Please confirm with the NOC there is no central DHCP service for your subnet before proceeding.
DHCP is a UDP-broadcast-based protocol which can be used to configure the initial network settings of other computers on the network. Because DHCP client hosts do not yet have an IP address when they boot, they must broadcast a DHCP request to get one and the server will broadcast a reply. These broadcasts will go everywhere on your subnet (and possibly be relayed to the central DHCP server) unless they're blocked by a physical (2-NIC in-line) firewall. Accidentally having more than one DHCP server responding on a network is a frequent cause of network trouble. Be careful. You've been warned.
Running DHCP service on your firewall allows you to:
There are basically two ways of assigning IP addresses with DHCP: randomly from a pool and statically (by manually pairing MAC addresses with fixed IP addresses). One could, for example, use LFW variation #e10 and cause unknown clients to get an IP address from a pool on an isolated 10.0 network while known LFW clients (whose MAC addresses are listed in the DHCP configuration file) would get an address on the normal 10.x network.
/etc/dhcp3/dhcpd.conf" to contain something
similar to the example below (with the values shown in color suitably
modified for your network). If you don't want to do MAC registration,
you can omit the entire "subnet" section with the
blue text or if you
don't want to assign addresses from a pool, you can delete the "subnet"
section with pink text.
You can also add additional "subnet" sections if necessary and/or combine pool and host declarations in a single subnet (as long as any fixed IP addresses are not also in a pool).
The syntax of the "dhcpd.conf" file is documented in the online manpage:
"man dhcpd.conf" and also somewhat in:
"man dhcpd3", but hopefully the one example below
will cover most situations. If not, there are more examples in the
manpages you can consult.
At the shell prompt, type:
touch /etc/dhcp3/dhcpd.leases
/etc/default/dhcp3-server" to say:
INTERFACES="eth1"
/etc/init.d/dhcp3-server start
/etc/init.d/dhcp3-server stop
/etc/init.d/dhcp3-server restart
For debugging, you may initially prefer to start DHCP manually like this:
dhcpd3 -f -d eth0
or
dhcpd3 -f -d eth1
To cause DHCP service to start automatically when the firewall is
rebooted, uncomment the "dhcp3-server" line in
"/etc/runlevel.conf".
When everything is configured to your satisfaction, remember to
run "save-config" to save your work.
The following "dhcpd.conf" file will cause the DHCP server to assign IP addresses with a 3600 second (1 hour) lease from a pool of IP addresses in the 10.0.y.0/24 network to clients whose MAC addresses are NOT listed in the "dhcpd.conf" file. Clients whose MAC addresses ARE listed will get their corresponding fixed IP in the 10.x.y.0/24 network.
ddns-update-style none;
option domain-name "xxx.washington.edu";
option domain-name-servers 128.95.120.1, 128.95.112.1;
default-lease-time 3600;
max-lease-time 3600;
log-facility local7;
lease-file-name "/etc/dhcp3/dhcpd.leases";
shared-network MyLAN {
subnet 10.0.y.0 netmask 255.255.255.0 {
option routers 10.0.y.25; # LFW's 10.0.y IP address
server-identifier 10.0.y.25; # LFW's 10.0.y IP address
pool {
range 10.0.y.1 10.0.y.24;
deny known clients;
}
pool {
range 10.0.y.26 10.0.y.254;
deny known clients;
}
}
subnet 10.x.y.0 netmask 255.255.255.0 {
option routers 10.x.y.25; # LFW's 10.x.y IP address
server-identifier 10.x.y.25; # LFW's 10.x.y IP address
host h115 {
hardware ethernet 10:11:7b:a9:9b:50;
fixed-address 10.x.y.115;
}
host h116 {
hardware ethernet 01:90:5a:a0:b9:25;
fixed-address 10.x.y.116;
}
}
}
Corey Satten
Email -- corey @ u.washington.edu
Web -- http://staff.washington.edu/corey/
Date --
Mon Jan 28 12:25:17 PST 2008