Re: [dhcwg] Re: DHCP behind NAT

Ted Lemon <> Sat, 01 September 2001 13:32 UTC

Received: from ( [] (may be forged)) by (8.9.1a/8.9.1a) with ESMTP id JAA14275; Sat, 1 Sep 2001 09:32:32 -0400 (EDT)
Received: from (localhost []) by (8.9.1a/8.9.1) with ESMTP id JAA24340; Sat, 1 Sep 2001 09:31:52 -0400 (EDT)
Received: from (odin []) by (8.9.1a/8.9.1) with ESMTP id JAA24314 for <>; Sat, 1 Sep 2001 09:31:50 -0400 (EDT)
Received: from ( []) by (8.9.1a/8.9.1a) with ESMTP id JAA14256 for <>; Sat, 1 Sep 2001 09:30:25 -0400 (EDT)
Received: from ( []) by (8.11.3/8.6.11) with ESMTP id f81DPof19496; Sat, 1 Sep 2001 06:25:50 -0700 (PDT)
Received: from (localhost []) by (8.11.3/8.6.11) with ESMTP id f81DVF300365; Sat, 1 Sep 2001 09:31:15 -0400 (EDT)
Message-Id: <>
To: Bernard Dugas <>
Subject: Re: [dhcwg] Re: DHCP behind NAT
In-Reply-To: Message from Bernard Dugas <> of "Sat, 01 Sep 2001 13:57:07 +0200." <>
Date: Sat, 01 Sep 2001 09:31:15 -0400
From: Ted Lemon <>
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: <>

> Note that answering the ip source address is exactly the same that
> answering the giaddr in a normal routed network, as the relay is the ip
> source. So the proposed patch is not changing any behaviour in a normal
> routed network, it's just changing behaviour in NAT context.

There's no reason to have this expectation.   A router normally has
several IP addresses, and any of them could be the source address.   I
would think it most likely that the source address would be the
IP address of the interface on which the relayed packet was sent to
the server, not the IP address of the interface on which the packet
was received.   This is of course usually a perfectly legitimate
address to which to return the packet.

> So I have to tell that to Cisco, so they change the way their NAT handle
> DHCP relayed packet : only their NAT knows what is the right address to
> answer to.

I believe that Cisco supports the subnet selection option.

> So ISC DHCPD will be the only available with a patch for NAT context,
> and I will be the only ISP with a NAT service for its customers ;-)

Somehow I don't think that this will be exciting news for your

> More seriously, what is the point of a Request For Comment if valid
> comments can't be  included ? Actually, I had no time to learn the
> normal process of IETF, so I may have missed some points in the process.
> I should spend some time on that.

Of course you can make comments, but the time to do so is when the
draft comes out, which in this case would have been sixteen years
ago.   I wish you *had* made this comment then.   :'}

> Did you see the patch at :

No, I'm not interested.   I think the subnet selection option solves
your problem, and it has the advantage of being standardized and not
requiring a patch to the server, although possibly the disadvantage of
not working with your router.   :'}

> Thanks a lot for your answer, and for your work with this powerful ISC
> DHCP server.

You're welcome!


dhcwg mailing list