DHCPCentral

From 3DN

Jump to: navigation, search
This site is part of the 3DN Network. Every content on the 3DN Network is subject to the [3DN Terms of Service]. Other sites in the 3DN Network include: 3DN Politics 3DN Technology 3DN Voetbal 3DN Politicap and Dutchie

Contents

DHCP Server

The standard ISC DHCP server is running on omega.

Config Files

  • /etc/default/dhcp3-server: should have 'eth1' in the INTERFACES list NOTE: eth1 has changed to br0 as I created an ethernet bridge on eth1 to facilitate networking the virtual server.

/etc/dhcp3/dhcpd.conf:

  • Nearly all hosts get a fixed IP address from the DHCP server.

A fixed IP address is assigned by, for example: 

host sidly {                # Debian Sid Virtual server
  hardware ethernet 54:52:00:0a:dc:10;
  fixed-address sidly.dutchie.org;
}

This causes the NIC with MAC address 54:52:00:0a:dc:10 to get the IP address for sidly.dutchie.org. The IP address for this hostname should be configured in the Domain Name Server

Shared Networks

I'm now running three interfaces on the physical interface eth1:

  • br0: The ethernet bridge that facilitates the LAN (192.168.1.0/255.255.255.0)
  • br0:0: The ip alias on the ethernet bridge that facilitates the virtual servers (192.168.2.0/255.255.255.0)
  • br0:1: The ip alias on the ethernet bridge that facilitates the wireless devices (192.168.3.0/255.255.255.0)
  • br0:2: The ip alias on the ethernet bridge that facilitates unknown-clients on the WIFI AP (192.168.4.0/255.255.255.0)

Each of these three interfaces has the IP address 192.168.x.1 and acts as a default gw for each of these devices in the network.

To allow multiple networks on one physical interface, the subnet definitions in dhcpd.conf need to be put in a shared-network block: 

shared-network ALLAN {
    subnet 192.168.1.0 netmask 255.255.255.0 {
        filename "pxelinux.0";
        next-server 192.168.1.1;
        option broadcast-address    192.168.1.255;
        option routers              192.168.1.1;
        option domain-name          "dutchie.org.";
        option domain-name-servers  192.168.1.1;
        option ntp-servers          192.168.1.1;
    }
    subnet 192.168.2.0 netmask 255.255.255.0 {
        filename "pxelinux.0";
        next-server 192.168.2.1;
        option broadcast-address    192.168.2.255;
        option routers              192.168.2.1;
        option domain-name          "dutchie.org.";
        option domain-name-servers  192.168.2.1;
        option ntp-servers          192.168.2.1;
    }
    subnet 192.168.3.0 netmask 255.255.255.0 {
        filename "pxelinux.0";
        next-server 192.168.3.1;
        option broadcast-address    192.168.3.255;
        option routers              192.168.3.1;
        option domain-name          "dutchie.org.";
        option domain-name-servers  192.168.3.1;
        option ntp-servers          192.168.3.1;
    }
    subnet 192.168.4.0 netmask 255.255.255.0 {
        range                       192.168.4.2 192.168.4.254;
        option broadcast-address    192.168.4.255;
        option routers              192.168.4.1;
        option domain-name          "dutchie.org.";
        option domain-name-servers  192.168.4.1;
        option ntp-servers          192.168.4.1;
        allow unknown-clients
    }
}

I don't allow unknown-clients on 192.168.1.0/255.255.255.0,192.168.2.0/255.255.255.0 and 192.168.3.0/255.255.255.0. An unknown client is a client that does not have a host declaration in the dhcpd.conf like: 

host xbox {             # Old XBOX
  hardware ethernet 00:0d:3a:c7:fb:ce;
  fixed-address xbox.dutchie.org;
}

Most of the hosts in my network have host declarations like these except for a few that have really static IP addresses. I keep them in my DHCP server so I do keep some flexibility in reassigning IP addresses when I need to.

On 192.168.1.0/255.255.255.0 and 192.168.2.0/255.255.255.0 I would like to be able to do netboots so I can quickly provision any new virtual servers or wired PC's. The above may not be sufficient for that yet and requires some further thought.

The 192.168.4.0 allows unknown-clients just because I'm curious which neighbors try to access my access point. I don't really want to harass them and believe that they often just use my access point because their Windoze just picks the easiest AP it can find unless told otherwise. The least thing I can do is set up a honey pot that will route any and all webservers they try to access to my polite webserver on the honeypot network informing them they're using the access point of their neighbor and if they want to continue to do so they can expect to be billed :-)

All these networks have their own configuration in the Firewall configuration.

Trouble Shooting

DHCP info gets logged in /var/log/daemon.log

Retrieved from "http://wiki.3dn.nl/index.php/DHCPCentral"
Personal tools
Google AdSense