Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
Background info:
I have a set of proprietary embedded-linux network devices, one of which will be configured as a DHCP server and the rest will be DHCP clients.
I need to have the client-devices only accept DHCP lease offers from the server-device, ignoring any other leases offered by other DHCP servers on the same LAN. Similarly, I need to make the server-device only serve DHCP requests to this set of clients, ignoring any other DHCP requests which may appear in an unknown network environment. Essentially, I need to be able to provide a DHCP service for my own devices in a network environment which may already have a DHCP server.
All of my devices have the same first half of the MAC address which I intend to use as a filter.
I am using udhcpc and udhcpd which are included in BusyBox and am trying to avoid adding any other DHCP client/server packages to my devices due to limited storage availability, but I am open to modifying BusyBox code.
I had no trouble implementing the DHCP server restrictions by adding an option to udhcpd.conf, which I called chaddr_filter, containing a wildcarded MAC address the server should check the "Client Hardware Address (chaddr)" against. This seems to be working just fine and the server ignores any DHCP requests from other devices while serving my own.
The client-side filtering turns out to be a bigger challenge, due to a lack of a "Server Hardware Address" field in a DHCP packet.
So here's my question:
What's the best way to pass my server's MAC to my udhcpc client?
Currently it looks like there are no fields or options being passed from the DHCP server that contain the server's MAC (doesn't look like I can read it from Ethernet layer). I'd like to remain standards-compliant, so I'm looking through potential DHCP Options which I may use for this purpose.
I was hoping I could use "Option 54: Server identifier", but the RFC defines it as an IP address.
I'm thinking of putting the server's MAC in either "Option 60: Class-identifier" or "Option 43: Vendor specific information", is there a reason I shouldn't do this? Is there a better field for this?
I look forward to any suggestions.
Taken from wikipedia
DHCP uses the same two ports assigned by IANA for BOOTP: destination
UDP port 67 for sending data to the server, and UDP port 68 for data
to the client. DHCP communications are connectionless in nature.
Thus, you could filter on clients the incoming packets on port 68/udp accepting only those coming from a mac address whose first half is good.
FYI I was able to achieve the desired effect by using brctl and ebtables utilities to filter packets of interest on the clients.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I'm trying to enable port forwarding in my router (ZTE F660) but for some reason it is not working at all. First I started my server application in my ubuntu machine and I fixed its ip address to 192.168.1.2. Then, I set the rules as following:
It did not work. So, I've tried to disabled the firewall on my router settings:
It did not work as well, then I've disabled the firewall of my host machine by typing:
sudo ufw disable
And it did not work. Then, I tried to use many different ports and it did not work! :(
I've tried to use some port forwarding testers (like this one: https://hidemy.name/en/port-scanner/) and it always says that the state of the port is "filtered". I called the provider of my internet and they said that the port forwarding should be running but they did not offer technical help. Can anyone help me with this? Can't think about anything else to do.
Your ISP is using CGN (Carrier-Grade NAT) because your WAN address is in the Shared address space (100.64.0.0/10). That is not public address space, and it is defined by RFC 6598, IANA-Reserved IPv4 Prefix for Shared Address Space:
Abstract
This document requests the allocation of an IPv4 /10 address block to
be used as Shared Address Space to accommodate the needs of Carrier-
Grade NAT (CGN) devices. It is anticipated that Service Providers will
use this Shared Address Space to number the interfaces that connect
CGN devices to Customer Premises Equipment (CPE).
Shared Address Space is distinct from RFC 1918 private address space
because it is intended for use on Service Provider networks. However,
it may be used in a manner similar to RFC 1918 private address space
on routing equipment that is able to do address translation across
router interfaces when the addresses are identical on two different
interfaces. Details are provided in the text of this document.
This document details the allocation of an additional special-use IPv4
address block and updates RFC 5735.
The address block is detailed in Section 7:
7. IANA
Considerations
IANA has recorded the allocation of an IPv4 /10 for use as Shared
Address Space.
The Shared Address Space address range is 100.64.0.0/10.
That address space is also found in the IANA IPv4 Special-Purpose Address Registry.
What that means is that you have a home/residential ISP agreement. The ISPs are using CGN to save their precious public addresses for businesses willing to pay for them. The ISP NAT would also need to be configured to forward the port to your WAN addressing the Shared space, but the ISP cannot do that because others behind the CGN may also want that port forwarded to them.
The ISP does not really care that this breaks what you want to do because your residential ISP contract contains a clause forbidding you from running services from your network to the public Internet. You will need a public address and ISP permission to do what you want, and that probably means a business contract. The proliferation of CGN is a big driver for hosting companies, and that is an alternative way to do it.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
This questions is hypothetical, this situation would most likely never happen nor could any router handle it
Situation 1
Lets say for example you (somehow) managed to put 255 devices onto your network. Lets refer to the 255th device as D255 and, just for later reference, the router's IP address is 192.168.0.1. If I am correct D255's local IP address should be 192.168.1.255. So what if we buy a new device (D256) and connect it to my home internet along with the other 255 devices. What would D256's local IP address become? I thought about it and I assume that it would be 192.168.2.1. Am I correct?
Situation 2
After thinking about situation 1 I came up with another situation. What if you had 65025 (255 * 255 = 65025, if you see where I'm going with this.) devices connected to the your internet? The last device's (I will refer to as D65025) local IP adress should be 192.168.255.255 (That is assuming that situation1's solution is correct.). So what if I go out and buy a another device (D65026) what would it's local IP address be? It can't become 192.168.256.1 because the numbers can not exceed 255 and it can't become 192.169.1.1 because 192.168.x.x is the local IP reserve and 192.169.1.1 exceeds the local IP limit and (correct me if I'm wrong) would be a external IP address. So what would happen?
I appreciate your feedback!
A local network will typically be configured with a DHCP server to hand out IPv4 address leases along with name server addresses and a gateway address.
Residential and small commercial routers are usually configured to do Network Address Translation and have a DHCP server configured to hand out Private IPv4 addresses and the router's private IP as the gateway and nameserver. The size of the local subnet is determined by the router's configuration.
A typical configuration is 192.168.0.0/24 which provides 254 host addresses.
The DHCP server has configuration that specifies the address pool it can hand out leases for, how a DHCP server behaves if it is asked for a lease when all addresses in the pool are currently assigned depends on the configuration, but in most situations it will just not respond as there are "no free leases".
In this situation a host will likely select a link-local zero-configuration address from 169.254.0.0/16 and not have any Internet access or any other hosts on the network except those with Zero Conf addresses. It may retry DHCP at a later point.
The RFC1918 private address block 192.168.0.0/16 actually has capacity for 65534 uniquely addressed hosts. Ignoring the issues of having a layer 2 broadcast domain of this size, the same constraints apply: when there are no leases left to assign, none are assigned.
If these private addresses are to have Internet access they will be Network Address Translated to one or more public IP addresses (usually one) by the router. One public address is unlikely to be sufficient for a large number of private network hosts, constrained by the availability of local TCP / UDP port numbers.
I suggest you read up on IP networking to fill in basic knowledge.
If you are using DHCP, when you run out of addresses, it will kick one of the other devices off the network, probably the one which connected first. There are only so many devices which can connect to a network, but that number depends on the router configuration.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
my network has a DHCP server incapable of serving PXE requests (you cannot set next-server option at all) and thist server MUST remain as DHCP server.
I would like to have a PXE booting on the network, but as I said earlier, I cannot do that with this current DHCP server. Is it possible to for example setup secondary DHCP server which would only provide the missing option to PXE clients? Iam opened to any other solution, just please, keep in mind, that I need this current DHCP to stay.
Thanks a lot!
I have found this, so it is possible:
http://danielboca.blogspot.cz/2012/02/boot-linux-from-network-using-pxe-and.html
The part with DNSMASQ is important
In general; no. You're only meant to have one "authoritative" DHCP server per subnet. This is because the client broadcasts a "who am I?" request without knowing who/where the DHCP server is; and the DHCP server is meant to notice this, allocate an IP address from the pool and respond with a "You are ...." reply - if there are 2 DHCP servers they both reply and the client gets all confused.
The easiest way out (other than fixing/replacing the existing DHCP server) may be to create a new subnet, such that packets broadcast on the new subnet don't make it to the existing network (but other traffic does). Then you'd assign a range of IP addresses to the new subnet (and make sure those IP addresses can't be assigned by the old DHCP server), and have a new DHCP server managing that pool of IP addresses for the new subnet.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
The community reviewed whether to reopen this question last month and left it closed:
Original close reason(s) were not resolved
Improve this question
Let's use a browser as an example. HTTP requests do not need to contain any IP addresses. So would www.example.com be translated into an IP address at the TPC layer?
EDIT
Seems like DNS is used to tell TCP which IP address to connect to. So does HTTP call DNS?
With this stack:
HTTP
DNS
TCP
DNS is a protocol that arguably sits at the application-level, but is a separate application in and of itself that makes use of the whole TCP/IP "stack". (LDAP is similar, if that helps "place" DNS.) It's a fundamental "phone book"-like directory for the Internet and has absolutely nothing specific to do with the HTTP protocol. DNS uses UDP and TCP transport to query other distributed DNS servers to answer client questions like "what IP addresses are associated with the name www.google.com?". Once a client application, like a web browser, has an IP address with which to connect, DNS is then out of the picture. The browser opens up a TCP connection to the IP address and then initiates the HTTP protocol over that TCP transport session to talk web stuff.
In OSI stack terms, DNS runs in parallel to HTTP in the Application Layer (layer 7).
DNS is in effect an application that is invoked to help out the HTTP application, and therefore does not sit "below" HTTP in the OSI stack.
DNS itself also makes use of UDP and more rarely TCP, both of which in turn use IP.
Application Layer - #7 of OSI
http://en.wikipedia.org/wiki/List_of_network_protocols_(OSI_model)
In response to your latest edit:
Doesn't DNS use UDP to send a response indicating any details of the requested IP (unless a certain size threshold is crossed 512bytes).
Well technically the client computer is the first to be "asked" which IP address should link to which domain name.
Which involves the term DNS resolver. Essentially it searches through previous queries which are cached on a clients computer and if it finds a match then it returns what would essentially be a normal DNS lookup (without leaving your local network to find an answer/address). You can actually edit this file on your own computer and the URL of your web browsers will actually show your changes.
I'd advise you to download and install wireshark. Run wireshark and visit some websites. You can see how DNS works. DNS (as already mentioned) is handled at the application layer. Almost all high level languages have libraries for the function 'gethostbyname'.
Python 3.3.3 (default, Nov 26 2013, 13:33:18)
[GCC 4.8.2] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import socket
>>> socket.gethostbyname("stackoverflow.com")
'198.252.206.16'
Take a browser for example, after acquiring the host from the DNS server using some form of gethostbyname, a standard TCP socket connection is established and the browser/webserver communicate over HTTP.
Regarding the OSI it is the Application layer - layer 7
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 6 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Improve this question
I am very new in networking and setting up server. I have only used XAMPP to develop my site locally on my desktop computer. I did some researches and learn about all those network equipment online, but I found myself still confused about what I need to do to set up a server between computers. So I hope I can find the answers from experts. I have 4 computers in my office, and I am trying to create a local network that allows all 4 computers to access the files and localhost in the desktop computer.
1.) I have a modem and a router. My desktop computer and the other 2 computers are using wireless while my sister's computer is using cable that connects to the modem. In order for my sister and the other computers to access my files and localhost, do I need to plug all of the computers into a switch?
2.) I have read online that people set up port forwarding to allow others to access their website online. But right now I am just trying to make a local files and web server, do I need to set up port forwarding as well?
I am using Windows Vista and XAMPP. I couldn't solve any of the questions and confusion after 1 week of looking through online. So if anyone has a detailed guide for setting local file/web server, that will help me so much and thank you for your time as well.
1) You do not need a switch for setting up a server. An switch is just a device that basicly expands the amount cabled network connections you have. Most routers come often with 4 LAN ports and one WAN(probably conencted to your modem).
If you have lets say, 5 computers that needs a cabled connection. You will need a switch to be able to connect all those computers at the same time.
2) You only need to do port forwarding if you want others to connect from outside your local network. If you want to put a website up on a server, you will need to port forward port 80 (the port for http) to your servers local IP.
All port forwaring does is to say to your router that if it gets a packet of data with this port number to your public IP, then send it to this spesific local IP adress (your server with XAMPP). If you don't port forward, the router doesent know what local ip adress to send the packet of data to, then it just discards it, which means others cant access your website.
If you want to open your website from outside your local network, and have port forwarded your router. You probably want to setup a domain with DDNS (dynamic domain name system).
What that does is that people can write something like "www.google.com" instead of your public ip adress. A good site for that is: http://www.no-ip.com . Keep in mind that if you don't want to add a domain and just use the ip adress, your routers public IP address may change over time. Unless you have ordered a static IP address from your ISP (Internet service provider).
For your file server i would suggest a FileZilla FTP Server (FTP = File Transport Protocoll). Set this up on your server machine and follow this tutorial: https://www.youtube.com/watch?v=251TQq98zmo . Then after you have set up and configured your FTP server, you can connect your clients to the server.
I would suggest this guide to connect your other machines to the FTP server:
http://www.wintuts.com/Map-Network-Drive
Keep in mind if you want to access your FTP server from outside your network you will need to port forward both port 20 and 21. For security reasons i will strongly suggesting a password on your FTP server, unless you want anyone to connect to it.
Hope this helped!
-Kad
(PS: just comment on this post if something is unclear, or have further questions! :D )