Anyone knows what this means in packet trace log related to DHCP packets? Haven't seen before..
Apr 18 21:58:21 21:58:20.881836:CID-0:RT:search gate for untrust:0.0.0.0/68->255.255.255.255/67,17
Apr 18 21:58:21 21:58:20.881836:CID-0:RT:gate_search_specific_bucket: no gate found
Apr 18 21:58:21 21:58:20.881836:CID-0:RT:search gate for untrust:0.0.0.0/68->255.255.255.255/67,17
Apr 18 21:58:21 21:58:20.881836:CID-0:RT:gate_search_specific_bucket: no gate found
Apr 18 21:58:21 21:58:20.881836:CID-0:RT:search widecast gate for untrust:0.0.0.0/68->255.255.255.255/67,17
Apr 18 21:58:21 21:58:20.881836:CID-0:RT:gate_search_widecast_bucket: no gate found
Apr 18 21:58:21 21:58:20.881836:CID-0:RT:check self-traffic on vlan.11, in_tunnel 0x0
I have a guest network DHCP with jDHCPd configured on a vlan interface, which is located in a non-default routing-instance. All the rules allowing the traffic should be in place, but it's still not working for some reason..
Related parts of configuration:
version 12.3X48-D65.1;
system {
dhcp-local-server {
group tys-guest {
interface vlan.11;
}
}
nat {
source {
rule-set untrust-source-nat {
from zone untrust;
to zone untrust;
rule guest-sourcenat {
match {
source-address 10.123.124.0/24;
}
then {
source-nat {
interface;
}
}
}
}
policies {
from-zone untrust to-zone untrust {
policy untrust-internal {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone junos-host {
policy allow-management {
description "Has to be before the deny policy";
match {
source-address something/27;
destination-address any;
application [ junos-ssh junos-https junos-http ];
}
then {
permit;
}
}
policy deny-management-rest {
match {
source-address any;
destination-address any;
application [ junos-ssh junos-https junos-http ];
}
then {
reject;
}
}
policy allow-rest {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
vlan.10;
}
}
security-zone untrust {
screen untrust-screen;
interfaces {
fe-0/0/0.0 {
host-inbound-traffic {
system-services {
dhcp;
tftp;
ike;
ping;
ssh;
}
}
}
vlan.11 {
host-inbound-traffic {
system-services {
dhcp;
ping;
}
}
}
}
}
interfaces {
fe-0/0/0 {
unit 0 {
family inet {
address something/24;
}
}
}
fe-0/0/1 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members vlan-guest;
}
native-vlan-id 10;
}
}
}
fe-0/0/7 {
description Varalinja;
unit 0 {
family inet {
address 192.168.1.2/24;
}
}
}
vlan {
unit 10 {
family inet {
address 10.1.1.254/24;
}
}
unit 11 {
family inet {
address 10.123.124.1/24;
}
}
}
}
routing-options {
interface-routes {
rib-group inet inside;
}
static {
route 10.2.0.0/24 next-hop st0.1;
route 0.0.0.0/0 next-table Main-ISP.inet.0;
}
rib-groups {
Main-ISP-to-4G-ISP {
import-rib [ Main-ISP.inet.0 4G-ISP.inet.0 ];
}
4G-ISP-to-Main-ISP {
import-rib [ 4G-ISP.inet.0 Main-ISP.inet.0 ];
}
inside {
import-rib [ inet.0 Main-ISP.inet.0 4G-ISP.inet.0 ];
}
}
}
access {
address-assignment {
pool something-guest {
family inet {
network 10.123.124.0/24;
range something-guest-range {
low 10.123.124.10;
high 10.123.124.250;
}
dhcp-attributes {
maximum-lease-time 28800;
domain-name something-guest.local;
name-server {
8.8.8.8;
8.8.4.4;
}
router {
10.123.124.1;
}
}
}
}
}
}
routing-instances {
4G-ISP {
instance-type virtual-router;
interface fe-0/0/7.0;
routing-options {
interface-routes {
rib-group inet 4G-ISP-to-Main-ISP;
}
static {
route 0.0.0.0/0 next-hop 192.168.1.1;
}
}
}
Main-ISP {
instance-type virtual-router;
interface fe-0/0/0.0;
interface vlan.11;
routing-options {
interface-routes {
rib-group inet Main-ISP-to-4G-ISP;
}
static {
route 0.0.0.0/0 next-hop somepublicip;
}
}
}
}
vlans {
vlan-guest {
vlan-id 11;
l3-interface vlan.11;
}
vlan-trust {
vlan-id 10;
l3-interface vlan.10;
}
}