Address are getting eaten by the boggy man

kegwin · Thu Jun 01, 2006 3:41 pm

For some reason all the addresses in my pools keep getting eaten up. Here is some of my log:

04:15:12 dhcp,info,debug dhcp1 deassigned 10.5.10.73 from 00:12:F0:99:77:5A
04:15:23 dhcp,info,debug dhcp1 assigned 10.5.10.136 to 00:12:F0:99:77:5A
04:15:23 dhcp,info,debug dhcp1 deassigned 10.5.10.136 from 00:12:F0:99:77:5A
04:15:34 dhcp,info,debug dhcp1 assigned 10.5.10.72 to 00:12:F0:99:77:5A
04:15:35 dhcp,info,debug dhcp1 deassigned 10.5.10.72 from 00:12:F0:99:77:5A
04:15:45 dhcp,info,debug dhcp1 assigned 10.5.10.199 to 00:13:20:02:1D:20
04:15:45 dhcp,info,debug dhcp1 assigned 10.5.10.135 to 00:12:F0:99:77:5A

It goes on like that for about 20 or so more addresses. It is not always the same MAC address either. I think I have seen about 90% of the computer on my network that use DCHP do this. Any one know why and or how to fix it?

Here is my config if that helps:

v2.9.24

/interface ethernet
set ether1 name=LAN
set ether2 name=WAN1
set ether3 name=WAN2
set ether4 name=WAN3

/ip address
add address=10.5.10.62/26 interface=LAN disable=no
add address=10.5.10.126/26 interface=LAN disable=no
add address=10.5.10.190/26 interface=LAN disable=no
add address=10.5.10.254/26 interface=LAN disable=no
add address=69.228.x.x/25 interface=WAN1 disabled=no
add address=69.228.x.x/25 interface=WAN2 disabled=no
add address=69.228.x.x/25 interface=WAN3 disabled=no

/ip dns set primary-dns=206.13.31.12 secondary-dns=206.13.28.12

/ip firewall mangle
add src-address=10.5.10.0/26 action=mark-routing new-routing-mark=ADMIN chain=prerouting disabled=no
add src-address=10.5.10.64/26 action=mark-routing new-routing-mark=SUB1 chain=prerouting disabled=no
add src-address=10.5.10.128/26 action=mark-routing new-routing-mark=SUB2 chain=prerouting disabled=no
add src-address=10.5.10.192/26 action=mark-routing new-routing-mark=SUB3 chain=prerouting disabled=no

/ip route
add gateway=69.228.x.x routing-mark=SUB1 disabled=no
add gateway=69.228.x.x routing-mark=SUB2 disabled=no
add gateway=69.228.x.x routing-mark=SUB3 disabled=no
add gateway=69.228.x.x routing-mark=ADMIN disabled=no

/ip firewall nat
add chain=srcnat src-address=10.5.10.64/26 out-interface=WAN1 action=masquerade
add chain=srcnat src-address=10.5.10.128/26 out-interface=WAN2 action=masquerade
add chain=srcnat src-address=10.5.10.192/26 out-interface=WAN3 action=masquerade
add chain=srcnat src-address=10.5.10.0/26 out-interface=WAN3 action=masquerade
add chain=dstnat dst-address=69.228.x.193 action=dst-nat protocol=tcp dst-port=10123 to-addresses=10.5.10.1 to-ports=23
add chain=dstnat dst-address=69.228.x.193 action=dst-nat protocol=tcp dst-port=10180 to-addresses=10.5.10.1 to-ports=80
add chain=dstnat dst-address=69.228.x.193 action=dst-nat protocol=tcp dst-port=10223 to-addresses=10.5.10.2 to-ports=23
add chain=dstnat dst-address=69.228.x.193 action=dst-nat protocol=tcp dst-port=10280 to-addresses=10.5.10.2 to-ports=80
add chain=dstnat dst-address=69.228.x.193 action=dst-nat protocol=tcp dst-port=10323 to-addresses=10.5.10.3 to-ports=23
add chain=dstnat dst-address=69.228.x.193 action=dst-nat protocol=tcp dst-port=10380 to-addresses=10.5.10.3 to-ports=80
add chain=dstnat dst-address=69.228.x.193 action=dst-nat protocol=tcp dst-port=10423 to-addresses=10.5.10.4 to-ports=23
add chain=dstnat dst-address=69.228.x.193 action=dst-nat protocol=tcp dst-port=10480 to-addresses=10.5.10.4 to-ports=80
add chain=dstnat dst-address=69.228.x.193 action=dst-nat protocol=tcp dst-port=10523 to-addresses=10.5.10.5 to-ports=23
add chain=dstnat dst-address=69.228.x.193 action=dst-nat protocol=tcp dst-port=10580 to-addresses=10.5.10.5 to-ports=80
add chain=dstnat dst-address=69.228.x.193 action=dst-nat protocol=tcp dst-port=10880 to-addresses=10.5.10.6 to-ports=80
add chain=dstnat dst-address=69.228.x.193 action=dst-nat protocol=udp dst-port=2812 to-addresses=10.5.10.7 to-ports=2821

/ip firewall filter
add chain=input connection-state=established
add chain=input connection-state=related
add chain=input connection-state=invalid action=drop
add chain=input protocol=udp action=accept disabled=no
add chain=forward p2p=bit-torrent action=accept
add chain=forward p2p=all-p2p action=drop
add chain=input protocol=icmp limit=50/5s,2
add chain=input protocol=icmp action=drop
add chain=input protocol=tcp dst-port=22
add chain=input protocol=tcp dst-port=8291
add chain=input src-address=10.5.10.0/24 action=accept
add chain=input src-address=69.228.x.x/25 action=accept
add chain=input src-address=69.228.x.x/25 action=accept
add chain=input src-address=69.228.x.x/25 action=accept
add chain=input action=log log-prefix="DROP INPUT"
add chain=input action=drop

/ip pool
add name="pool1" ranges=10.5.10.65,10.5.10.129,10.5.10.193,10.5.10.66,10.5.10.130,10.5.10.194,10.5.10.67,10.5.10.131,10.5.10.195,10.5.10.68,10.5.10.132,10.5.10.196,10.5.10.69,10.5.10.133,10.5.10.197,10.5.10.70,10.5.10.134,10.5.10.198,10.5.10.71,10.5.10.135,10.5.10.199,10.5.10.72,10.5.10.136,10.5.10.200,10.5.10.73,10.5.10.137,10.5.10.201,10.5.10.74,10.5.10.138,10.5.10.202
add name="pool2" ranges=10.5.10.74,10.5.10.138,10.5.10.202,10.5.10.75,10.5.10.139,10.5.10.203,10.5.10.76,10.5.10.140,10.5.10.204,10.5.10.77,10.5.10.141,10.5.10.205,10.5.10.78,10.5.10.142,10.5.10.206,10.5.10.79,10.5.10.143,10.5.10.207,10.5.10.80,10.5.10.144,10.5.10.208,10.5.10.81,10.5.10.145,10.5.10.209,10.5.10.82,10.5.10.146,10.5.10.210,10.5.10.83,10.5.10.147,10.5.10.211
add name="pool3" ranges=10.5.10.84,10.5.10.148,10.5.10.212,10.5.10.85,10.5.10.149,10.5.10.213,10.5.10.86,10.5.10.150,10.5.10.214,10.5.10.87,10.5.10.151,10.5.10.215,10.5.10.88,10.5.10.152,10.5.10.216,10.5.10.89,10.5.10.153,10.5.10.217,10.5.10.90,10.5.10.154,10.5.10.218,10.5.10.91,10.5.10.155,10.5.10.219,10.5.10.92,10.5.10.156,10.5.10.220,10.5.10.93,10.5.10.157,10.5.10.221
add name="pool4" ranges=10.5.10.94,10.5.10.158,10.5.10.222,10.5.10.95,10.5.10.159,10.5.10.223,10.5.10.96,10.5.10.160,10.5.10.224,10.5.10.97,10.5.10.161,10.5.10.225,10.5.10.98,10.5.10.162,10.5.10.226,10.5.10.99,10.5.10.163,10.5.10.227,10.5.10.100,10.5.10.164,10.5.10.228,10.5.10.101,10.5.10.165,10.5.10.229,10.5.10.102,10.5.10.166,10.5.10.230,10.5.10.103,10.5.10.167,10.5.10.231
add name="pool5" ranges=10.5.10.104,10.5.10.168,10.5.10.232,10.5.10.105,10.5.10.169,10.5.10.233,10.5.10.106,10.5.10.170,10.5.10.234,10.5.10.107,10.5.10.171,10.5.10.235,10.5.10.108,10.5.10.172,10.5.10.236,10.5.10.109,10.5.10.173,10.5.10.237,10.5.10.110,10.5.10.174,10.5.10.238,10.5.10.111,10.5.10.175,10.5.10.239,10.5.10.112,10.5.10.176,10.5.10.240,10.5.10.113,10.5.10.177,10.5.10.241
add name="pool6" ranges=10.5.10.114,10.5.10.178,10.5.10.242,10.5.10.115,10.5.10.179,10.5.10.243,10.5.10.116,10.5.10.180,10.5.10.244,10.5.10.117,10.5.10.181,10.5.10.245,10.5.10.118,10.5.10.182,10.5.10.246,10.5.10.119,10.5.10.183,10.5.10.247,10.5.10.120,10.5.10.184,10.5.10.248,10.5.10.121,10.5.10.185,10.5.10.249,10.5.10.122,10.5.10.186,10.5.10.250,10.5.10.123,10.5.10.187,10.5.10.251
add name="pool7" ranges=10.5.10.124,10.5.10.188,10.5.10.252,10.5.10.125,10.5.10.189,10.5.10.253

set pool1 next-pool=pool2
set pool1 next-pool=pool3
set pool1 next-pool=pool4
set pool1 next-pool=pool5
set pool1 next-pool=pool6
set pool1 next-pool=pool7
set pool1 next-pool=pool1

/ip dhcp-server network
add address=10.5.10.0/26 gateway=10.5.10.62 dns-server=206.13.31.12,206.13.28.12 domain=admin.ta
add address=10.5.10.64/26 gateway=10.5.10.126 dns-server=206.13.31.12,206.13.28.12 domain=ta
add address=10.5.10.128/26 gateway=10.5.10.190 dns-server=206.13.31.12,206.13.28.12 domain=ta
add address=10.5.10.192/26 gateway=10.5.10.254 dns-server=206.13.31.12,206.13.28.12 domain=ta

/ip dhcp-server
add interface=LAN address-pool=pool7 leasetime=5h authoritative=yes add-arp=yes disabled=no name=dhcp1

janisk · Thu Jun 01, 2006 5:46 pm

maybe create for boogy man static ip adress, so he cannot change ip anymore.

or block that address stealer

savage · Thu Jun 01, 2006 6:47 pm

Most modern DHCP Servers has a option 'one lease per host'. MT should perhaps look at adding such a option

kegwin · Thu Jun 01, 2006 10:02 pm

Most modern DHCP Servers has a option 'one lease per host'. MT should perhaps look at adding such a option

agreed

maybe create for boogy man static ip adress, so he cannot change ip anymore.

or block that address stealer

It is not just happening with the client in my example above. It has done the deassign assign thing for almost every one of the clients connect. In some cases it just deassigns and re-assigns the same IP so the clients DHCP client thinks that the address they recived is being used by someone else.

jarosoup · Thu Jun 01, 2006 11:55 pm

You could just add a static lease so that mac address only gets one, and the same, address.

Why do you have so many addresses in your pool, instead of just a range?

joeri91942 · Fri Jun 02, 2006 8:03 am

Uhm, from my view there is something fundamentaly wrong with your config.... how can you create 4 different subnets on the same LAN through the same adapter, assign each of them (by defining adresses instead of range) dynamic address from the machine having the 4 addresses and expect things to work???

If you want to divide/shape/sort traffic from diffent users on the same LAN you need to do some more thinking

I have never seen a config where someone hasn't used ONE dhcp pool for EACH physcal network, having several DHCP pools for the same physical network (unless you manually handle the assignements through dedicated MAC/IP pairs) is asking for trouble

/Jörgen

savage · Fri Jun 02, 2006 9:15 am

Good point!

One pool on one Interface, otherwise DHCP (and the client for that matter) won't know which IP to request and/or assign...