So, I run my fraternity's computer network. It basically goes through a soekris net4801 router equipped with m0n0wall, then a switch that divides it up into each of our three houses, then a switch at each of the three houses to provide internet service to each room.
Today, a few people running Windows 7 started having difficulties connecting to the internet. So I checked it out, and it looks as if their IP address are 192.168.1.0/24. The network is on 192.168.13.0/24 (not sure why 13 was picked, it was that way long before I took over the position). I tried ipconfig /release /renew, but they kept getting 192.168.1.*, and therefore couldn't connect to the internet. I was able to get it to work by just manually configuring the IP addresses to the proper subnet, but that's just a temporary solution.
Note that they haven't really had any problems in the past.
Anyone know what's going on and how I can make a more permanent solution to the problem? I'm a lot more familiar with Cisco devices than m0n0wall, and I don't have too much experience either way, so a lot of this is kind of new to me.
These are the sort of DHCP log entries I'm getting (newest at the top)... typically, the computer should accept the IP address offered by DHCPOFFER, but it's not doing that in this case:
Mar 3 19:18:33 dhcpd: DHCPINFORM from 192.168.1.133 via sis0: unknown subnet for address 192.168.1.133
Mar 3 19:18:29 dhcpd: DHCPOFFER on 192.168.13.218 to [MAC address] ([name]) via sis0
Mar 3 19:18:28 dhcpd: DHCPNAK on 192.168.1.133 to [MAC address] via sis0
Mar 3 19:18:28 dhcpd: DHCPREQUEST for 192.168.1.133 (192.168.1.1) from [MAC address] via sis0: wrong network.
Mar 3 19:18:28 dhcpd: DHCPDISCOVER from [MAC address] ([name]) via sis0
Posts
Alternatively, set the machine to static ips. It doesn't fix the underlying problem, but they will get their internet back.
What I see in the log is that the suspect machine is asking for dhcp info. The proper dhcp server offers out a new ip for it, but it refuses it and re-requests from 192.168.1.1. If you setup a machine on that subnet, can you ping that ip? The machines are getting the information from somewhere, or they would default to the 169... address.
Use ARP to get the MAC address of the other DHCP server and see if you can trace it back from there. If you don't have managed switches, you can either inspect room-to-room or just do a rolling outage one port at a time until you isolate where the DHCP server is coming from.