Services

Code:

Hi m0n0-Wall Community,

I have some troubles... or something is wrong with my installation.

I have two Networks:

1. Network (A) (192.168.1.0) connected on the LAN Interface of the monowall.
2. Network (B) (192.168.2.0) connected on the DMZ Interface of the monowall.

I create the DMZ like the example of the doc.mono (Chapter 13). (But without NAT config)

So each Interfaces has his own DHCP Server. I use only to accecpt DHCP Request from listed host based of the MAC Adresses.
Each DHCP servers are enabled. A range has to be definied. BUT there is no double entries on both side. So Host-A is not in the list of DHCP Server B.

DHCP A

Range: 192.168.1.180-192.168.1.190
Only respond to reserved clients listed below is checked.

Reservations
MAC-HOST-A     192.168.1.50   Host A
...

DHCP B

Range: 192.168.2.180-192.168.2.190
Only respond to reserved clients listed below is checked.

MAC-HOST-B     192.168.2.15   Host B
...

Each Network has is own Wifi Access Point.

For me, it should works like this:

HOST-A -> DHCP Request to DHCP-Server A (LAN Interface) via Wifi-A   -> IP: 192.168.1.50
HOST-B -> DHCP Request to DHCP-Server B (DMZ Interface) via Wifi-B  -> IP: 192.168.2.15


BUT SOMETIMES this strange scenario appears:

HOST-A -> DHCP Request to DHCP-Server ??? (LAN Interface) via Wifi-A  and receive the first IP of the DHCP-Server B Range: -> IP: 192.168.2.180

???????

HOST-A is now on the dmz range but connectec to the wifi A on the LAN Network A ???

The only wrong thing it can be is this following:

The Interfaces of the LAN, of the DMZ, of the Wifi-A and the Wifi B are physically connected via LAN-Cables RJ45 on the SAME SWITCH, without any VLAN configuration... Is that why it could happen?

The other strange thing is that it is alwas in this way. There is no HOST-B that sometimes receive IP from the DHCP RAnge of the DHCP-Server A.

Thanks for your help
regards
Astro

The Interfaces of the LAN, of the DMZ, of the Wifi-A and the Wifi B are physically connected via LAN-Cables RJ45 on the SAME SWITCH, without any VLAN configuration

Yes, that will be the problem. Both DHCP-Server will respond with a DHCPOFFER to your client that sends a DHCPDISCOVER. Your client just chooses the first DHCPOFFER that arrives (which is more or less random).

I don't understand why you are connecting these two subnets.

Hello Lennart

Thanks.

I fix the problem. Now two VLAN are correctly configured on the switch side. One for the LAN and one for the DMZ.
No troubles anymore.

What i detected now is this following:

Host A is on the list of the LAN-DHCP Server but not on the list of the DMZ-DHCP Server.
Both DHCP Server have to respond only to listed clients.


If Host A is coming on the  DMZ Interface (Through the Wifi on the DMZ), he will receive an IP Adress from the range of the DMZ-DHCP Server!
Same thing in the other way!

If Host A is not in the list of the LAN-DHCP Server, in this case, he will recive no IP from the DMZ-DHCP Server too.

Strange is'nt it?

A+
Astro