Installing the Wyse 3: dhcp server and client

In a previous post I showed how to install a Domain Name Relay Daemon to serve as a caching DNS server. Since the firewall will get its address from the DHCP server from your ISP, there's one small configuration we still need to do.
In /etc/dhcp3/dhclient.conf we need to uncomment (or add, if its not there) the following line:

prepend domain-name-servers 192.168.1.254;

This will make sure the firewall itself will query the name server on the firewall to resolve host names on the local network and the Internet.
The firewall should also run a DHCP server for the internal network. The internal network addresses range from 192.168.1.1/255.255.255.0 to 192.168.1.253/255.255.255.0. So, first we need to install a DHCP server:

# apt-get install dhcp3-server

Next, use the following configuration for /etc/dhcp3/dhcpd.conf:

allow bootp;
ddns-update-style none;
subnet 192.168.1.0 netmask 255.255.255.0 {
        default-lease-time 600;
        max-lease-time 7200;
        option subnet-mask 255.255.255.0;
        option broadcast-address 192.168.1.255;
        option domain-name-servers 192.168.1.254;
        option domain-name "earth";
        option routers 192.168.1.254;
        group {
                host internalhost {
                        hardware ethernet 11:11:11:11:11:11;
                        fixed-address 192.168.1.1;
                }
        }
        pool {
                range 192.168.1.10 192.168.1.20;
        }
}

The above configuration will configure the DHCP server to serve addresses from 192.168.1.10/255.255.255.0 to 192.168.1.20/255.255.255.0. This will allow any PC to connect to the local network and get an address.
We also configured a host, called internalhost to receive a fixed address (192.168.1.1), since we want to add this fixed address to our dnrd configuration as well.
The DHCP server will also propagate its own address to the clients as preferred name server.
The bootp flag is used to be able to net-boot some old UNIX machines I have (a Sun Ultra and an HP 712/60). For now, no boot images are configured or served, but this will change in the future.
In a next post, we will start configuring the firewall itself using a GUI called fwbuilder and iptables.

Comments

DrTronic said…
To make sure the DHCP server is only server for a specific interface:
vi /etc/default/dhcp3-server and set the INTERFACES-option to "eth0" or whatever dhcp-server-enabled-interfaced
12:33 PM
Kenneth Westelinck said…
Thanks for the info. However, since the configuration has no subnet declaration for the ip address acquired from my ISP, the server will not listen on the outside interface anyway :)
2:00 PM
Post a Comment

Popular posts from this blog

Remove copy protection from PDF documents

This is probably illegal, so use it at your own risk. Some PDFs on the internet have a copy protection to make sure you cannot copy-paste any content from the PDF into a document you're writing. To circumvent this protection there are several tools available on the internet. I haven't tried any of them, because they're not free ;) There is however a procedure that will enable you to circumvent the copy protection using free tools. The trick is to convert the PDF to a PS (PostScript) document first and then convert it back into a PDF. So, download Ghostview en Ghostscript from: http://www.cs.wisc.edu/~ghost/ . Next, open your PDF in Ghostview. Next, from the "File" menu, select "Convert" (a dialog will pop up) Press "Ok" Fill in the name of the "converted" file. Press "Save" Tada, you can now copy content from your newly created PDF ;)
Read more

The story of the Cobalt Qube

Image
The other week, a friendly colleague of mine brought me a small present. He gave me one of his Cobalt Qube s (for free!) which was collecting dust at his home. He was certain that I could give it a better use. I think I can still remember the days these things hit the market (somewhere in the late 90's). This was a home / office server appliance way before the people of Microsoft thought up their Windows Home Server . It was running some modified version of Linux RedHat, featuring a web interface for all administrative tasks. It also had 2 network cards, so you could easily turn it into a gateway / firewall. The RedHat version running on the Qube was known to be notoriously insecure. It was also running an older 2.0.x kernel which was outdated, even at that time. The Qube 2700 and Qube 2 were both equipped with a MIPS processor. Later models had an i386 architecture. Mine was a Qube 2. Getting the serial connection to work The Qube does not have any VGA adapter, so if you want to s
Read more

Jori Hulkkonen feat. Jerry Valuri - Lo-Fiction

If someone would ask me to compile a list of 10 personal favorites, Lo-Fiction would definitely be ranked very high. I don't think anyone would disagree with this statement. P.S. If someone is able to find the lyrics for this song, please be so kind to post a link. Even though it's English I don't always understand what he's singing about :(
Read more