Date: Wed, 29 Sep 1999 17:44:56 -0400 From: "Troy Settle" <st@i-plus.net> To: "Nathan Mahon" <nathanm@socket.net>, <freebsd-isp@FreeBSD.ORG> Subject: RE: Need Authoritative DHCP server ... Message-ID: <NDBBKPEMLJEBDEPFNHOHAEEJCAAA.st@i-plus.net> In-Reply-To: <NDBBIOANCLGLNFOCLGEOKEEJCBAA.nathanm@socket.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I don't know of any way to *enforce* the use of DHCP using the stock daemon. I'm sure it would be possible to hack dhcpd to perform some action when it grants a lease. For example, set your IPFW to deny all traffic by default, then hack dhcp so that it adds rules to allow traffic for those IPs it has given a lease for. I don't know how well this would work, or if it would even work at all, but it might be worth looking into. > -----Original Message----- > From: Nathan Mahon [mailto:nathanm@socket.net] > Sent: Wednesday, September 29, 1999 3:46 PM > To: Troy Settle; freebsd-isp@FreeBSD.ORG > Subject: RE: Need Authoritative DHCP server ... > > > This is a good setup, however, I'm not sure that it has anything > to do with > the /*enforcment*/ part of my question. > I need something that will require that the dhcp lease match the ip/mac > address of the outgoing packet before it will actually translate it... > I've got issues of users opting not to use DHCP and entering in > the numbers > manually.... this is not something I want to allow... > So ... i need to find something that will choose not to NAT if the DHCP > lease doesn't match the originator of the packet. > Does this make any sense to anyone? > > Vaevictus Asmadi > > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Troy Settle > Sent: Wednesday, September 29, 1999 12:34 PM > To: Vaevictus Asmadi; freebsd-isp@FreeBSD.ORG > Subject: RE: Need Authoritative DHCP server ... > > > > Not sure if I'm answering your question here, but I've got a box running > natd and dhcp without problems. > > In this setup, ed0 faces the internet, and ed1 faces the internal LAN. > > > First, compile your kernel with IPFW and bpfilter. > > Second, apply these IFPW rules: > > 00100 divert 8668 ip from any to any via ed1 > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 65000 allow ip from any to any > > Third, enable natd with the following options in /etc/rc.conf: > > natd_enable="YES" > natd_interface="ed1" > natd_flags="-s -m" > > > Fourth, install and configure DHCP. > >From my /etc/dhcpd.conf: > > server-identifier 10.10.100.1; > subnet 10.10.100.0 netmask 255.255.255.0 { > range 10.10.100.2 10.10.100.254; > option domain-name-servers xxx.yyy.zzz.3 xxx.yyy.zzz.4 xxx.yyy.zzz.5; > option routers 10.10.100.1; > option subnet-mask 255.255.255.0; > option broadcast-address 10.10.100.255; > default-lease-time 2592000; > max-lease-time 2592000; > } > > # match this to the subnet facing the internet > subnet xxx.yyy.zzz.0 netmask 255.255.255.0 { > } > > > Hope this helps, > > -Troy > > > > -----Original Message----- > > From: owner-freebsd-isp@FreeBSD.ORG > > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Vaevictus Asmadi > > Sent: Wednesday, September 29, 1999 9:39 AM > > To: freebsd-isp@FreeBSD.ORG > > Subject: Need Authoritative DHCP server ... > > > > > > I need a reliable DHCP server that will either do NAT or use > existing NAT, > > and using the NAT to enforce use of DHCP... > > Is this possible? > > Has anyone got this to work? > > > > > > Vaevictus Asmadi > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NDBBKPEMLJEBDEPFNHOHAEEJCAAA.st>