News
:
This forum is now permanently frozen.
m0n0wall Forum
>
m0n0wall Support (English)
>
Services
Topic: DHCP Scope issue - Help!
Pages: [
1
]
Topic: DHCP Scope issue - Help! (Read 3116 times)
DHCP Scope issue - Help!
« on: June 02, 2011, 04:44:02 »
gaboon
Posts: 7
Setup is a free WiFi connection, M0n0 1.33 on a PC.
I have a subnetmask of 255.255.255.0 and a scope of 10.1.16.100 - 10.1.16.199 my clients are using captive portal and I have the “Default lease time” 7200 seconds and the “Maximum lease time” 8200 seconds. My problem is I am running out of IP addresses and I had thought that when a client disconnects the mac is removed however it appears its saving them for the next time they connect and isn't serving out that IP to new clients, how do I configure the firewall to fix this?
Thanks,
Jason
«
Last Edit: June 02, 2011, 04:46:03 by gaboon
»
Re: DHCP Scope issue - Help!
« Reply #1 on: June 02, 2011, 11:14:48 »
markb
Posts: 331
Have you set up an Idle timeout in the captive portal page?
Re: DHCP Scope issue - Help!
« Reply #2 on: June 02, 2011, 11:28:16 »
Јаневски
Posts: 153
Set up the DHCP lease time to be default lease time 300s maximum lease time 600s, and see if this happens again.
http://janevski.net
Re: DHCP Scope issue - Help!
« Reply #3 on: June 02, 2011, 21:11:43 »
gaboon
Posts: 7
Quote from: markb on June 02, 2011, 11:14:48
Have you set up an Idle timeout in the captive portal page?
Yes I have, cant recall the exact time maybe 60min..
Re: DHCP Scope issue - Help!
« Reply #4 on: June 02, 2011, 21:14:39 »
gaboon
Posts: 7
Quote from: Јаневски on June 02, 2011, 11:28:16
Set up the DHCP lease time to be default lease time 300s maximum lease time 600s, and see if this happens again.
Every 10 min it will force a DHCP renew, inst that an extreme and wont my network see a ton more ARPs?
Re: DHCP Scope issue - Help!
« Reply #5 on: June 03, 2011, 00:32:08 »
Hans Maulwurf
Posts: 56
It should actually lead to a renew every 150 secs but no, there shouldn't be more ARP requests, just more DHCP requests (obviously). And it won't hurt performance too much (if notable at all).
Anyways, why not just switch to a /16 subnet and use more addresses?
Re: DHCP Scope issue - Help!
« Reply #6 on: June 03, 2011, 15:54:28 »
Јаневски
Posts: 153
The thing is, maybe there are a lot of users on the network however more likely is that somebody might just be poisoning Your DHCP.
What You need to do is to erase the not needed lease entries faster than the rate of creation of new entries.
DORA once in a while on every 150s (that would be around 1368B - 10,6875Kb) local traffic plus per user every 2.5 min won't hurt network performance.
If 256 clients do this concurently (which is hardly unlikely) 2736Kb would be needed.
If it's 802.11g 1.3Mb in each direction it means that in best case scenario the overhead data would be transferred in 24ms without even having a slight chance to congest the whole communication.
With a smaller subnet the time needed for such an attack to be successful is smaller.
With a bigger subnet the time is greater.
PS: Actually it's even double times smaller traffic factor because renewal would be half the full DORA traffic price.
PPS: Try it and see if it is okay, if in doubt You could always set back the defaults or whatever the value needs to be.
«
Last Edit: June 03, 2011, 15:56:26 by Јаневски
»
http://janevski.net
Re: DHCP Scope issue - Help!
« Reply #7 on: June 03, 2011, 23:24:29 »
gaboon
Posts: 7
Thanks all for the replies, I am trying "Јаневски" recommendation and see what happens been almost 24hours and working fine. Granted I could just change my scope but this keeps everything simple..
How long does m0n0wall keep the DHCP IP tied to a MAC? I hope not till I reboot.. Is there a way I could copy out this file and remove so it creates a new one? This way I will have a copy backed up..
Re: DHCP Scope issue - Help!
« Reply #8 on: June 04, 2011, 13:54:19 »
Јаневски
Posts: 153
There is absolutely no need to do that.
If the lease expires after 600s for example, and there are expired leases:
...
a) 700s
b) 900s
c) 1500s
...
When all free [unused] addresses are allocated the DHCP server will erase the c) one and assign it to a new client. It's done automatically and there is no need to do anything.
PS: The only thing to pay attention is interval of creation of new DHCP entries.
The values that I've proposed are just a strict example that should work in most cases, You could do Your own measurements in the particular case.
However if it works it means it's okay - You could just let it be like this.
«
Last Edit: June 04, 2011, 14:14:43 by Јаневски
»
http://janevski.net
Pages: [
1
]