阻止来自其他网络的 DHCP 服务器

tag-icon tag-icon networking dhcp local-area-network isc-dhcp
阻止来自其他网络的 DHCP 服务器

我在具有两个网络接口的 PC(Windows 7)上遇到了问题,有时应该位于网络 10.1.19.0 中的网卡的地址来自 192.168.0.0

我的网络:192.168.0.0/24,在 DrayTek 路由器 Vigor 2925 上运行 DHCP。

10.1.19.0/24 使用 DHCP Debian isc-dhcp 服务器。

10.1.19.0 的接口未配置网关,因为此网络无法访问互联网。

我观察到,有时当来自 10.1.19.0 网络的 dhcp 服务器关闭或出现网络问题时,应该具有来自 10.1.19.0 的 ip 的 nic 却具有来自 192.168.0.0 的 ip。

我如何阻止或诊断此问题。

来自 isc-dhcp-server 的日志:

http://pastebin.com/3ZauGLZ4

Jun 14 07:19:35 my_server dhcpd: DHCPREQUEST for 192.168.0.17 from 74:ea:3a:83:cf:b5 via xenbr1: wrong network.
Jun 14 07:19:35 my_server dhcpd: DHCPNAK on 192.168.0.17 to 74:ea:3a:83:cf:b5 via xenbr1
Jun 14 07:21:40 my_server dhcpd: DHCPINFORM from 192.168.0.8 via xenbr1: unknown subnet for client address 192.168.0.8
Jun 14 07:21:43 my_server dhcpd: DHCPINFORM from 192.168.0.8 via xenbr1: unknown subnet for client address 192.168.0.8
Jun 14 07:22:26 my_server dhcpd: DHCPREQUEST for 192.168.0.8 from 74:ea:3a:83:fd:a1 via xenbr1: wrong network.
Jun 14 07:22:26 my_server dhcpd: DHCPNAK on 192.168.0.8 to 74:ea:3a:83:fd:a1 via xenbr1

/etc/default/isc-dhcp 服务器:

   20 #   Separate multiple interfaces with spaces, e.g. "eth0 eth1".
   21 INTERFACES="xenbr1"
   22 # INTERFACES="eth1"

ifconfig:

eth0      Link encap:Ethernet  HWaddr 14:da:e9:66:85:e5  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:14224698 errors:0 dropped:0 overruns:0 frame:0
          TX packets:882902 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:15747051719 (14.6 GiB)  TX bytes:584359127 (557.2 MiB)
          Interrupt:19 Base address:0xcc00 

eth1      Link encap:Ethernet  HWaddr 00:02:a5:e3:0a:a3  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:15184095 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13885407 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:5372912765 (5.0 GiB)  TX bytes:2678449338 (2.4 GiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:23307 errors:0 dropped:0 overruns:0 frame:0
          TX packets:23307 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:93515531 (89.1 MiB)  TX bytes:93515531 (89.1 MiB)

vif1.0    Link encap:Ethernet  HWaddr fe:ff:ff:ff:ff:ff  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2117 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11682370 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32 
          RX bytes:874471 (853.9 KiB)  TX bytes:13797253040 (12.8 GiB)

vif1.1    Link encap:Ethernet  HWaddr fe:ff:ff:ff:ff:ff  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:190 errors:0 dropped:0 overruns:0 frame:0
          TX packets:72686 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32 
          RX bytes:29044 (28.3 KiB)  TX bytes:7212594 (6.8 MiB)

vif2.0    Link encap:Ethernet  HWaddr fe:ff:ff:ff:ff:ff  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7909 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11687161 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32 
          RX bytes:643422 (628.3 KiB)  TX bytes:13797510223 (12.8 GiB)

vif3.0    Link encap:Ethernet  HWaddr fe:ff:ff:ff:ff:ff  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4655 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11682466 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32 
          RX bytes:2234151 (2.1 MiB)  TX bytes:13793456963 (12.8 GiB)

xenbr0    Link encap:Ethernet  HWaddr 14:da:e9:66:85:e5  
          inet addr:192.168.0.94  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:860530 errors:0 dropped:0 overruns:0 frame:0
          TX packets:638466 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:484505035 (462.0 MiB)  TX bytes:566073478 (539.8 MiB)

xenbr1    Link encap:Ethernet  HWaddr 00:02:a5:4b:0a:a3  
          inet addr:10.1.19.94  Bcast:10.1.19.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:15158508 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13873282 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:5157245979 (4.8 GiB)  TX bytes:2677797862 (2.4 GiB)

/etc/dhcp/dhcpd.conf

ddns-update-style none;

default-lease-time 600;
max-lease-time 900;

authoritative;

log-facility local7;

shared-network my_net
{
    subnet 10.1.19.0 netmask 255.255.255.0
    {
        # option routers 10.1.19.113;
        option broadcast-address 10.1.19.255;

        pool {
            range 10.1.19.60 10.1.19.89;

            allow unknown-clients;
        }    

        group
        {    
            deny unknown-clients;

            # user1
            host host1
            {    
                hardware ethernet 78:5A:33:83:CF:FA;
                fixed-address 10.1.19.2;
            }    


....

答案1

似乎您正尝试通过相同的物理链路操作 2 个 IP 网络,而它们之间没有任何逻辑分离(VLAN)。

如果您的路由器不支持 VLAN 标记,那么实现此功能的唯一方法是物理隔离两个网络,例如将网络 10.1.19.0/24 中的所有主机/接口插入交换机(而不是路由器)并将您的 Debian DHCP 服务器插入同一个交换机。

如果您没有太多主机,在这种情况下静态 IP 寻址也是一个选择。

相关内容