Join Log in
Score:1
acgbox avatar Server

No subnet declaration for WAN

ng flag
acgbox
  • I have 2 netcards enp0s3 for WAN and enp0s8 for LAN.
  • WAN has dynamic IP address (received from ISP).
  • LAN has class C static IP address for my local network
  • I have isc-dhcp-server with this config:
nano /etc/dhcp/dhcpd.conf

# ISC-DHCP-Server Configuration
authoritative;
option wpad code 252 = text;
server-identifier 192.168.0.10;
deny duplicates;
one-lease-per-client true;
deny declines;
deny client-updates;
ping-check true;
log-facility local7;
ddns-update-style none;


    host user3 {
    hardware ethernet 40:e2:30:f4:00:04;
    fixed-address 192.168.0.90;
    }

    host user1 {
    hardware ethernet 40:e2:30:f4:00:02;
    fixed-address 192.168.0.50;
    }

class "blockdhcp" {
     match pick-first-value (option dhcp-client-identifier, hardware);
    }
    subclass "blockdhcp" 1:90:68:c3:00:00:00;

subnet 192.168.0.0 netmask 255.255.255.0 {
    option routers 192.168.0.10;
    option subnet-mask 255.255.255.0;
    option broadcast-address 192.168.0.255;
    #option domain-name "example.org";
    option domain-name-servers 8.8.8.8,8.8.4.4;
    min-lease-time 2592000; # 30 days
    default-lease-time 2592000; # 30 days
    max-lease-time 2592000; # 30 days
    pool {
        min-lease-time 60;
        default-lease-time 60;
        max-lease-time 60;
        deny members of "blockdhcp";
        range 192.168.0.100 192.168.0.250;
    }
}

The problem is that the isc-dhcp-server is showing error messages No subnet declaration for enp0s3 (10.0.2.15) because it asks me to assign a range for WAN, and this is not possible because it is dynamic and the ISP provider can eventually change the IP

sudo systemctl status isc-dhcp-server
● isc-dhcp-server.service - ISC DHCP IPv4 server
     Loaded: loaded (/lib/systemd/system/isc-dhcp-server.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2023-01-18 18:29:32 -05; 7min ago
       Docs: man:dhcpd(8)
   Main PID: 17055 (dhcpd)
      Tasks: 4 (limit: 19112)
     Memory: 4.9M
        CPU: 24ms
     CGroup: /system.slice/isc-dhcp-server.service
             └─17055 dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid -cf /etc/dhcp/dhcpd.conf

ene 18 18:29:32 uservm dhcpd[17055]: Sending on   LPF/enp0s8/08:00:27:8d:e7:c9/192.168.0.0/24
ene 18 18:29:32 uservm dhcpd[17055]: 
ene 18 18:29:32 uservm dhcpd[17055]: No subnet declaration for enp0s3 (10.0.2.15).
ene 18 18:29:32 uservm dhcpd[17055]: ** Ignoring requests on enp0s3.  If this is not what
ene 18 18:29:32 uservm dhcpd[17055]:    you want, please write a subnet declaration
ene 18 18:29:32 uservm dhcpd[17055]:    in your dhcpd.conf file for the network segment
ene 18 18:29:32 uservm dhcpd[17055]:    to which interface enp0s3 is attached. **
ene 18 18:29:32 uservm dhcpd[17055]: 
ene 18 18:29:32 uservm dhcpd[17055]: Sending on   Socket/fallback/fallback-net
ene 18 18:29:32 uservm dhcpd[17055]: Server starting service.

How do I avoid this situation so that these error messages that flood the log no longer appear? Thanks in advance

834
2 + 0
Score:2
Nikita Kipriyanov avatar Server
za flag
Nikita Kipriyanov

While the other answer is correct in that it is safe to ignore this warning, some people prefer "zero warning policy", by configuring the system in advance so it won't emit warnings for known situations. Then any warnings system will still generate would be meaningful and you won't accidentally miss them in the stream of "known and expected warnings".

You can configure dhcpd to only listen on interfaces that you want it to provide service on, which is configured in /etc/default/isc-dhcp-server:

INTERFACES="enp0s8"

(by default it is listening everywhere). On newer systems you might need to set it up like this:

INTERFACESv4="enp0s8"
INTERFACESv6=""

Other way to suppress the warning is to let it know the interface/subnet exists, but to not provide any service for it. There is an example how to do that in the stock dhcpd.conf file (probably not the one Ubuntu or Debian has installed in /etc):

# No service will be given on this subnet, but declaring it helps the 
# DHCP server to understand the network topology.

subnet 10.152.187.0 netmask 255.255.255.0 {
}

(replace it the network you have on the WAN NIC). This is exactly what the warning itself suggests.

+ 5
acgbox avatar
ng flag
acgbox
I already have the `INTERFACES="enp0s8"` option declared in that file (I forgot to post it in the question) and it doesn't solve the problem. The second option is not workable for me, because as I explained, my ISP constantly changes the IP address (including range and class), so declaring a specific IP for WAN within the configuration file is a real slavery. But what I don't know is, if it will be possible to "trick" DHCP and add an autoconfiguration (APIPA) or generic IP to WAN inside the configuration file and if this does not affect. I await your opinion on this point
0
Reply
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
That's strange. Does it really use this setting? // You don't declare specific IP, you declare a network. That declaration should be exact (e.g. address of the network and netmask should match whatever you have on the interface), but you can declare that way networks that don't present in the system at all. (Usually this is used on servers that also serve clients behind DHCP proxies.) No matter how often ISP changes your WAN network and netmask, there is finite number of them (and likely not too many), so you can simply list them all.
0
Reply
acgbox avatar
ng flag
acgbox
I think I found the error (please check and if it is correct to select your answer as correct). The solution is `INTERFACESv4="enp0s8"` (and `INTERFACESv6=""` because we are talking about ISC DHCP IPv4 server). Do not use `INTERFACES="enp0s8"` because this format is no longer used in newer versions
1
Reply
acgbox avatar
ng flag
acgbox
I also think it is beneficial to uncomment the lines `DHCPDv4_CONF=/etc/dhcp/dhcpd.conf` and `DHCPDv4_PID=/var/run/dhcpd.pid`
0
Reply
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
Thank you for deeper investigation, I added the important bits into the answer!
1
Reply
Score:0
Massimo avatar Server
ng flag
Massimo 
ene 18 18:29:32 uservm dhcpd[17055]: No subnet declaration for enp0s3 (10.0.2.15).
ene 18 18:29:32 uservm dhcpd[17055]: ** Ignoring requests on enp0s3.  If this is not what
ene 18 18:29:32 uservm dhcpd[17055]:    you want, please write a subnet declaration
ene 18 18:29:32 uservm dhcpd[17055]:    in your dhcpd.conf file for the network segment
ene 18 18:29:32 uservm dhcpd[17055]:    to which interface enp0s3 is attached. **

What this means is, "I don't know anything about that interface and the subnet it's connected to, thus I'll ignore any DHCP request coming from it". Which is perfectly fine, because you don't actually want to provide a DHCP service on your WAN interface.

Just ignore the warning and carry on.

+ 1
acgbox avatar
ng flag
acgbox
So far I have ignored it, but it quickly fills the log with these messages and that is not good
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.