell me how & where I'm messing things up.

As you can see from the below output, I'm getting "No subnet declaration" and also "Can't open /var/lib/dhcp/dhcpd.leases for append".  Perhaps they're related?

Thank you in advance for any solutions and/or helpful suggestions!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ubuntu 16.04

root@yellow:~# dhcpd -d -user dhcpd -group dhcpd

Internet Systems Consortium DHCP Server 4.3.3
Copyright 2004-2015 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Config file: /etc/dhcp/dhcpd.conf
Database file: /var/lib/dhcp/dhcpd.leases
PID file: /var/run/dhcpd.pid
Can't open /var/lib/dhcp/dhcpd.leases for append.

If you think you have received this message due to a bug rather
than a configuration issue please read the section on submitting
bugs on either our web page at www.isc.org or in the README file
before submitting a bug.  These pages explain the proper
process and the information we find helpful for debugging..

exiting.
root@yellow:~#

root@yellow:~# dhcpd -t -user dhcpd -group dhcpd
Internet Systems Consortium DHCP Server 4.3.3
Copyright 2004-2015 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Config file: /etc/dhcp/dhcpd.conf
Database file: /var/lib/dhcp/dhcpd.leases
PID file: /var/run/dhcpd.pid

# systemctl restart isc-dhcp-server

# systemctl status isc-dhcp-server
● isc-dhcp-server.service - ISC DHCP IPv4 server
   Loaded: loaded (/lib/systemd/system/isc-dhcp-server.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2018-01-26 10:49:55 PST; 23s ago
     Docs: man:dhcpd(8)
 Main PID: 20023 (dhcpd)
   CGroup: /system.slice/isc-dhcp-server.service
           └─20023 dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid -cf /etc/dhcp

Jan 26 10:49:55 yellow dhcpd[20023]: Sending on   LPF/br0/c8:3a:35:da:42:72/10.1.1.0/24
Jan 26 10:49:55 yellow dhcpd[20023]:
Jan 26 10:49:55 yellow dhcpd[20023]: No subnet declaration for wlp2s0 (no IPv4 addresses).
Jan 26 10:49:55 yellow dhcpd[20023]: ** Ignoring requests on wlp2s0.  If this is not what
Jan 26 10:49:55 yellow dhcpd[20023]:    you want, please write a subnet declaration
Jan 26 10:49:55 yellow dhcpd[20023]:    in your dhcpd.conf file for the network segment
Jan 26 10:49:55 yellow dhcpd[20023]:    to which interface wlp2s0 is attached. **
Jan 26 10:49:55 yellow dhcpd[20023]:
Jan 26 10:49:55 yellow dhcpd[20023]: Sending on   Socket/fallback/fallback-net
Jan 26 10:49:55 yellow dhcpd[20023]: Server starting service.

# cat /etc/dhcp/dhcpd.conf

ddns-update-style none;
option domain-name "FQDN";
option domain-name-servers 10.1.1.1, 8.8.4.4, 50.23.197.95;

default-lease-time 86400;
max-lease-time 604800;

authoritative;

log-facility local7;


subnet 10.1.1.0 netmask 255.255.255.0 {
        interface wlp2s0;
        option domain-name-servers 10.1.1.1;
        max-lease-time 7200;
        default-lease-time 600;
        range 10.1.1.10 10.1.1.250;
        option subnet-mask 255.255.255.0;
        option broadcast-address 10.1.1.255;
        option routers 10.1.1.1;


    group {


        host yellow {
            hardware ethernet f0:7d:24:c2:c4:13;
            fixed-address 10.1.1.1;
        }

        host blue {
            hardware ethernet 00:23:ea:d1:c2:61;
            fixed-address 10.1.1.2;
        }
    }
}

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Shouldn't the netmask be 255.255.255.0 ?

iface enp4s5 inet static
    address 10.1.1.2/24
    gateway 10.1.1.1
    network 10.1.1.0
    netmask 255.255.255.255
    broadcast 10.1.1.255

Also in your first post:
subnet 10.1.1.0 netmask 255.255.255.0 {
        interface wlp2s0;
        option domain-name-servers 10.1.1.1;
        max-lease-time 7200;
        default-lease-time 600;
        range 10.1.1.10 10.1.1.250;
        option subnet-mask 255.255.255.0;
        option broadcast-address 10.1.1.255;
        option routers 10.1.1.1;

As far as I know there is no interface directive.  Plus wlp2s0 is the wrong
interface.  You should remove that line.

What does 'ip -4 -o addr' show?

Bill


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Thanks for reponding!

Shouldn't the netmask be 255.255.255.0 ?

On 1/26/2018 4:57 PM, A wrote:

iface enp4s5 inet static
    address 10.1.1.2/24
    gateway 10.1.1.1
    network 10.1.1.0
    netmask 255.255.255.255
    broadcast 10.1.1.255

Probably... I don't know how I missed it.  Good catch!  Fixed it.

Also in your first post:
subnet 10.1.1.0 netmask 255.255.255.0 {
        interface wlp2s0;
        option domain-name-servers 10.1.1.1;
        max-lease-time 7200;
        default-lease-time 600;
        range 10.1.1.10 10.1.1.250;
        option subnet-mask 255.255.255.0;
        option broadcast-address 10.1.1.255;
        option routers 10.1.1.1;

As far as I know there is no interface directive.  Plus wlp2s0 is the wrong
interface.  You should remove that line.

 Wrong name for the device?  Or just shouldn't be the wireless interface?  Why is it wrong?
I got that interface directive from a web page...somewhere.  If that's not how to specify the interface for that subnet, then what is the proper way please?

I've removed it.  Still getting "Not configured to listen on any interfaces!"

What does 'ip -4 -o addr' show?

# ip -4 -o addr
1: lo    inet 127.0.0.1/8 scope host lo\       valid_lft forever preferred_lft forever
3: enp6s0    inet xx.xx.xx.xx/20 brd 255.255.255.255 scope global enp6s0\       valid_lft forever preferred_lft forever

Redacted obviously, but it's my ISP assigned WAN address.

# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp4s5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether c8:3a:35:da:42:72 brd ff:ff:ff:ff:ff:ff
3: enp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 70:85:c2:3b:13:24 brd ff:ff:ff:ff:ff:ff
4: wlp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
    link/ether f0:7d:68:c1:b4:13 brd ff:ff:ff:ff:ff:ff
root@yellow:~# iwconfig
enp6s0    no wireless extensions.

wlp2s0    IEEE 802.11  ESSID:"BHNDG1670B1Z12" 
          Mode:Managed  Frequency:2.412 GHz  Access Point: Not-Associated  
          Tx-Power=20 dBm  
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
         
lo        no wireless extensions.

enp4s5    no wireless extensions.

Bill

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

A <[hidden email]> wrote:

There is no instruction in dhcpd.conf called "interface". The example you found probably had it as a comment to help the person keep track of what is where.

> If that's not how to specify the interface for that subnet, then what is the proper way please?

You don't ! It happens automagically, and bear in mind that a subnet served by a DHCP server does NOT have to be directly connected - it can come via a relay agent.
The server uses the IP address(es) of the interface for directly connected clients, or the Gateway Interface Address (GIAddr) field inserted by a relay agent if the client is remote (the other side of a router). That address is used to determine which subnet a client is connected to.


>> What does 'ip -4 -o addr' show?
>>
> # ip -4 -o addr
> 1: lo    inet 127.0.0.1/8 scope host lo\       valid_lft forever preferred_lft forever
> 3: enp6s0    inet xx.xx.xx.xx/20 brd 255.255.255.255 scope global enp6s0\       valid_lft forever preferred_lft forever

OK, you do not have IPv4 addresses on any internal interface ! it isn't going to work like that. Or have you deleted lines from that output thinking they aren't relevant ?

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

This is all kinds of confusing.  You're configuring DHCP on a machine
named 'yellow' who's address is 10.1.1.2 and has a gateway of 10.1.1.1.
Yet 'yellow' has a WAN connection?

You've configured DHCP for subnet 10.1.1.0/24 which is on interface
'enp4s5' which IS NOT UP.  Can you ping anything on the LAN?

Is 'yellow' the internet gateway?

Also your DHCP configuration:
       host yellow {
            hardware ethernet f0:7d:24:c2:c4:13;
            fixed-address 10.1.1.1;
        }
^^You're defining 'yellow' (which is the DHCP server!!) and it has a
different address that the one you defined in /etc/network/interfaces!!
iface enp4s5 inet static
    address 10.1.1.2/24

Don't define host 'yellow' in the DHCP configuration.  Add a comment if
you like.

You need to figure out which 10.1.1.0/24 address 'yellow' is supposed to
have and bring up interface 'enp4s5'.

Is 'yellow' the gateway for 10.1.1.0/24?  Your 'option routers 10.1.1.1'
says it's not.

Bill

A [hidden email] wrote:

Also in your first post:
subnet 10.1.1.0 netmask 255.255.255.0 {
        interface wlp2s0;
        option domain-name-servers 10.1.1.1;
        max-lease-time 7200;
        default-lease-time 600;
        range 10.1.1.10 10.1.1.250;
        option subnet-mask 255.255.255.0;
        option broadcast-address 10.1.1.255;
        option routers 10.1.1.1;

As far as I know there is no interface directive.  Plus wlp2s0 is the wrong
interface.  You should remove that line.

 Wrong name for the device?  Or just shouldn't be the wireless interface?  Why is it wrong?

There is no instruction in dhcpd.conf called "interface". The example you found probably had it as a comment to help the person keep track of what is where.

If that's not how to specify the interface for that subnet, then what is the proper way please?

You don't ! It happens automagically, and bear in mind that a subnet served by a DHCP server does NOT have to be directly connected - it can come via a relay agent.
The server uses the IP address(es) of the interface for directly connected clients, or the Gateway Interface Address (GIAddr) field inserted by a relay agent if the client is remote (the other side of a router). That address is used to determine which subnet a client is connected to.

What does 'ip -4 -o addr' show?

# ip -4 -o addr
1: lo    inet 127.0.0.1/8 scope host lo\       valid_lft forever preferred_lft forever
3: enp6s0    inet xx.xx.xx.xx/20 brd 255.255.255.255 scope global enp6s0\       valid_lft forever preferred_lft forever

OK, you do not have IPv4 addresses on any internal interface ! it isn't going to work like that. Or have you deleted lines from that output thinking they aren't relevant ?

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

This is all kinds of confusing.  You're configuring DHCP on a machine
named 'yellow' who's address is 10.1.1.2 and has a gateway of 10.1.1.1.
Yet 'yellow' has a WAN connection?

yellow is at 10.1.1.1.  The .2 was a typo.

You've configured DHCP for subnet 10.1.1.0/24 which is on interface
'enp4s5' which IS NOT UP.  Can you ping anything on the LAN?

Is 'yellow' the internet gateway?

Also your DHCP configuration:
       host yellow {
            hardware ethernet f0:7d:24:c2:c4:13;
            fixed-address 10.1.1.1;
        }
^^You're defining 'yellow' (which is the DHCP server!!) and it has a
different address that the one you defined in /etc/network/interfaces!!
iface enp4s5 inet static
    address 10.1.1.2/24

Nice catch!

Don't define host 'yellow' in the DHCP configuration.  Add a comment if
you like.

OK.  I also removed blue.  However I did entered them so that yellow & blue would each always get the same IP.  dhcp is primarily for wireless devices at the moment.  But, I do expect more wired devices that will need dhcp at some point.

You need to figure out which 10.1.1.0/24 address 'yellow' is supposed to
have and bring up interface 'enp4s5'.

Is 'yellow' the gateway for 10.1.1.0/24?  Your 'option routers 10.1.1.1'
says it's not.

Yes.  yellow is at 10.1.1.1, it is the gateway.

My updated dhcpd.conf:

ddns-update-style none;
option domain-name "myFQDN";
option domain-name-servers 10.1.1.1, 8.8.4.4, 50.23.197.95;

default-lease-time 86400;
max-lease-time 604800;

authoritative;

log-facility local7;

subnet 10.1.1.0 netmask 255.255.255.0 {
        option domain-name-servers 10.1.1.1;
        max-lease-time 7200;
        default-lease-time 600;
        range 10.1.1.10 10.1.1.250;
        option subnet-mask 255.255.255.0;
        option broadcast-address 10.1.1.255;
        option routers 10.1.1.1;
}

# ip -4 -o addr
1: lo    inet 127.0.0.1/8 scope host lo\       valid_lft forever preferred_lft forever
2: enp4s5    inet 10.1.1.1/24 brd 10.1.1.255 scope global enp4s5\       valid_lft forever preferred_lft forever
3: enp6s0    inet [xx.xx.xx.xx/20 brd 255.255.255.255 scope global enp6s0\       valid_lft forever preferred_lft forever
4: wlp2s0    inet 10.1.1.10/24 brd 10.1.1.255 scope global wlp2s0\       valid_lft forever preferred_lft forever


systemctl status isc-dhcp-server
root@yellow:/usr/local/src/myscripts# systemctl status isc-dhcp-server
● isc-dhcp-server.service - ISC DHCP IPv4 server
   Loaded: loaded (/lib/systemd/system/isc-dhcp-server.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2018-01-27 10:37:48 PST; 10min ago
     Docs: <a class="moz-txt-link-freetext" href="man:dhcpd(8)">man:dhcpd(8)
 Main PID: 5804 (dhcpd)
   CGroup: /system.slice/isc-dhcp-server.service
           └─5804 dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid -cf /etc/dhcp/

Jan 27 10:37:48 yellow dhcpd[5804]:    in your dhcpd.conf file for the network segment
Jan 27 10:37:48 yellow dhcpd[5804]:    to which interface enp4s5 is attached. **
Jan 27 10:37:48 yellow dhcpd[5804]:
Jan 27 10:37:48 yellow dhcpd[5804]: Listening on LPF/wlp2s0/f0:7d:68:c1:b4:13/10.1.1.0/24
Jan 27 10:37:48 yellow dhcpd[5804]: Sending on   LPF/wlp2s0/f0:7d:68:c1:b4:13/10.1.1.0/24
Jan 27 10:37:48 yellow sh[5804]: Listening on LPF/wlp2s0/f0:7d:68:c1:b4:13/10.1.1.0/24
Jan 27 10:37:48 yellow sh[5804]: Sending on   LPF/wlp2s0/f0:7d:68:c1:b4:13/10.1.1.0/24
Jan 27 10:37:48 yellow sh[5804]: Sending on   Socket/fallback/fallback-net
Jan 27 10:37:48 yellow dhcpd[5804]: Sending on   Socket/fallback/fallback-net
Jan 27 10:37:48 yellow dhcpd[5804]: Server starting service.


syslog:

Jan 27 10:37:48 yellow systemd[1]: Started ISC DHCP IPv4 server.
Jan 27 10:37:48 yellow dhcpd[5804]: Internet Systems Consortium DHCP Server 4.3.3
Jan 27 10:37:48 yellow sh[5804]: Internet Systems Consortium DHCP Server 4.3.3
Jan 27 10:37:48 yellow sh[5804]: Copyright 2004-2015 Internet Systems Consortium.
Jan 27 10:37:48 yellow sh[5804]: All rights reserved.
Jan 27 10:37:48 yellow sh[5804]: For info, please visit https://www.isc.org/software/dhcp/
Jan 27 10:37:48 yellow dhcpd[5804]: Copyright 2004-2015 Internet Systems Consortium.
Jan 27 10:37:48 yellow dhcpd[5804]: All rights reserved.
Jan 27 10:37:48 yellow dhcpd[5804]: For info, please visit https://www.isc.org/software/dhcp/
Jan 27 10:37:48 yellow dhcpd[5804]: Config file: /etc/dhcp/dhcpd.conf
Jan 27 10:37:48 yellow sh[5804]: Config file: /etc/dhcp/dhcpd.conf
Jan 27 10:37:48 yellow sh[5804]: Database file: /var/lib/dhcp/dhcpd.leases
Jan 27 10:37:48 yellow sh[5804]: PID file: /run/dhcp-server/dhcpd.pid
Jan 27 10:37:48 yellow dhcpd[5804]: Database file: /var/lib/dhcp/dhcpd.leases
Jan 27 10:37:48 yellow sh[5804]: Wrote 4 leases to leases file.
Jan 27 10:37:48 yellow dhcpd[5804]: PID file: /run/dhcp-server/dhcpd.pid
Jan 27 10:37:48 yellow dhcpd[5804]: Internet Systems Consortium DHCP Server 4.3.3
Jan 27 10:37:48 yellow dhcpd[5804]: Copyright 2004-2015 Internet Systems Consortium.
Jan 27 10:37:48 yellow dhcpd[5804]: All rights reserved.
Jan 27 10:37:48 yellow dhcpd[5804]: For info, please visit https://www.isc.org/software/dhcp/
Jan 27 10:37:48 yellow dhcpd[5804]: Wrote 4 leases to leases file.
Jan 27 10:37:48 yellow dhcpd[5804]:
Jan 27 10:37:48 yellow sh[5804]: No subnet declaration for enp4s5 (no IPv4 addresses).
Jan 27 10:37:48 yellow sh[5804]: ** Ignoring requests on enp4s5.  If this is not what
Jan 27 10:37:48 yellow sh[5804]:    you want, please write a subnet declaration
Jan 27 10:37:48 yellow sh[5804]:    in your dhcpd.conf file for the network segment
Jan 27 10:37:48 yellow sh[5804]:    to which interface enp4s5 is attached. **
Jan 27 10:37:48 yellow dhcpd[5804]: No subnet declaration for enp4s5 (no IPv4 addresses).
Jan 27 10:37:48 yellow dhcpd[5804]: ** Ignoring requests on enp4s5.  If this is not what
Jan 27 10:37:48 yellow dhcpd[5804]:    you want, please write a subnet declaration
Jan 27 10:37:48 yellow dhcpd[5804]:    in your dhcpd.conf file for the network segment
Jan 27 10:37:48 yellow dhcpd[5804]:    to which interface enp4s5 is attached. **
Jan 27 10:37:48 yellow dhcpd[5804]:
Jan 27 10:37:48 yellow dhcpd[5804]: Listening on LPF/wlp2s0/f0:7d:68:c1:b4:13/10.1.1.0/24
Jan 27 10:37:48 yellow dhcpd[5804]: Sending on   LPF/wlp2s0/f0:7d:68:c1:b4:13/10.1.1.0/24
Jan 27 10:37:48 yellow sh[5804]: Listening on LPF/wlp2s0/f0:7d:68:c1:b4:13/10.1.1.0/24
Jan 27 10:37:48 yellow sh[5804]: Sending on   LPF/wlp2s0/f0:7d:68:c1:b4:13/10.1.1.0/24
Jan 27 10:37:48 yellow sh[5804]: Sending on   Socket/fallback/fallback-net
Jan 27 10:37:48 yellow dhcpd[5804]: Sending on   Socket/fallback/fallback-net
Jan 27 10:37:48 yellow dhcpd[5804]: Server starting service.

# cat /etc/network/interfaces

auto lo
iface lo inet loopback
    dns-nameservers 10.1.1.1 8.8.8.8 8.8.4.4 50.23.197.95
    dns-search myFQDN

auto enp6s0

iface enp6s0 inet dhcp
    dns-nameservers 10.1.1.1 8.8.8.8 8.8.4.4 50.23.197.95
    dns-search myFQDN


auto enp4s5
allow-hotplug enp4s5
iface enp4s5 inet static
    address 10.1.1.1/24
    gateway 10.1.1.1
    network 10.1.1.0
    netmask 255.255.255.0
    broadcast 10.1.1.255

    pre-up ip link set enp4s5 down
    up ip link set enp4s5 up

    #down ip link set enp4s5 down
    # post-down <insert command here>


allow-hotplug wlp2s0

iface wlp2s0 inet static
    address 10.1.1.3/24
    gateway 10.1.1.1
    network 10.1.1.0
    netmask 255.255.255.0
    broadcast 10.1.1.255

    pre-up ip link set wlp2s0 down
    up ip link set wlp2s0 up
    down ip link set wlp2s0 down

    wireless-mode master
    wireless-essid BHNDK16A0C1Z12
    wireless-channel 1
    wpa-ssid BHNDK16A0C1Z12

    # encrypted passwd
    wpa-psk [redacted]
    gateway 10.1.1.1

Bill

On 1/27/2018 5:57 AM, Simon Hobson wrote:

A [hidden email] wrote:

Also in your first post:
subnet 10.1.1.0 netmask 255.255.255.0 {
        interface wlp2s0;
        option domain-name-servers 10.1.1.1;
        max-lease-time 7200;
        default-lease-time 600;
        range 10.1.1.10 10.1.1.250;
        option subnet-mask 255.255.255.0;
        option broadcast-address 10.1.1.255;
        option routers 10.1.1.1;

As far as I know there is no interface directive.  Plus wlp2s0 is the wrong
interface.  You should remove that line.

 Wrong name for the device?  Or just shouldn't be the wireless interface?  Why is it wrong?

There is no instruction in dhcpd.conf called "interface". The example you found probably had it as a comment to help the person keep track of what is where.

If that's not how to specify the interface for that subnet, then what is the proper way please?

You don't ! It happens automagically, and bear in mind that a subnet served by a DHCP server does NOT have to be directly connected - it can come via a relay agent.
The server uses the IP address(es) of the interface for directly connected clients, or the Gateway Interface Address (GIAddr) field inserted by a relay agent if the client is remote (the other side of a router). That address is used to determine which subnet a client is connected to.

What does 'ip -4 -o addr' show?

# ip -4 -o addr
1: lo    inet 127.0.0.1/8 scope host lo\       valid_lft forever preferred_lft forever
3: enp6s0    inet xx.xx.xx.xx/20 brd 255.255.255.255 scope global enp6s0\       valid_lft forever preferred_lft forever

OK, you do not have IPv4 addresses on any internal interface ! it isn't going to work like that. Or have you deleted lines from that output thinking they aren't relevant ?

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

A <[hidden email]> wrote:

# ip -4 -o addr

1: lo    inet 127.0.0.1/8 scope host lo\       valid_lft forever preferred_lft forever
2: enp4s5    inet 10.1.1.1/24 brd 10.1.1.255 scope global enp4s5\       valid_lft forever preferred_lft forever
3: enp6s0    inet [xx.xx.xx.xx/20 brd 255.255.255.255 scope global enp6s0\       valid_lft forever preferred_lft forever
4: wlp2s0    inet 10.1.1.10/24 brd 10.1.1.255 scope global wlp2s0\       valid_lft forever preferred_lft forever
...

Jan 27 10:37:48 yellow sh[5804]: No subnet declaration for enp4s5 (no IPv4 addresses).
Jan 27 10:37:48 yellow sh[5804]: ** Ignoring requests on enp4s5.  If this is not what
Jan 27 10:37:48 yellow sh[5804]:    you want, please write a subnet declaration
Jan 27 10:37:48 yellow sh[5804]:    in your dhcpd.conf file for the network segment
Jan 27 10:37:48 yellow sh[5804]:    to which interface enp4s5 is attached. **
Jan 27 10:37:48 yellow dhcpd[5804]: No subnet declaration for enp4s5 (no IPv4 addresses).
Jan 27 10:37:48 yellow dhcpd[5804]: ** Ignoring requests on enp4s5.  If this is not what
Jan 27 10:37:48 yellow dhcpd[5804]:    you want, please write a subnet declaration
Jan 27 10:37:48 yellow dhcpd[5804]:    in your dhcpd.conf file for the network segment
Jan 27 10:37:48 yellow dhcpd[5804]:    to which interface enp4s5 is attached. **
Jan 27 10:37:48 yellow dhcpd[5804]:
Jan 27 10:37:48 yellow dhcpd[5804]: Listening on LPF/wlp2s0/f0:7d:68:c1:b4:13/10.1.1.0/24
Jan 27 10:37:48 yellow dhcpd[5804]: Sending on   LPF/wlp2s0/f0:7d:68:c1:b4:13/10.1.1.0/24
Jan 27 10:37:48 yellow sh[5804]: Listening on LPF/wlp2s0/f0:7d:68:c1:b4:13/10.1.1.0/24
Jan 27 10:37:48 yellow sh[5804]: Sending on   LPF/wlp2s0/f0:7d:68:c1:b4:13/10.1.1.0/24
Jan 27 10:37:48 yellow sh[5804]: Sending on   Socket/fallback/fallback-net
Jan 27 10:37:48 yellow dhcpd[5804]: Sending on   Socket/fallback/fallback-net
Jan 27 10:37:48 yellow dhcpd[5804]: Server starting service.

Hmm, I have an idea what the problem might be. You have two interfaces in the same subnet and I don't think the dhcp server can handle that. The OS can deal with it because it keeps an ARP cache and so can figure out which interface to use for outbound packets.

BUT, ISC DHCPD doesn't use the OS for routing a lot of it's packets - it works at a lower level as it has to be able to send packets which wouldn't ordinarily be routable (no destination IP address) to clients.

So what I think might be happening is that it's connecting the 10.1.1.0/24 subnet with the wlp2s0 interface, and then when it tries to configure the enp4s5 interface, there is no subnet available to connect with it

Sounds reasonable.  And therefore if I was to force it to use enp4s5 somehow, there'd be no subnet for wlp2s0; right?

I did originally have two separate subnets with a /28 CIDR, but I was unable to reach the Internet from blue and someone suggested I have one subnet in order to act as a typical home router. So I reconfigured everything and it's now borked worse than it was.  Said person disappeared shortly after of course.

I'm assuming this box is permanently connected to both networks ? If not then it wouldn't be very useful as a DHCP server.

Yellow - yes.

Is there another device bridging the ethernet and WiFi ?

Not anymore.  There was a virtual bridge using bridge-utils at one point as mentioned above.  Wouldn't be impossible to put it back.

I assume there's an AP

I'm using hostapd as I'm unaware of any other option for AP software at this time.

, or it's built into the router - and in that case, you do not need (for DHCP anyway) to listen on the WiFi interface since packets will get bridges to the ethernet interface by the AP.

There is no commercial router.  Yellow is the router, gateway, access point, dhcp server, dns server, firewall (iptables) and more.



_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

I would suggest setting wlp2s0 as a different subnet, say 10.1.2.1/24
and create an additional subnet declaration in DHCP with option routers
10.1.2.1.  'yellow' should route between 10.1.1.0/24 and 10.1.2.0/24
for your internal devices.

Bill

On 01/27/2018 11:57 AM, Simon Hobson wrote:

A <[hidden email]> wrote:

# ip -4 -o addr

1: lo    inet 127.0.0.1/8 scope host lo\       valid_lft forever preferred_lft forever
2: enp4s5    inet 10.1.1.1/24 brd 10.1.1.255 scope global enp4s5\       valid_lft forever preferred_lft forever
3: enp6s0    inet [xx.xx.xx.xx/20 brd 255.255.255.255 scope global enp6s0\       valid_lft forever preferred_lft forever
4: wlp2s0    inet 10.1.1.10/24 brd 10.1.1.255 scope global wlp2s0\       valid_lft forever preferred_lft forever
...

Jan 27 10:37:48 yellow sh[5804]: No subnet declaration for enp4s5 (no IPv4 addresses).
Jan 27 10:37:48 yellow sh[5804]: ** Ignoring requests on enp4s5.  If this is not what
Jan 27 10:37:48 yellow sh[5804]:    you want, please write a subnet declaration
Jan 27 10:37:48 yellow sh[5804]:    in your dhcpd.conf file for the network segment
Jan 27 10:37:48 yellow sh[5804]:    to which interface enp4s5 is attached. **
Jan 27 10:37:48 yellow dhcpd[5804]: No subnet declaration for enp4s5 (no IPv4 addresses).
Jan 27 10:37:48 yellow dhcpd[5804]: ** Ignoring requests on enp4s5.  If this is not what
Jan 27 10:37:48 yellow dhcpd[5804]:    you want, please write a subnet declaration
Jan 27 10:37:48 yellow dhcpd[5804]:    in your dhcpd.conf file for the network segment
Jan 27 10:37:48 yellow dhcpd[5804]:    to which interface enp4s5 is attached. **
Jan 27 10:37:48 yellow dhcpd[5804]:
Jan 27 10:37:48 yellow dhcpd[5804]: Listening on LPF/wlp2s0/f0:7d:68:c1:b4:13/10.1.1.0/24
Jan 27 10:37:48 yellow dhcpd[5804]: Sending on   LPF/wlp2s0/f0:7d:68:c1:b4:13/10.1.1.0/24
Jan 27 10:37:48 yellow sh[5804]: Listening on LPF/wlp2s0/f0:7d:68:c1:b4:13/10.1.1.0/24
Jan 27 10:37:48 yellow sh[5804]: Sending on   LPF/wlp2s0/f0:7d:68:c1:b4:13/10.1.1.0/24
Jan 27 10:37:48 yellow sh[5804]: Sending on   Socket/fallback/fallback-net
Jan 27 10:37:48 yellow dhcpd[5804]: Sending on   Socket/fallback/fallback-net
Jan 27 10:37:48 yellow dhcpd[5804]: Server starting service.

Hmm, I have an idea what the problem might be. You have two interfaces in the same subnet and I don't think the dhcp server can handle that. The OS can deal with it because it keeps an ARP cache and so can figure out which interface to use for outbound packets.

BUT, ISC DHCPD doesn't use the OS for routing a lot of it's packets - it works at a lower level as it has to be able to send packets which wouldn't ordinarily be routable (no destination IP address) to clients.

So what I think might be happening is that it's connecting the 10.1.1.0/24 subnet with the wlp2s0 interface, and then when it tries to configure the enp4s5 interface, there is no subnet available to connect with it

Sounds reasonable.  And therefore if I was to force it to use enp4s5 somehow, there'd be no subnet for wlp2s0; right?

I did originally have two separate subnets with a /28 CIDR, but I was unable to reach the Internet from blue and someone suggested I have one subnet in order to act as a typical home router. So I reconfigured everything and it's now borked worse than it was.  Said person disappeared shortly after of course.

I'm assuming this box is permanently connected to both networks ? If not then it wouldn't be very useful as a DHCP server.

Yellow - yes.

Is there another device bridging the ethernet and WiFi ?

Not anymore.  There was a virtual bridge using bridge-utils at one point as mentioned above.  Wouldn't be impossible to put it back.

I assume there's an AP

I'm using hostapd as I'm unaware of any other option for AP software at this time.

, or it's built into the router - and in that case, you do not need (for DHCP anyway) to listen on the WiFi interface since packets will get bridges to the ethernet interface by the AP.

There is no commercial router.  Yellow is the router, gateway, access point, dhcp server, dns server, firewall (iptables) and more.

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Bill Shirley <[hidden email]> wrote:

> I would suggest setting wlp2s0 as a different subnet, say 10.1.2.1/24
> and create an additional subnet declaration in DHCP with option routers
> 10.1.2.1.  'yellow' should route between 10.1.1.0/24 and 10.1.2.0/24
> for your internal devices.

That's another way of doing it, but it precludes most autodicovery protocols working between wired and wireless devices. Eg you wireless device won't be able to discover a wired printer through mDNS (aka Zeroconf).

That's a significant problem where people want to segregate devices (eg put IoTat one it's own network so it can't blab about other stuff you have) because so much of it is written on the assumption that (eg) your smartphone is on the same network as the device.

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

True. Another way is to forget about using wlp2s0, buy and inexpensive router,
turn OFF the router's DHCP server, and plug the LAN side of the router into the
same switch as enp4s5.  Nothing is plugged into the WAN side of the router.

The router will pass everything, including DHCP traffic, through to the enp4s5
interface and all internal devices will be on one subnet.  This works well.

Bill

On 1/27/2018 4:38 PM, Simon Hobson wrote:
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Should have said inexpensive wireless router.

Bill

On 1/27/2018 4:44 PM, Bill Shirley wrote:
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Bill Shirley <[hidden email]> wrote:

> True. Another way is to forget about using wlp2s0, buy and inexpensive router,
> turn OFF the router's DHCP server, and plug the LAN side of the router into the
> same switch as enp4s5.

Better still, buy a device intended to be a wireless access point and with less compromises. I quite like the Ubiquiti Unifi range, but there are plenty of manufacturers to choose from.
Once out of the budget range, most APs support things like VLANs and multiple SSIDs - you usually have to pay a lot more for a router before you get that sort of ability.

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

On 2018-01-27 22:53, Simon Hobson wrote:
> Bill Shirley <[hidden email]> wrote:
>
>> True. Another way is to forget about using wlp2s0, buy and inexpensive router,
>> turn OFF the router's DHCP server, and plug the LAN side of the router into the
>> same switch as enp4s5.
> Better still, buy a device intended to be a wireless access point and with less compromises. I quite like the Ubiquiti Unifi range, but there are plenty of manufacturers to choose from.
> Once out of the budget range, most APs support things like VLANs and multiple SSIDs - you usually have to pay a lot more for a router before you get that sort of ability.
>
Agreed. And it would simplfy things a lot. From checking the innards of
a commercial router which makes extensive use of bridges, i *think* the
OP solution can work with a bridge... But the biggest problem i have
with it, is that his single box is doing way too much. That will be an
unpleasant device to maintain. With lots of options to shoot yourself in
the foot, especially during upgrade time.

When you start adding in requirements like a WiFi guest network that
solution quickly becomes even more complicated. Not impossible, just
complicated.
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

A <[hidden email]> wrote:

I did originally have two separate subnets with a /28 CIDR, but I was unable to reach the Internet from blue and someone suggested I have one subnet in order to act as a typical home router. So I reconfigured everything and it's now borked worse than it was.  Said person disappeared shortly after of course.

There is no commercial router.  Yellow is the router, gateway, access point, dhcp server, dns server, firewall (iptables) and more.

OK, so this box is your gateway, AP, etc, etc. In that case I believe that your setup is fundamentally broken - you have TWO SEPARATE networks (one wired, one wireless) running the same subnet.

Yes, that's how I was told to set it up by a helpful individual.  I was told since it was one subnet, no routing would be needed.  The wireless & wired interfaces would be bridged.  Seemed reasonable.  It sounds like you are suggesting exactly the same thing so "fundamentally broken" seems a bit harsh.

Thus devices on the wired network cannot talk to devices on the WiFi and vice-verca.

Bear in mind that I've not used WiFi in this manner (I'm used to using external APs), so I am unsure of some of the details. If you want to run a single unified network then you will need to create a bridge, and put the wired and wireless adapters into that bridge - and put your address 10.1.1.1/24 onto the bridge. You will then have one network, and the bridge software will pass packets between them, as well as keeping track of which clients are in which network segment.

I removed the bridge because I was unable to reach the Internet from yellow (nor blue).  And that is how things stand now.  Bridge up, Internet down.  Bridge down, Internet up. 

As far as (almost) all software on your box is concerned, you just deal with one interface (the bridge, eg br0). What I am unsure about is how dhcpd behaves in this case - hopefully someone who's run this setup can comment ? I would hope that it would use the bridge interface in the same manner as it would use a "real" one, but there can be some subtle differences.

I had it working with the bridge at one point - each box could ping the other on both wired & wireless, but blue couldn't reach the Internet.  Lets see if we can put it back.

.... blue now receives an IP of .14; neither machine can ping the other, though each can ping its own assigned IP.

# brctl show
bridge name    bridge id        STP enabled    interfaces
br0        8000.7085c23b1324    no                   enp4s5
                                                                         enp6s0


$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp4s5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether c8:3a:35:da:42:72 brd ff:ff:ff:ff:ff:ff
    inet 10.1.1.1/24 brd 10.1.1.255 scope global enp4s5
       valid_lft forever preferred_lft forever
3: enp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether 70:85:c2:3b:13:24 brd ff:ff:ff:ff:ff:ff
    inet [xx.xx.xx.xx]/20 brd 255.255.255.255 scope global enp6s0
       valid_lft forever preferred_lft forever
    inet6 fe80::7285:c2ff:fe3b:1324/64 scope link
       valid_lft forever preferred_lft forever
4: wlp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether f0:7d:68:c1:b4:13 brd ff:ff:ff:ff:ff:ff
    inet 10.1.1.10/24 brd 10.1.1.255 scope global wlp2s0
       valid_lft forever preferred_lft forever
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 70:85:c2:3b:13:24 brd ff:ff:ff:ff:ff:ff
    inet 10.1.1.1/24 brd 10.1.1.255 scope global br0
       valid_lft forever preferred_lft forever
    inet6 fe80::7285:c2ff:fe3b:1324/64 scope link
       valid_lft forever preferred_lft forever

# ip route
default via 174.xx.yy.1 dev enp6s0
10.1.1.0/24 dev enp4s5  proto kernel  scope link  src 10.1.1.1
174.xx.yy.0/20 dev enp6s0  proto kernel  scope link  src 174.xx.bb.zz



_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

I don't know much about bridging but I think that says you've
bridged the wired interface and the internet.

Get rid of the bridge and try creating a 2nd subnet for wlp2s0 like
I said in an earlier post:

I would suggest setting wlp2s0 as a different subnet, say 10.1.2.1/24
and create an additional subnet declaration in DHCP with option routers
10.1.2.1.  'yellow' should route between 10.1.1.0/24 and 10.1.2.0/24
for your internal devices.

Bill

.... blue now receives an IP of .14; neither machine can ping the other, though each can ping its own assigned IP.

# brctl show
bridge name    bridge id        STP enabled    interfaces
br0        8000.7085c23b1324    no                   enp4s5
                                                                         enp6s0

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

I meant to include the current /etc/network/interfaces.  Below.  However, in the meantime I'm getting different results.  Perhaps due to the fact that I changed "static" to "manuel".  I also deleted the bridge.  Now, both machines can ping each other on the wired interface, and  yellow can still ping the 'Net.  Blue cannot ping the Internet.

It's unclear if the bridge-utils is truly out of the picture, despite the tools reporting so.  I suspect this may still be an issue that will come back later when I retry.

PING blue (10.1.1.14) 56(84) bytes of data.
64 bytes from blue (10.1.1.14): icmp_seq=1 ttl=64 time=0.353 ms

ping google.com
PING google.com (172.217.11.78) 56(84) bytes of data.
64 bytes from lax17s34-in-f14.1e100.net (172.217.11.78): icmp_seq=1 ttl=56 time=23.4 ms

# ping yellow
PING yellow (127.0.1.1) 56(84) bytes of data.
64 bytes from yellow (127.0.1.1): icmp_seq=1 ttl=64 time=0.088 ms
^C
--- yellow ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.088/0.088/0.088/0.000 ms

# ping router
PING yellow (10.1.1.1) 56(84) bytes of data.
64 bytes from yellow (10.1.1.1): icmp_seq=1 ttl=64 time=0.077 ms
^C
--- yellow ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.077/0.077/0.077/0.000 ms

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

/etc/network/interfaces:

auto lo
iface lo inet loopback
    dns-nameservers 10.1.1.1 8.8.8.8 8.8.4.4 50.23.197.95
    dns-search FQDN

auto enp6s0

iface enp6s0 inet dhcp
    dns-nameservers 10.1.1.1 8.8.8.8 8.8.4.4 50.23.197.95
    dns-search FQDN


auto enp4s5
allow-hotplug enp4s5
iface enp4s5 inet manuel
    gateway 10.1.1.1
    network 10.1.1.0
    netmask 255.255.255.0
    broadcast 10.1.1.255

    # Before we can change the address we have to bring the face down
    pre-up ip link set enp4s5 down

# I don't know if I can use two ups.  I don't know the right way to do this.
    up ip address 0.0.0.0 dev enp4s5
    up ip link set enp4s5 up
    down ip link set enp4s5 down


allow-hotplug wlp2s0
iface wlp2s0 inet manuel
    gateway 10.1.1.1
    network 10.1.1.0
    netmask 255.255.255.0
    broadcast 10.1.1.255

# I don't know if I can use two pre-ups.  I don't know the right way to do this.
    pre-up ip link set wlp2s0 down
    pre-up ip address 0.0.0.0 dev wlp2s0
    up ip link set wlp2s0 up
    down ip link set wlp2s0 down

    wireless-mode master
    wireless-essid XXXXXXXXXXXXXX
    wireless-channel 1
    wpa-ssid XXXXXXXXXXXXXX
    wpa-psk XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    gateway 10.1.1.1



auto br0
iface br0 inet static
    address 10.1.1.1
    network 10.1.1.0
    netmask 255.255.255.0
    broadcast 10.1.1.255
    bridge-ports enp4s5 wlp2s0

On 01/27/2018 01:28 PM, Simon Hobson wrote:

A <[hidden email]> wrote:

I did originally have two separate subnets with a /28 CIDR, but I was unable to reach the Internet from blue and someone suggested I have one subnet in order to act as a typical home router. So I reconfigured everything and it's now borked worse than it was.  Said person disappeared shortly after of course.

There is no commercial router.  Yellow is the router, gateway, access point, dhcp server, dns server, firewall (iptables) and more.

OK, so this box is your gateway, AP, etc, etc. In that case I believe that your setup is fundamentally broken - you have TWO SEPARATE networks (one wired, one wireless) running the same subnet.

Yes, that's how I was told to set it up by a helpful individual.  I was told since it was one subnet, no routing would be needed.  The wireless & wired interfaces would be bridged.  Seemed reasonable.  It sounds like you are suggesting exactly the same thing so "fundamentally broken" seems a bit harsh.

Thus devices on the wired network cannot talk to devices on the WiFi and vice-verca.

Bear in mind that I've not used WiFi in this manner (I'm used to using external APs), so I am unsure of some of the details. If you want to run a single unified network then you will need to create a bridge, and put the wired and wireless adapters into that bridge - and put your address 10.1.1.1/24 onto the bridge. You will then have one network, and the bridge software will pass packets between them, as well as keeping track of which clients are in which network segment.

I removed the bridge because I was unable to reach the Internet from yellow (nor blue).  And that is how things stand now.  Bridge up, Internet down.  Bridge down, Internet up. 

As far as (almost) all software on your box is concerned, you just deal with one interface (the bridge, eg br0). What I am unsure about is how dhcpd behaves in this case - hopefully someone who's run this setup can comment ? I would hope that it would use the bridge interface in the same manner as it would use a "real" one, but there can be some subtle differences.

I had it working with the bridge at one point - each box could ping the other on both wired & wireless, but blue couldn't reach the Internet.  Lets see if we can put it back.

.... blue now receives an IP of .14; neither machine can ping the other, though each can ping its own assigned IP.

# brctl show
bridge name    bridge id        STP enabled    interfaces
br0        8000.7085c23b1324    no                   enp4s5
                                                                         enp6s0


$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp4s5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether c8:3a:35:da:42:72 brd ff:ff:ff:ff:ff:ff
    inet 10.1.1.1/24 brd 10.1.1.255 scope global enp4s5
       valid_lft forever preferred_lft forever
3: enp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether 70:85:c2:3b:13:24 brd ff:ff:ff:ff:ff:ff
    inet [xx.xx.xx.xx]/20 brd 255.255.255.255 scope global enp6s0
       valid_lft forever preferred_lft forever
    inet6 fe80::7285:c2ff:fe3b:1324/64 scope link
       valid_lft forever preferred_lft forever
4: wlp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether f0:7d:68:c1:b4:13 brd ff:ff:ff:ff:ff:ff
    inet 10.1.1.10/24 brd 10.1.1.255 scope global wlp2s0
       valid_lft forever preferred_lft forever
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 70:85:c2:3b:13:24 brd ff:ff:ff:ff:ff:ff
    inet 10.1.1.1/24 brd 10.1.1.255 scope global br0
       valid_lft forever preferred_lft forever
    inet6 fe80::7285:c2ff:fe3b:1324/64 scope link
       valid_lft forever preferred_lft forever

# ip route
default via 174.xx.yy.1 dev enp6s0
10.1.1.0/24 dev enp4s5  proto kernel  scope link  src 10.1.1.1
174.xx.yy.0/20 dev enp6s0  proto kernel  scope link  src 174.xx.bb.zz

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users