From owner-freebsd-isp Wed Sep 29 12:49:33 1999 Delivered-To: freebsd-isp@freebsd.org Received: from mail-smtp.socket.net (mail-smtp.socket.net [216.106.1.32]) by hub.freebsd.org (Postfix) with ESMTP id D072F14E2C for ; Wed, 29 Sep 1999 12:49:21 -0700 (PDT) (envelope-from nathanm@socket.net) Received: from mail.socket.net (mail.socket.net [216.106.1.7]) by mail-smtp.socket.net (8.9.3/8.9.3) with SMTP id DAA24198 for ; Thu, 30 Sep 1999 03:54:48 -0500 Received: from vaevictus ([216.106.0.22]) by mail.socket.net ; Wed, 29 Sep 1999 14:44:14 -0600 From: "Nathan Mahon" To: "Troy Settle" , Subject: RE: Need Authoritative DHCP server ... Date: Wed, 29 Sep 1999 14:46:20 -0500 Message-ID: X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal In-Reply-To: Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a good setup, however, I'm not sure that it has anything to do with the /*enforcment*/ part of my question. I need something that will require that the dhcp lease match the ip/mac address of the outgoing packet before it will actually translate it... I've got issues of users opting not to use DHCP and entering in the numbers manually.... this is not something I want to allow... So ... i need to find something that will choose not to NAT if the DHCP lease doesn't match the originator of the packet. Does this make any sense to anyone? Vaevictus Asmadi -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Troy Settle Sent: Wednesday, September 29, 1999 12:34 PM To: Vaevictus Asmadi; freebsd-isp@FreeBSD.ORG Subject: RE: Need Authoritative DHCP server ... Not sure if I'm answering your question here, but I've got a box running natd and dhcp without problems. In this setup, ed0 faces the internet, and ed1 faces the internal LAN. First, compile your kernel with IPFW and bpfilter. Second, apply these IFPW rules: 00100 divert 8668 ip from any to any via ed1 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 65000 allow ip from any to any Third, enable natd with the following options in /etc/rc.conf: natd_enable="YES" natd_interface="ed1" natd_flags="-s -m" Fourth, install and configure DHCP. From my /etc/dhcpd.conf: server-identifier 10.10.100.1; subnet 10.10.100.0 netmask 255.255.255.0 { range 10.10.100.2 10.10.100.254; option domain-name-servers xxx.yyy.zzz.3 xxx.yyy.zzz.4 xxx.yyy.zzz.5; option routers 10.10.100.1; option subnet-mask 255.255.255.0; option broadcast-address 10.10.100.255; default-lease-time 2592000; max-lease-time 2592000; } # match this to the subnet facing the internet subnet xxx.yyy.zzz.0 netmask 255.255.255.0 { } Hope this helps, -Troy > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Vaevictus Asmadi > Sent: Wednesday, September 29, 1999 9:39 AM > To: freebsd-isp@FreeBSD.ORG > Subject: Need Authoritative DHCP server ... > > > I need a reliable DHCP server that will either do NAT or use existing NAT, > and using the NAT to enforce use of DHCP... > Is this possible? > Has anyone got this to work? > > > Vaevictus Asmadi > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message