What is the simplest way to make a DHCP server?

willianholtz · 2020-07-07 15:57:42

How can I be getting a MAC address by IP?

/etc/dhcpd.conf file does not work.
As soon as I set the IP with their respective clients, it goes to the network

For example, I have 5 machines that receive IP from the server

subnet 139.96.30.0 netmask 255.255.255.0 {
  range 139.96.30.150 139.96.30.250;
}

   host informatica{
   hardware ethernet 00-21-5A-30-05-4C;
   fixed address 139.96.30.162
  }

   host enfermeiras{
   hardware ethernet D4-3D-7E-EA-17-1B;
   fixed-address 139.96.30.151;
  }

   host portaria{
   hardware ethernet 10-7B-44-16-A7-3E;
   fixed-address 139.96.30.152;
  }

  host bercario{
   hardware ethernet D4-3D-7E-EA-04-AF;
   fixed-address 139.96.30.153;
  }

  host maternidade{
   hardware ethernet 00-23-5A-76-6D-09;
   fixed-address 139.96.30.154;
  }

But it does not work, and does not release the specific IP for the client. How do I overcome this situation, because I need to create rules for each IP.

ewaller · 2020-07-07 17:35:00

What does the journal record when a client attaches? Look for requests and offers. See if the request is for the address the device ends up being assigned. If so, delete the lease from the client system so it stops asking for it.

See if the address being offered is correct according to your rules.
It probably is not, because I think your rules are hosed. Check the documentation, but I've a hunch one does not delimit MAC addresses with a '-'

willianholtz · 2020-07-08 12:22:49

ewaller wrote:

What does the journal record when a client attaches? Look for requests and offers. See if the request is for the address the device ends up being assigned. If so, delete the lease from the client system so it stops asking for it.
See if the address being offered is correct according to your rules.
It probably is not, because I think your rules are hosed. Check the documentation, but I've a hunch one does not delimit MAC addresses with a '-'

Yes, yes, my mistake with the "-", even so, I put ":" and it doesn't work

seth · 2020-07-08 12:33:12

Did you
a) restart the daemon after the change?
b) check the server log on whether the daemon is queried at all? (also check "sudo nmap --script broadcast-dhcp-discover" from the client on whether the dhcp server is picked up)

willianholtz · 2020-07-08 12:57:48

seth wrote:

Did you
a) restart the daemon after the change?
b) check the server log on whether the daemon is queried at all? (also check "sudo nmap --script broadcast-dhcp-discover" from the client on whether the dhcp server is picked up)

a) Yes

B)

root@servidor ~ # nmap --script broadcast-dhcp-discover enp1s0
Starting Nmap 7.80 ( https://nmap.org ) at 2020-07-08 09:53 -03
Pre-scan script results:
| broadcast-dhcp-discover:
|   Response 1 of 1:
|     IP Offered: 192.168.20.24
|     DHCP Message Type: DHCPOFFER
|     Server Identifier: 192.168.20.1
|     IP Address Lease Time: 10m00s
|     Subnet Mask: 255.255.255.0
|     Router: 192.168.20.1
|     Domain Name Server: 187.85.152.10, 187.85.152.11
|_    NTP Servers: 187.85.152.2, 187.85.152.16
Failed to resolve "enp1s0".
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 2.02 seconds

I believe it is activated on ipv6 instead of ipv4, but I am not sure where to change that! Since I tried it in the ways described on the wiki : https://wiki.archlinux.org/index.php/IPv6#Disable_IPv6

my dhcpcd.conf:

#duid
clientid
persistent
vendorclassid
option interface_mtu
option host_name
option rapid_commit
require dhcp_server_identifier

#slaac private
#noipv4ll

noipv6rs
noipv6
noarp

# Endereço de IP interno (caso acesse via ip FIXO)
interface enp1s0
static ip_address=139.96.30.100/24

Last edited by willianholtz (2020-07-08 12:58:40)

seth · 2020-07-08 13:07:30

nmap --script broadcast-dhcp-discover enp1s0

Why did you add the enp1s0?
Anyway, this only receives an IP from 192.168.20.1

If you wanted to select a specifi NIC

nmap -e enp1s0 --script broadcast-dhcp-discover

interface enp1s0
static ip_address=139.96.30.100/24

dhcpcd is configured for a static IP, so of course it won't request one via dhcp…

willianholtz · 2020-07-08 13:30:31

seth wrote:

nmap --script broadcast-dhcp-discover enp1s0
Why did you add the enp1s0?
Anyway, this only receives an IP from 192.168.20.1

If you wanted to select a specifi NIC
nmap -e enp1s0 --script broadcast-dhcp-discover
interface enp1s0
static ip_address=139.96.30.100/24
dhcpcd is configured for a static IP, so of course it won't request one via dhcp…

I think our language is getting in the way of our conversation lol

In this case, I put enp1s0 with a fixed IP so that it will always be delivered with the IP, even if I restart the server, because in the wiki it looks like this:

# ip link set up dev eth0
# ip addr add 139.96.30.100/24 dev eth0 # arbitrary address

So I decided to get the IP through dhcpcd.conf

The case here is, that the server is working as I wanted, it is distributing IP of the configured range, but the problem now is to say that each IP sent to the computers on the internal network (within this defined range) receives IP according to the MAC address each network card.

seth · 2020-07-08 13:48:23

You mean the dhcpcd.conf is from the dhcpd server as well?

However, the main problem is that the nmap scan only found a dhcp server in the 192.168.20.0/24 range.
If the client has multiple NICs and you need to specify one, use "… nmap -e <nic_name> --script …"

Please post the output of

ip a; ip r

from both: the supposed dhcp server as well as from a client that you try to receive an IP via dhcp from.

willianholtz · 2020-07-08 13:55:48

seth wrote:

You mean the dhcpcd.conf is from the dhcpd server as well?
However, the main problem is that the nmap scan only found a dhcp server in the 192.168.20.0/24 range.
If the client has multiple NICs and you need to specify one, use "… nmap -e <nic_name> --script …"
Please post the output of
ip a; ip r
from both: the supposed dhcp server as well as from a client that you try to receive an IP via dhcp from.

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 50:3e:aa:10:d6:f7 brd ff:ff:ff:ff:ff:ff
    inet 139.96.30.100/24 brd 139.96.30.255 scope global noprefixroute enp1s0
       valid_lft forever preferred_lft forever
    inet6 fe80::523e:aaff:fe10:d6f7/64 scope link
       valid_lft forever preferred_lft forever
3: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 04:d9:f5:33:72:e6 brd ff:ff:ff:ff:ff:ff
    inet 192.168.20.12/24 brd 192.168.20.255 scope global dynamic noprefixroute enp2s0
       valid_lft 317sec preferred_lft 242sec
    inet 192.168.20.22/24 brd 192.168.20.255 scope global secondary dynamic enp2s0
       valid_lft 315sec preferred_lft 315sec
    inet6 fe80::6d9:f5ff:fe33:72e6/64 scope link
       valid_lft forever preferred_lft forever
default via 192.168.20.1 dev enp2s0 proto dhcp src 192.168.20.12 metric 203
default via 192.168.20.1 dev enp2s0 proto dhcp src 192.168.20.22 metric 512
139.96.30.0/24 dev enp1s0 proto dhcp scope link src 139.96.30.100 metric 202
192.168.20.0/24 dev enp2s0 proto dhcp scope link src 192.168.20.12 metric 203
192.168.20.1 dev enp2s0 proto dhcp scope link src 192.168.20.22 metric 512

seth · 2020-07-08 14:17:26

seth wrote:

from both: the supposed dhcp server as well as from a client that you try to receive an IP via dhcp from.

willianholtz · 2020-07-08 14:22:43

seth wrote:

seth wrote:
from both: the supposed dhcp server as well as from a client that you try to receive an IP via dhcp from.

Client is a Windows 7 machine.
I'm sending the server's IP to a Windows PC!

seth · 2020-07-08 14:44:06

cmd.exe, "ipconfig /all"
nmap ships windows binaries: https://nmap.org/download.html

willianholtz · 2020-07-08 15:12:46

seth wrote:

cmd.exe, "ipconfig /all"
nmap ships windows binaries: https://nmap.org/download.html

Configura‡Æo de IP do Windows

   Nome do host. . . . . . . . . . . . . . . . : 

trabalho
   Sufixo DNS prim rio . . . . . . . . . . . . : 
   Tipo de n¢. . . . . . . . . . . . . . . . . : 

h¡brido
   Roteamento de IP ativado. . . . . . . . . . : 

nÆo
   Proxy WINS ativado. . . . . . . . . . . . . : 

nÆo
   Lista de pesquisa de sufixo DNS . . . . . . : 

SERVIDOR

Adaptador Ethernet Npcap Loopback Adapter:

   Sufixo DNS espec¡fico de conexÆo. . . . . . : 
   Descri‡Æo . . . . . . . . . . . . . . . . . : 

Microsoft Loopback Adapter
   Endere‡o F¡sico . . . . . . . . . . . . . . : 

02-00-4C-4F-4F-50
   DHCP Habilitado . . . . . . . . . . . . . . : 

Sim
   Configura‡Æo Autom tica Habilitada. . . . . : 

Sim
   Endere‡o IPv6 de link local . . . . . . . . : 

fe80::d0f9:a515:ec05:6ccb%25(Preferencial) 
   Endere‡o IPv4 de Configura‡Æo Autom tica. . : 

169.254.108.203(Preferencial) 
   M scara de Sub-rede . . . . . . . . . . . . : 

255.255.0.0
   Gateway PadrÆo. . . . . . . . . . . . . . . : 
   IAID de DHCPv6. . . . . . . . . . . . . . . : 

419561548
   DUID de Cliente DHCPv6. . . . . . . . . . . : 

00-01-00-01-24-5C-89-44-00-21-5A-30-05-4C
   Servidores DNS. . . . . . . . . . . . . . . : 

fec0:0:0:ffff::1%1
                                                 

fec0:0:0:ffff::2%1
                                                 

fec0:0:0:ffff::3%1
   NetBIOS em Tcpip. . . . . . . . . . . . . . : 

Habilitado

Adaptador Ethernet ConexÆo local:

   Sufixo DNS espec¡fico de conexÆo. . . . . . : 

SERVIDOR
   Descri‡Æo . . . . . . . . . . . . . . . . . : 

ConexÆo de Rede Intel(R) 82566DM-2 Gigabit
   Endere‡o F¡sico . . . . . . . . . . . . . . : 

00-21-5A-30-05-4C
   DHCP Habilitado . . . . . . . . . . . . . . : 

Sim
   Configura‡Æo Autom tica Habilitada. . . . . : 

Sim
   Endere‡o IPv6 de link local . . . . . . . . : 

fe80::1430:66a:4723:8a8%11(Preferencial) 
   Endere‡o IPv4. . . . . . . .  . . . . . . . : 

139.96.30.154(Preferencial) 
   M scara de Sub-rede . . . . . . . . . . . . : 

255.255.255.0
   ConcessÆo Obtida. . . . . . . . . . . . . . : 

quarta-feira, 8 de julho de 2020 09:53:35
   ConcessÆo Expira. . . . . . . . . . . . . . : 

quarta-feira, 8 de julho de 2020 12:18:34
   Gateway PadrÆo. . . . . . . . . . . . . . . : 

139.96.30.100
   Servidor DHCP . . . . . . . . . . . . . . . : 

139.96.30.100
   IAID de DHCPv6. . . . . . . . . . . . . . . : 

234889562
   DUID de Cliente DHCPv6. . . . . . . . . . . : 

00-01-00-01-24-5C-89-44-00-21-5A-30-05-4C
   Servidores DNS. . . . . . . . . . . . . . . : 

8.8.8.8
                                                 

8.8.4.4
   NetBIOS em Tcpip. . . . . . . . . . . . . . : 

Habilitado

Adaptador de t£nel 6TO4 Adapter:

   Sufixo DNS espec¡fico de conexÆo. . . . . . : 

SERVIDOR
   Descri‡Æo . . . . . . . . . . . . . . . . . : 

Adaptador do Microsoft 6to4
   Endere‡o F¡sico . . . . . . . . . . . . . . : 

00-00-00-00-00-00-00-E0
   DHCP Habilitado . . . . . . . . . . . . . . : 

NÆo
   Configura‡Æo Autom tica Habilitada. . . . . : 

Sim
   Endere‡o IPv6 . . . . . . . . . . . . . . . : 

2002:8b60:1e9a::8b60:1e9a(Preferencial) 
   Gateway PadrÆo. . . . . . . . . . . . . . . : 

2002:c058:6301::c058:6301
   Servidores DNS. . . . . . . . . . . . . . . : 

8.8.8.8
                                                 

8.8.4.4
   NetBIOS em Tcpip. . . . . . . . . . . . . . : 

Desabilitado

Adaptador de t£nel isatap.{7705D2EB-F443-4E15-

86D0-01C3F86F42A1}:

   Estado da m¡dia. . . . . . . . . . . . . .  : 

m¡dia desconectada
   Sufixo DNS espec¡fico de conexÆo. . . . . . : 
   Descri‡Æo . . . . . . . . . . . . . . . . . : 

Adaptador do Microsoft ISATAP
   Endere‡o F¡sico . . . . . . . . . . . . . . : 

00-00-00-00-00-00-00-E0
   DHCP Habilitado . . . . . . . . . . . . . . : 

NÆo
   Configura‡Æo Autom tica Habilitada. . . . . : 

Sim

Adaptador de t£nel isatap.SERVIDOR:

   Estado da m¡dia. . . . . . . . . . . . . .  : 

m¡dia desconectada
   Sufixo DNS espec¡fico de conexÆo. . . . . . : 

SERVIDOR
   Descri‡Æo . . . . . . . . . . . . . . . . . : 

Adaptador do Microsoft ISATAP #4
   Endere‡o F¡sico . . . . . . . . . . . . . . : 

00-00-00-00-00-00-00-E0
   DHCP Habilitado . . . . . . . . . . . . . . : 

NÆo
   Configura‡Æo Autom tica Habilitada. . . . . : 

Sim

Nmap Windows for 139.96.30.100

Starting Nmap 7.80 ( https://nmap.org ) at 2020-07-08 12:11 Hora oficial do Brasil

NSE: Loaded 151 scripts for scanning.

NSE: Script Pre-scanning.

Initiating NSE at 12:11

Completed NSE at 12:11, 0.00s elapsed

Initiating NSE at 12:11

Completed NSE at 12:11, 0.00s elapsed

Initiating NSE at 12:11

Completed NSE at 12:11, 0.00s elapsed

Initiating ARP Ping Scan at 12:11

Scanning 139.96.30.100 [1 port]

Completed ARP Ping Scan at 12:11, 0.15s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 12:11

Completed Parallel DNS resolution of 1 host. at 12:11, 0.02s elapsed

Initiating SYN Stealth Scan at 12:11

Scanning 139.96.30.100 [1000 ports]

Discovered open port 445/tcp on 139.96.30.100

Discovered open port 139/tcp on 139.96.30.100

Discovered open port 22/tcp on 139.96.30.100

Discovered open port 3128/tcp on 139.96.30.100

Completed SYN Stealth Scan at 12:11, 0.10s elapsed (1000 total ports)

Initiating Service scan at 12:11

Scanning 4 services on 139.96.30.100

Completed Service scan at 12:11, 11.01s elapsed (4 services on 1 host)

Initiating OS detection (try #1) against 139.96.30.100

Retrying OS detection (try #2) against 139.96.30.100

Retrying OS detection (try #3) against 139.96.30.100

Retrying OS detection (try #4) against 139.96.30.100

Retrying OS detection (try #5) against 139.96.30.100

NSE: Script scanning 139.96.30.100.

Initiating NSE at 12:11

Completed NSE at 12:12, 40.10s elapsed

Initiating NSE at 12:12

Completed NSE at 12:12, 0.01s elapsed

Initiating NSE at 12:12

Completed NSE at 12:12, 0.00s elapsed

Nmap scan report for 139.96.30.100

Host is up (0.00s latency).

Not shown: 996 closed ports

PORT     STATE SERVICE     VERSION

22/tcp   open  ssh         OpenSSH 8.3 (protocol 2.0)

139/tcp  open  netbios-ssn Samba smbd 4.6.2

445/tcp  open  netbios-ssn Samba smbd 4.6.2

3128/tcp open  http-proxy  Squid http proxy 4.12

| http-open-proxy: Potentially OPEN proxy.

|_Methods supported: GET HEAD CONNECTION

|_http-server-header: squid/4.12

|_http-title: ERRO: A URL requisitada n\xC3\xA3o pode ser recuperada

MAC Address: 50:3E:AA:10:D6:F7 (Tp-link Technologies)

No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).

TCP/IP fingerprint:

OS:SCAN(V=7.80%E=4%D=7/8%OT=22%CT=1%CU=44378%PV=N%DS=1%DC=D%G=Y%M=503EAA%TM

OS:=5F05E25D%P=i686-pc-windows-windows)SEQ(SP=101%GCD=1%ISR=10D%TI=Z%CI=Z%I

OS:I=I%TS=A)SEQ(TI=Z%CI=Z%II=I%TS=A)SEQ(CI=Z%II=I)OPS(O1=M5B4ST11NW7%O2=M5B

OS:4ST11NW7%O3=M5B4NNT11NW7%O4=M5B4ST11NW7%O5=M5B4ST11NW7%O6=M5B4ST11)WIN(W

OS:1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)ECN(R=Y%DF=Y%T=40%W=FAF0%

OS:O=M5B4NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=

OS:N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A

OS:=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%D

OS:F=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL

OS:=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)



Network Distance: 1 hop



Host script results:

|_clock-skew: -2m33s

| nbstat: NetBIOS name: SERVIDOR, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)

| Names:

|   SERVIDOR<00>         Flags: <unique><active>

|   SERVIDOR<03>         Flags: <unique><active>

|   SERVIDOR<20>         Flags: <unique><active>

|   \x01\x02__MSBROWSE__\x02<01>  Flags: <group><active>

|   LINUX<00>            Flags: <group><active>

|   LINUX<1d>            Flags: <unique><active>

|_  LINUX<1e>            Flags: <group><active>

| smb2-security-mode: 

|   2.02: 

|_    Message signing enabled but not required

| smb2-time: 

|   date: 2020-07-08T15:09:17

|_  start_date: N/A



TRACEROUTE

HOP RTT     ADDRESS

1   0.00 ms 139.96.30.100



NSE: Script Post-scanning.

Initiating NSE at 12:12

Completed NSE at 12:12, 0.00s elapsed

Initiating NSE at 12:12

Completed NSE at 12:12, 0.00s elapsed

Initiating NSE at 12:12

Completed NSE at 12:12, 0.00s elapsed

Read data files from: C:\Program Files (x86)\Nmap

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 66.51 seconds

           Raw packets sent: 1112 (52.970KB) | Rcvd: 1094 (47.390KB)

Nmap Windows no rotes

Starting Nmap 7.80 ( https://nmap.org ) at 2020-07-08 12:14 Hora oficial do Brasil

NSE: Loaded 151 scripts for scanning.

NSE: Script Pre-scanning.

Initiating NSE at 12:14

Completed NSE at 12:14, 0.00s elapsed

Initiating NSE at 12:14

Completed NSE at 12:14, 0.00s elapsed

Initiating NSE at 12:14

Completed NSE at 12:14, 0.00s elapsed

NSE: Script Post-scanning.

Initiating NSE at 12:14

Completed NSE at 12:14, 0.00s elapsed

Initiating NSE at 12:14

Completed NSE at 12:14, 0.00s elapsed

Initiating NSE at 12:14

Completed NSE at 12:14, 0.00s elapsed

Read data files from: C:\Program Files (x86)\Nmap

Nmap done: 0 IP addresses (0 hosts up) scanned in 2.66 seconds

           Raw packets sent: 0 (0B) | Rcvd: 0 (0B)

WARNING: No targets were specified, so 0 hosts scanned.

seth · 2020-07-08 22:20:30

   Endere‡o F¡sico . . . . . . . . . . . . . . :  00-21-5A-30-05-4C
…
   Endere‡o IPv4. . . . . . . .  . . . . . . . :  139.96.30.154(Preferencial) 
…
   Gateway PadrÆo. . . . . . . . . . . . . . . :  139.96.30.100
   Servidor DHCP . . . . . . . . . . . . . . . :  139.96.30.100

Windows uses the proper dhcp server and has a known MAC but gets the wrong IP (though out of the proper range)
a) did you disconnect all clients after fixing the dhcpd.conf and restarting the service?
b)

seth wrote:

check the server log on whether the daemon is queried at all

willianholtz · 2020-07-09 12:41:08

I solved the problem, there was a wrong line in my dhcpd.conf and dhcpd4 was wrong, because I was using dhcpd4@lan.service, in which I uninstalled everything with pacman -Rnucs dhcp, then removed all entries from him, and just started with systemctl enable dhcpd4 without the "@"

in the case of dhcpd.conf the problem was this:

option domain-name-servers 8.8.8.8, 8.8.4.4;

now it is

option domain-name-servers 8.8.8.8

That is, it does not accept two name servers.

fukawi2 · 2020-07-10 05:35:47

It is perfectly valid to have multiple entries to that option:

https://www.pks.mpg.de/~mueller/docs/suse10.1/suselinux-manual_en/manual/sec.dhcp.server.html wrote:

With the entry option domain-name-servers, specify up to three values for the DNS servers used to resolve IP addresses into hostnames and vice versa.

Something else was wrong with your config.

Arch Linux

#26 2020-07-07 15:57:42

Re: What is the simplest way to make a DHCP server?

#27 2020-07-07 17:35:00

Re: What is the simplest way to make a DHCP server?

#28 2020-07-08 12:22:49

Re: What is the simplest way to make a DHCP server?

#29 2020-07-08 12:33:12

Re: What is the simplest way to make a DHCP server?

#30 2020-07-08 12:57:48

Re: What is the simplest way to make a DHCP server?

#31 2020-07-08 13:07:30

Re: What is the simplest way to make a DHCP server?

#32 2020-07-08 13:30:31

Re: What is the simplest way to make a DHCP server?

#33 2020-07-08 13:48:23

Re: What is the simplest way to make a DHCP server?

#34 2020-07-08 13:55:48

Re: What is the simplest way to make a DHCP server?

#35 2020-07-08 14:17:26

Re: What is the simplest way to make a DHCP server?

#36 2020-07-08 14:22:43

Re: What is the simplest way to make a DHCP server?

#37 2020-07-08 14:44:06

Re: What is the simplest way to make a DHCP server?

#38 2020-07-08 15:12:46

Re: What is the simplest way to make a DHCP server?

#39 2020-07-08 22:20:30

Re: What is the simplest way to make a DHCP server?

#40 2020-07-09 12:41:08

Re: What is the simplest way to make a DHCP server?

#41 2020-07-10 05:35:47

Re: What is the simplest way to make a DHCP server?

Board footer