firewalld service file for dhcpd-failover
The problem
I have been practicing with ISC dhcp in preparation for overhauling my network. While working with dhcp failover peers, I have run into a problem. My peers couldn't talk to each other. I eventually figured out it was the firewall. Some of the errors I got included:
Apr 05 17:56:55 centos7-01a.vm.example.com dhcpd[956]: failover peer allvm: I move from recover to startup
Apr 05 17:56:55 centos7-01a.vm.example.com systemd[1]: Started DHCPv4 Server Daemon.
Apr 05 17:57:10 centos7-01a.vm.example.com dhcpd[956]: failover peer allvm: I move from startup to recover
The solution
With the help of a post on the World Wide Web, I have shamelessly ripped off a firewalld service file. Loading this file into the firewall daemon solved my dhcp failover peer communication problem. Do this on both servers.
tf=/usr/lib/firewalld/services/dhcpd-failover.xml
touch "${tf}"; chmod 0644 "${tf}"
cat <<EOF >"${tf}"
<?xml version="1.0" encoding="utf-8"?>
<!-- Reference: https://www.centos.org/forums/viewtopic.php?t=54348 -->
<service version="1.0">
<short>DHCPD Failover</short>
<description>This allows a DHCP server to communicate with a failover peer.</description>
<port protocol="tcp" port="647" />
</service>
EOF
systemctl reload firewalld.service
firewall-cmd --permanent --add-service=dhcpd-failover
firewall-cmd --reload
Comments