bonsoir
La migration de mon serveur Debian de 12 à 13 a entraîné une fâcheuse régression que je n'arrive pas à comprendre :
kea-dhcp4-server, bien que démarré, ne distribue plus les adresses IP aux client, alors qu'il est bien à l'écoute :
/var/log/kea/kea-dhcp4.log
2025-09-30 20:46:14.452 INFO [kea-dhcp4.hosts/510719.139677845735360] HOSTS_BACKENDS_REGISTERED the following host backend types are available: mysql postgresql
2025-09-30 20:46:14.452 WARN [kea-dhcp4.dhcpsrv/510719.139677845735360] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
2025-09-30 20:46:14.452 WARN [kea-dhcp4.dhcp4/510719.139677845735360] DHCP4_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
2025-09-30 20:46:14.453 INFO [kea-dhcp4.dhcpsrv/510719.139677845735360] DHCPSRV_CFGMGR_NEW_SUBNET4 a new subnet has been added to configuration: 192.168.2.0/24 with params: t1=1000, t2=2000, valid-lifetime=4000
2025-09-30 20:46:14.453 INFO [kea-dhcp4.dhcpsrv/510719.139677845735360] DHCPSRV_CFGMGR_SOCKET_TYPE_SELECT using socket type raw
2025-09-30 20:46:14.453 INFO [kea-dhcp4.dhcpsrv/510719.139677845735360] DHCPSRV_CFGMGR_SOCKET_TYPE_SELECT using socket type raw
2025-09-30 20:46:14.453 INFO [kea-dhcp4.dhcpsrv/510719.139677845735360] DHCPSRV_CFGMGR_ADD_IFACE listening on interface eth0
2025-09-30 20:46:14.453 INFO [kea-dhcp4.dhcp4/510719.139677845735360] DHCP4_CONFIG_COMPLETE DHCPv4 server has completed configuration: added IPv4 subnets: 1; DDNS: enabled
2025-09-30 20:46:14.457 INFO [kea-dhcp4.dhcpsrv/510719.139677845735360] DHCPSRV_MYSQL_DB opening MySQL lease database: host=localhost name=kea on-fail=serve-retry-continue password=***** port=3306 type=mysql universe=4 user=kea
2025-09-30 20:46:14.478 INFO [kea-dhcp4.hosts/510719.139677845735360] DHCPSRV_MYSQL_HOST_DB opening MySQL hosts database: host=localhost name=kea on-fail=serve-retry-continue password=***** port=3306 type=mysql universe=4 user=kea
2025-09-30 20:46:14.489 INFO [kea-dhcp4.dhcpsrv/510719.139677845735360] DHCPSRV_DHCP_DDNS_SENDER_STARTED NameChangeRequest sender has been started: enable_updates: yes, server-ip: 127.0.0.1, server-port: 53001, sender-ip: 0.0.0.0, sender-port: 0, max-queue-size: 1024, ncr-protocol: UDP, ncr-format: JSON
2025-09-30 20:46:14.503 INFO [kea-dhcp4.dhcpsrv/510719.139677845735360] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for V4 leases in subnet 192.168.2.0/24
2025-09-30 20:46:14.504 WARN [kea-dhcp4.dhcp4/510719.139677845735360] DHCP4_MULTI_THREADING_INFO enabled: yes, number of threads: 2, queue size: 64
2025-09-30 20:46:14.505 INFO [kea-dhcp4.dhcp4/510719.139677845735360] DHCP4_STARTED Kea DHCPv4 server version 2.6.3 started
2025-09-30 20:49:00.848 INFO [kea-dhcp4.dhcp4/510719.139677812127424] DHCP4_QUERY_LABEL received query: [hwtype=1 ec:4c:8c:01:22:eb], cid=[01:ec:4c:8c:01:22:eb], tid=0xbb1b5bde
2025-09-30 20:55:12.027 INFO [kea-dhcp4.dhcp4/510719.139677803734720] DHCP4_QUERY_LABEL received query: [hwtype=1 ec:4c:8c:01:22:eb], cid=[01:ec:4c:8c:01:22:eb], tid=0x4d555dbf
2025-09-30 21:05:30.031 INFO [kea-dhcp4.dhcp4/510719.139677812127424] DHCP4_QUERY_LABEL received query: [hwtype=1 ec:4c:8c:01:22:eb], cid=[01:ec:4c:8c:01:22:eb], tid=0x8c20dd3d
2025-09-30 21:15:46.858 INFO [kea-dhcp4.dhcp4/510719.139677803734720] DHCP4_QUERY_LABEL received query: [hwtype=1 ec:4c:8c:01:22:eb], cid=[01:ec:4c:8c:01:22:eb], tid=0x97399a30
2025-09-30 21:15:49.802 INFO [kea-dhcp4.dhcp4/510719.139677812127424] DHCP4_QUERY_LABEL received query: [hwtype=1 ec:4c:8c:01:22:eb], cid=[01:ec:4c:8c:01:22:eb], tid=0x97399a30
2025-09-30 21:15:53.799 INFO [kea-dhcp4.dhcp4/510719.139677803734720] DHCP4_QUERY_LABEL received query: [hwtype=1 ec:4c:8c:01:22:eb], cid=[01:ec:4c:8c:01:22:eb], tid=0x97399a30
2025-09-30 21:15:59.788 INFO [kea-dhcp4.dhcp4/510719.139677812127424] DHCP4_QUERY_LABEL received query: [hwtype=1 ec:4c:8c:01:22:eb], cid=[01:ec:4c:8c:01:22:eb], tid=0x3fd19dbf
2025-09-30 21:16:01.494 INFO [kea-dhcp4.dhcp4/510719.139677803734720] DHCP4_QUERY_LABEL received query: [hwtype=1 ec:4c:8c:01:22:eb], cid=[01:ec:4c:8c:01:22:eb], tid=0x3fd19dbf
La base mysql a bien été migrée en 22.2
Il semble bien recevoir les demandes mais ne les honore pas.
/etc/kea/kea-dhcp4.conf
// Configuration dhcpd
{
"Dhcp4": {
# First we set up global values
"authoritative": true,
"valid-lifetime": 4000,
"renew-timer": 1000,
"rebind-timer": 2000,
# Next we set up the interfaces to be used by the server.
"interfaces-config": {
"interfaces": [ "eth0" ],
"dhcp-socket-type" : "raw"
},
# And we specify the type of lease database
"lease-database": {
"type": "mysql",
"name": "kea",
"user": "kea",
"password": "kea",
"host": "localhost",
"port": 3306,
"on-fail" : "serve-retry-continue"
},
"hosts-database": {
"type": "mysql",
"name": "kea",
"user": "kea",
"password": "kea",
"host": "localhost",
"port": 3306,
"on-fail" : "serve-retry-continue"
},
"option-data": [
{
"name": "domain-name",
"data": "vets.in"
},
{
"name": "domain-search",
"data": "vets.in"
},
{
"name": "domain-name-servers",
"data": "192.168.2.1"
},
{
"name": "netbios-name-servers",
"data": "192.168.2.1"
},
{
"name": "ntp-servers",
"data": "192.168.2.1"
},
{
"name": "time-servers",
"data": "192.168.2.1"
},
{
"name": "routers",
"data": "192.168.2.1"
}
],
# DNS Update
"dhcp-ddns": {
"enable-updates": true,
"server-ip": "127.0.0.1",
"server-port":53001,
"sender-ip":"",
"sender-port":0,
"max-queue-size":1024,
"ncr-protocol":"UDP",
"ncr-format":"JSON"
},
"ddns-qualifying-suffix": "vets.in",
"ddns-override-client-update": true,
"ddns-send-updates": true,
"ddns-override-no-update": true,
"ddns-replace-client-name": "when-not-present",
"ddns-generated-prefix": "host",
"ddns-update-on-renew": false,
#"ddns-use-conflict-resolution": true, #déprécié
"hostname-char-set": "[^A-Za-z0-9.-]",
"hostname-char-replacement": "x",
# Finally, we list the subnets from which we will be leasing addresses.
"subnet4": [
{
"id": 1,
"subnet": "192.168.2.0/24",
"next-server": "192.168.2.1",
"boot-file-name": "pxelinux.0",
"pools": [ {
"pool": "192.168.2.10 - 192.168.2.250",
"option-data": [ {
"name": "broadcast-address",
"data": "192.168.2.255"
} ]
} ],
"relay": {
"ip-addresses": ["192.168.2.1"]
}
} ],
"loggers": [ {
"name": "kea-dhcp4",
"output_options": [ {
"output": "/var/log/kea/kea-dhcp4.log"
} ],
#"severity": "INFO"
"severity": "DEBUG"
} ]
}
# DHCPv4 configuration ends with the next line
}
qq jours avant, j'avais migré les ip-tables (gérés par Webmin dont je me suis débarassé) en nft-tables. Je ne pense pas que ça vienne d'une règle mal faite, tout est normalement ouvert sur l'interface eth0 où sont les clients :
(je vais faire mon Didier 😉 je débute en NFT)
/etc/nftables.conf
# Translated by iptables-restore-translate v1.8.9 on Fri Sep 12 11:45:28 2025
flush ruleset
#
# Filtres
#
add table ip filter
add chain ip filter INPUT { type filter hook input priority 0; policy drop; }
add chain ip filter FORWARD { type filter hook forward priority 0; policy accept; }
add chain ip filter OUTPUT { type filter hook output priority 0; policy accept; }
# Autoriser les entrées internes
add rule ip filter INPUT iifname "lo" counter accept
add rule ip filter INPUT iifname "eth0" counter accept
add rule ip filter INPUT iifname "tun0" counter accept
add rule ip filter INPUT ct state related,established counter accept
# Autoriser la réponse au ping
add rule ip filter INPUT ip protocol icmp counter accept
add rule ip filter INPUT ip protocol igmp counter accept
# Autoriser WakeOnLan
add rule ip filter INPUT udp dport 9 counter accept
# Autoriser SSH
add rule ip filter INPUT tcp dport 22 counter accept
# Autoriser DNS
add rule ip filter INPUT tcp dport 53 counter accept
add rule ip filter INPUT udp dport 53 counter accept
# Autoriser HTTP et HTTPS
add rule ip filter INPUT tcp dport 80 counter accept
add rule ip filter INPUT tcp dport 443 counter accept
# Autoriser VPN
add rule ip filter INPUT udp dport 1194 counter accept
#
# Tables NAT
#
add table ip nat
add chain ip nat INPUT { type nat hook input priority 100; policy accept; }
add chain ip nat OUTPUT { type nat hook output priority -100; policy accept; }
add chain ip nat PREROUTING { type nat hook prerouting priority -100; policy accept; }
add chain ip nat POSTROUTING { type nat hook postrouting priority 100; policy accept; }
add rule ip nat POSTROUTING oifname "eth1" counter masquerade
add rule ip nat POSTROUTING oifname "tun0" counter masquerade
#add rule ip nat POSTROUTING oifname "eth0" ip saddr 192.168.3.0/24 counter masquerade
#
# Tables MANGLE
#
add table ip mangle
add chain ip mangle PREROUTING { type filter hook prerouting priority -150; policy accept; }
add chain ip mangle INPUT { type filter hook input priority -150; policy accept; }
add chain ip mangle FORWARD { type filter hook forward priority -150; policy accept; }
add chain ip mangle OUTPUT { type route hook output priority -150; policy accept; }
add chain ip mangle POSTROUTING { type filter hook postrouting priority -150; policy accept; }
# Completed on Fri Sep 12 11:45:28 2025
je suis preneur de vos idées, je sèche.
merci d'avance.