[LUG.ro Mix] Bug#296974: /etc/dhclient-script: Make dhclient-script accept default routers outside network with /32 netmasks

Horacio Castellini lugro-mix@lugro.org.ar
Mon, 28 Feb 2005 19:02:49 -0300 

Package: dhcp-client
Version: 2.0pl5-19.1
Severity: wishlist
File: /etc/dhclient-script
Thanks

Well, on highly secure networks (each machine having to route every
packet via a router/firewall, even when staying inside the company
network), dhcp offers are often configured so that the network interface
is configured with a /32 netmask and a default router which is
(obviously) outside that netmask. Well, this works fine with Windows
clients, because they set a host route to the default router(s) on the
network interface which is just being configured followed by a default
route via that host.
dhclient doesn't currently behave like this although it is probably
wanted in most of those configurations to act like this.

A fairly easy solution to the problem would be to edit
/etc/dhclient-script so that both lines which previously read

route add default gw $router

would be replaced by

route add default gw $router \
|| (
          route add -host $router dev $interface
          route add default gw $router
     )

However, this might have unwanted side effects under some circumstances,
such as a configuration with multiple default routers or when the
static-routes option is used to set a route to the default router.

If you want me to, I could probably come up with a cleaner solution,
such as only setting the above host route when the netmask is for a /32 net.

Note that the above configuration is used by many companies, including
large hosters. Large companies and companies with high security
standards want to separate all computers from one another so that they
can only talk to the default router. But this doesn't mean they have a
/30 network to spare for each host (wasting 50% of the available IP
addresses for unneeded network/broadcast addresses and another nearly
25% for unnecessarily duplicated router addresses). This addtion would
help those companies a lot, at least those that use Debian Linux clients 
  ;-)

Regards,
Sven

-- System Information:
Debian Release: 3.1
    APT prefers testing
    APT policy: (991, 'testing'), (50, 'unstable'), (40, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.9-terra
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)


Versions of packages dhcp-client depends on:
ii  libc6                       2.3.2.ds1-20 GNU C Library: Shared
libraries an