News: This forum is now permanently frozen.
Pages: [1]
Topic: DHCP Scope issue - Help!  (Read 3116 times)
« on: June 02, 2011, 04:44:02 »
gaboon *
Posts: 7

Setup is a free WiFi connection, M0n0 1.33 on a PC.

I have a subnetmask of 255.255.255.0 and a scope of 10.1.16.100  - 10.1.16.199 my clients are using captive portal and I have the “Default lease time” 7200 seconds and the “Maximum lease time” 8200 seconds.  My problem is I am running out of IP addresses and I had thought that when a client disconnects the mac is removed however it appears its saving them for the next time they connect and isn't serving out that IP to new clients, how do I configure the firewall to fix this?

Thanks,

Jason
« Last Edit: June 02, 2011, 04:46:03 by gaboon »
« Reply #1 on: June 02, 2011, 11:14:48 »
markb ****
Posts: 331

Have you set up an Idle timeout in the captive portal page?
« Reply #2 on: June 02, 2011, 11:28:16 »
Јаневски ***
Posts: 153

Set up the DHCP lease time to be default lease time 300s maximum lease time 600s, and see if this happens again.

« Reply #3 on: June 02, 2011, 21:11:43 »
gaboon *
Posts: 7

Have you set up an Idle timeout in the captive portal page?

Yes I have, cant recall the exact time maybe 60min..
« Reply #4 on: June 02, 2011, 21:14:39 »
gaboon *
Posts: 7

Set up the DHCP lease time to be default lease time 300s maximum lease time 600s, and see if this happens again.

Every 10 min it will force a DHCP renew, inst that an extreme and wont my network see a ton more ARPs?
« Reply #5 on: June 03, 2011, 00:32:08 »
Hans Maulwurf **
Posts: 56

It should actually lead to a renew every 150 secs but no, there shouldn't be more ARP requests, just more DHCP requests (obviously). And it won't hurt performance too much (if notable at all).
Anyways, why not just switch to a /16 subnet and use more addresses?
« Reply #6 on: June 03, 2011, 15:54:28 »
Јаневски ***
Posts: 153

The thing is, maybe there are a lot of users on the network however more likely is that somebody might just be poisoning Your DHCP.
What You need to do is to erase the not needed lease entries faster than the rate of creation of new entries.
DORA once in a while on every 150s (that would be around 1368B - 10,6875Kb) local traffic plus per user every 2.5 min won't hurt network performance.
If 256 clients do this concurently (which is hardly unlikely) 2736Kb would be needed.
If it's 802.11g 1.3Mb in each direction it means that in best case scenario the overhead data would be transferred in 24ms without even having a slight chance to congest the whole communication.
With a smaller subnet the time needed for such an attack to be successful is smaller.
With a bigger subnet the time is greater.

PS: Actually it's even double times smaller traffic factor because renewal would be half the full DORA traffic price.
PPS: Try it and see if it is okay, if in doubt You could always set back the defaults or whatever the value needs to be.
« Last Edit: June 03, 2011, 15:56:26 by Јаневски »

« Reply #7 on: June 03, 2011, 23:24:29 »
gaboon *
Posts: 7

Thanks all for the replies, I am trying "Јаневски" recommendation and see what happens been almost 24hours and working fine.  Granted I could just change my scope but this keeps everything simple..

How long does m0n0wall keep the DHCP IP tied to a MAC?  I hope not till I reboot..  Is there a way I could copy out this file and remove so it creates a new one?  This way I will have a copy backed up..
« Reply #8 on: June 04, 2011, 13:54:19 »
Јаневски ***
Posts: 153

There is absolutely no need to do that.

If the lease expires after 600s for example, and there are expired leases:
...
a) 700s
b) 900s
c) 1500s
...

When all free [unused] addresses are allocated the DHCP server will erase the c) one and assign it to a new client. It's done automatically and there is no need to do anything.

PS: The only thing to pay attention is interval of creation of new DHCP entries.
The values that I've proposed are just a strict example that should work in most cases, You could do Your own measurements in the particular case.
However if it works it means it's okay - You could just let it be like this.
« Last Edit: June 04, 2011, 14:14:43 by Јаневски »

 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines