SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0000937: dhcp: no possibility to use secondary subnets - MantisBT
MantisBT - Endian Firewall
View Issue Details
0000937Endian FirewallOther Servicespublic2008-06-12 10:122010-09-21 18:33
peter-endian 
 
normalminorhave not tried
confirmedopen 
 
future 
0000937: dhcp: no possibility to use secondary subnets
there is no possibility to use secondary subnets of a zone in dhcp configuration.

If the other subnets would be configured without ip range, one may assign fixed leases of secondary subnets to a mac address.
No tags attached.
Issue History
2008-06-12 10:12peter-endianNew Issue
2008-06-12 15:47peter-endianNote Added: 0001306
2008-06-12 15:47peter-endianTarget Version2.2 => 2.3
2008-09-10 15:58chris-endianTarget Version2.3 => future
2008-11-13 09:19peter-endianNote Added: 0001784
2008-11-13 09:48peter-endianNote Added: 0001785
2008-11-13 14:55peter-endianNote Added: 0001787
2010-09-21 18:33peter-endianStatusnew => confirmed

Notes
(0001306)
peter-endian   
2008-06-12 15:47   
"If the other subnets would be configured without ip range, one may assign fixed leases of secondary subnets to a mac address." -> this is not possible

a possible solution would be, give the possibility to create an instance per interface and filter dhcp traffic between interfaces of the same bridge
(0001784)
peter-endian   
2008-11-13 09:19   
at least there should be the possibility to select the subnet which should be used in a zone. currently only the primary subnet will be used
(0001785)
peter-endian   
2008-11-13 09:48   
from isc.org:
"All versions of the server have the ability to support so-called VLAN configurations, where more than one IP subnet is run on the same network wire, possibly with some traffic isolation performed in the switch. It is also possible to list client identifications in the configuration file and then prevent the server from interacting with clients that have not been so identified. "

we need somthing like that
(0001787)
peter-endian   
2008-11-13 14:55   
dhcp relay is easily supportable by changing the dhcp configuration slightly in order not to have per-zone configuration, but per instance/subnet.

an instance is a subnet declaration, of a subnet which not necessarily must be directly attached to the firewall.
within an instance the already implemented parameter are configurable like our zone configruation already has.

with another configuration possibility, say checkbox, or the like, it must be possible then to define on which interfaces the dhcp server should listen

another checkbox could cause the dhcp server instance to be a relay to a specified server of the specified interface instead of being an authoritative server