Dear all,
First, I would like to congratulate all people involved in Arch Linux (for whichever architecture)! I have been digging through tons of documentation over the last couple of days and it is really good. Nevertheless, I have a little problem that triggered my first ever post for help.
I want to use a Raspberry Pi as DNS, DHCP and NTP server. So far, DNS and NTP work fine, but DHCP gives problems.
Network:
Router 192.168.1.254, DHCP disabled
RaspPi 192.168.1.253
Laptop 192.168.1.90
The router acts as DNS server by forwarding requests to the ISP's DNS.
There are no other services or computers in that network.
RaspPi packages:
Fresh Arch install
bind (https://wiki.archlinux.org/index.php/Bind)
dhcpd (https://wiki.archlinux.org/index.php/Dhcpd)
ntp (https://wiki.archlinux.org/index.php/Ne ... col_daemon)
wget, build tools, tcpdump
no firewall
/etc/systemd/network/eth0.network
$this->bbcode_second_pass_code('', '
[Match]
Name=eth0
[Network]
DHCP=no
Address=192.168.1.253/24
Gateway=192.168.1.254
DNS=192.168.1.253
DNS=37.235.1.174
Domains=home.lan
')
I have disabled the dhcpcd service.
/usr/lib/systemd/system/dhcpd4.service
$this->bbcode_second_pass_code('', '
[Unit]
Description=IPv4 DHCP server
After=network-online.target
Wants=network-online.target
[Service]
Type=forking
ExecStart=/usr/bin/dhcpd -4 -q -cf /etc/dhcpd.conf -lf /var/dhcpd/dhcpd4.leases -pf /var/dhcpd/dhcpd4.pid -tf /var/dhcpd/trace.log eth0
RuntimeDirectory=dhcpd4
PIDFile=/var/dhcpd/dhcpd4.pid
User=dhcp
AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW
ProtectSystem=full
ProtectHome=on
KillSignal=SIGINT
RestartSec=6s
Restart=always
StartLimitInterval=12s
[Install]
WantedBy=multi-user.target
')
/etc/dhcpd.conf
$this->bbcode_second_pass_code('', '
# option definitions common to all supported networks...
#authoritative;
lease-file-name "/var/dhcpd/dhcpd4.leases";
#ignore client-updates;
#allow unknown-clients;
#use-host-decl-names on;
default-lease-time 86400;
max-lease-time 86400;
one-lease-per-client true;
# home.lan. DNS zone
#ddns-updates false;
#ddns-update-style standard;
#include "/var/dhcpd/rndc.key";
#zone home.lan. {
# primary 192.168.1.253;
# key rndc-key;
#}
#zone 1.168.192.in-addr.arpa. {
# primary 192.168.1.253;
# key rndc-key;
#}
# option definitions common to all supported networks...
option subnet-mask 255.255.255.0;
option routers 192.168.1.254;
option broadcast-address 192.168.1.255;
option domain-name "home.lan";
option ntp-servers 192.168.1.253;
# home.lan LAN range
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.30;
#ddns-domainname "home.lan.";
#ddns-rev-domainname "1.168.192.in-addr.arpa.";
#get-lease-hostnames true;
#use-host-decl-names true;
}
')
The result of netstat -tulpn | grep --color "dhcpd":
$this->bbcode_second_pass_code('', '
udp 0 0 0.0.0.0:67 0.0.0.0:* 246/dhcpd
')
The result of journalctl /usr/bin/dhcpd:
$this->bbcode_second_pass_code('', '
april 24 02:32:06 moopione dhcpd[246]: WARNING: Overwriting trace file "/var/dhcpd/trace.log"
april 24 02:32:06 moopione dhcpd[246]: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specifie>
april 24 02:32:06 moopione dhcpd[246]: Source compiled to use binary-leases
april 24 02:32:06 moopione dhcpd[246]: Wrote 0 leases to leases file.
april 24 02:32:06 moopione dhcpd[246]: Server starting service.
')
The result of systemctl status:
$this->bbcode_second_pass_code('', '
State: running
Jobs: 0 queued
Failed: 0 units
Since: Thu 1970-01-01 01:00:07 CET; 48 years 3 months ago
CGroup: /
├─user.slice
│ └─user-1000.slice
│ ├─user@1000.service
│ │ └─init.scope
│ │ ├─282 /usr/lib/systemd/systemd --user
│ │ └─283 (sd-pam)
│ └─session-c1.scope
│ ├─278 sshd: alarm [priv]
│ ├─288 sshd: alarm@pts/0
│ ├─289 -bash
│ ├─290 su
│ ├─293 bash
│ ├─314 systemctl status
│ └─315 less
├─init.scope
│ └─1 /sbin/init
└─system.slice
├─lvm2-lvmetad.service
│ └─203 /usr/bin/lvmetad -f
├─dbus.service
│ └─235 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog->
├─sshd.service
│ └─243 /usr/bin/sshd -D
├─system-serial\x2dgetty.slice
│ └─serial-getty@ttyAMA0.service
│ └─245 /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyAMA0 vt220
├─dhcpd4.service
│ └─312 /usr/bin/dhcpd -4 -q -cf /etc/dhcpd.conf -lf /var/dhcpd/dhcpd4.leases -pf /var/dhcpd/dhcpd4.pid -tf >
├─system-getty.slice
│ └─getty@tty1.service
│ └─244 /sbin/agetty -o -p -- \u --noclear tty1 linux
├─systemd-logind.service
│ └─233 /usr/lib/systemd/systemd-logind
├─systemd-resolved.service
│ └─231 /usr/lib/systemd/systemd-resolved
├─named.service
│ └─248 /usr/bin/named -f -u named
├─systemd-udevd.service
│ └─209 /usr/lib/systemd/systemd-udevd
├─systemd-journald.service
│ └─188 /usr/lib/systemd/systemd-journald
├─haveged.service
│ └─234 /usr/bin/haveged -F -w 1024 -v 1
├─ntpd.service
│ └─250 /usr/bin/ntpd -g -u ntp:ntp
└─systemd-networkd.service
└─216 /usr/lib/systemd/systemd-networkd
')
The DHCP server does not serve any IP addresses.
This is what I have tried:
1. In the examples I found searching, there should be a line in the journal of the form "Listening on Trace/eth0..."
When I replace the interface eth0 in the dhcpd4.service file ti a non existing or "%I", the service fails with the expected error message. So, the eth0 is the correct parameter.
2. I have moved all files (apart from the config) to the folder /var/dhcpd and assigned the owner as user and group dhcp and set 0777 on the whole folder. So, there should be no permission issues anywhere. when I change the permissions on for example the lease file, the service fails with the expected error message. So, there are no permission issues.
3. Using nmap -sU -p 67 --script=dhcp-discover 192.168.1.253 -d locally and from the laptop results in a time out response. Running the above from the laptop while running tcpdump -vnes0 -i eth0 port 67 or port 68 locally shows nothing, no packets, no traffic.
4. I have set the system loglevel to debug in /etc/systemd/system.conf. No additional info regarding dhcpd.
5. I have modified the subnet definition in the dhcpd.conf and the service fails with the expected error message.
I have an open port with a running service that does not serve any leases. It seems as if something blocks the packages, but there is no firewall. I would be grateful for any suggestions!
Cheers!