Date: Sun, 23 May 2004 15:30:33 -0700 From: Gary Kline <kline@thought.org> To: Rob <stopspam@users.sourceforge.net> Cc: freebsd-questions@freebsd.org Subject: Re: dhcp "dhcpd_ifaces" question. Message-ID: <20040523223033.GA63339@tao.thought.org> In-Reply-To: <40B11902.8070801@users.sourceforge.net> References: <20040523192644.GA46148@tao.thought.org> <40B11902.8070801@users.sourceforge.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, May 24, 2004 at 06:34:58AM +0900, Rob wrote: > Gary Kline wrote: > > To any network wizards on-list, > > > > I'm just tidying up dhcp and namedb files and would like > > to know what strings to put after this: > > > > dhcpd_ifaces= # ethernet interface(s) > > > > I'm assuming it should be "dc0 dc1" but would like to make > > sure. If it would be just as well to leave it blank and > > let dhcpd figure it out, please advise. (In my old config > > file $IFACES wasn't defined.) > > I have dhcpd configured; I'm not using named, so I don't know about that. The reason I broughtup named is that whenever I tried to "start|restart" dhcp there were a slew of errs from named[`pid`] that showed named failing. By itself, starting or restarting named was *fine*. This is obviously one of those csmic mysteries... > > As far as I know, you can use dhcpd_ifaces to limit the DHCP service to only > one interface (provided you have more than one interface on your system). > > I have rl0 and rl1, where rl0 is on the out-side internet, and rl1 on the > internal network (with IP 10.0.0.1). I only want DHCP server for internal > network: I therefore have in /etc/rc.conf: > > dhcpd_ifaces="rl1" > > However, when you look at netstat output, dhcpd is still listening to all > interfaces, which may have some security risks. To further limit this, you > probably need a extra global line in /usr/local/etc/dhcpd.conf : > > local-address 10.0.0.1; > > Then you get a netstat output like this: > > udp4 0 0 10.0.0.1.bootps *.* > I understandmost of wshat you're saying. I have the same 10.0.0.N private net as you so I can (thankfully:) just cut&paste. Can you tell me what might happen in I added "dc0" to my dhcp_interfaces?? I have no clue how this could pose a security risks but I'm more than ready to take your word for it. --There really are a few sleazeballs out there.-- thank you much, gary -- Gary Kline kline@thought.org www.thought.org Public service Unix
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040523223033.GA63339>