DHCP relay and external Linux DHCP server

iq25 · November 20, 2013, 4:00pm

I have a problem with my setup. I am trying to use external DHCP server for local wi-fi clients. Server is configured and start isc-dhcp-server process without errors. When wi-fi client connects it does not recieve IP address. DHCP relay status shows that requests are counting and increasing but responses are zero.
DHCP server is on 10.0.2.2/24
Mikrotik is on same LAN 10.0.2.1/24
Interface wan is wired with Linux server through switch.

/ip dhcp-relay> print
Flags: X - disabled, I - invalid 
 #   NAME               INTERFACE               DHCP-SERVER     LOCAL-ADDRESS  
 0   relay1             wifbridge          10.0.2.2        0.0.0.0

/ip address> print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                     
 0   10.10.10.1/22      10.10.8.0       wifibridge                                                
 2   10.0.2.10/24       10.0.2.0        wan

/ip route> print
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  0.0.0.0/0                          wan                       1
 1 ADC  10.0.2.0/24        10.0.2.10       wan                       0
 2 ADC  10.10.8.0/22       10.10.10.1      wifibridge            0

/ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic 
1   chain=srcnat action=masquerade out-interface=wan

 /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic 
...
13   chain=input action=accept src-address=10.0.1.0/24 
14   chain=input action=accept src-address=10.0.2.0/24 
18   chain=forward action=accept dst-address=10.0.2.2 
...

I can ping Linux box with DHCP server from mikrotik router. Linux log says that it is receiving requests and offering IP address.
What am I missing here? Some firewall rules or routes?
THX

SwissWISP · November 20, 2013, 6:27pm

Did you set a static route to 10.10.8.0/22 on your linux box? Additionally I would set the local address of your relay to 10.10.10.1

iq25 · November 21, 2013, 9:17am

SwissWISP I did as you suggested. I set relay local address to 10.10.10.1.
And added static route to Linux. I hope it is correct.

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.0.2.1        0.0.0.0         UG    100    0        0 eth0
10.0.2.0        *               255.255.255.0   U     0      0        0 eth0
10.10.8.0       10.0.2.1        255.255.252.0   UG    0      0        0 eth0

And I can ping 10.10.10.1 from Linux server. But still not receiving IP. Should I add some special DST-NAT rule?

SwissWISP · November 21, 2013, 9:53am

First you should check if basic connectivity works. So assign a static IP to a host (no via DHCP) and check if the connectivity is OK. A second thing you should check is, if connection tracking in the firewall is active.
I must say, that I never used dhcp-relay over a “nated” Router, but basically this should work.

iq25 · November 25, 2013, 8:18am

Hello again! I am back after weekend. I checked that connection tracking is enabled and is on auto mode. Also opened firewall and all input and forward traffic is allowed without conditions. I checked that I can ping remote DHCP from router, same is from DHCP server to DHCP Relay local address. But still not working, requests are counting but responses is zero. I can of course bridge all interfaces together and try if setup works, but my technical goal and requirement is to use remote DHCP server because I will have several wireless hotspots and I want to enable client roaming. Could somebody from Mikrotikls help me here if reading ?
Any good ideas are welcomed from community too.

happystockholm · November 29, 2013, 2:29pm

Hello, Probably its due to the rules in your iptables, your might got traffic forwarded. (instead hiting input chain.)
could you please do a “iptables -nvL” and post the result here for further analysing?

happystockholm · November 29, 2013, 2:30pm

COuld you please check your iptables.

iq25 · December 4, 2013, 1:34pm

Thansk for support. It is fresh Ubuntu LTS server so I believe all traffic is open. But I will post iptables later when I get this box switched on.

lukkes · May 2, 2015, 12:42am

hello did you resolve your problem? i test the same scenario and doesn’t work at first test, so i increment the “delay threshold” and works fine