Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 28 Sep 1998 09:24:38 +0800
From:      chas <panda@peace.com.my>
To:        freebsd-questions@FreeBSD.ORG
Subject:   Can DHCP really be this simple ?
Message-ID:  <3.0.32.19980928092424.00683d48@mail.peace.com.my>
next in thread | raw e-mail | index | archive | help 
I've got DHCP running but would appreciate it if someone could
pass an experienced eye over this configuration before I unleash
my Freebie box on 50 unsuspecting users tomorrow !

The FreeBSD box sits between the LAN and firewall as follows :
                 
LAN (50 PCs) <----> fxp1
                    fxp0 <----> Firewall <----> Internet
                    

The following startup scripts are appended to the end of /etc/rc.local :
# Start NATd on the external interface :
/usr/local/sbin/natd -interface fxp0
# Allow all packets through :
/sbin/ipfw -f flush 
/sbin/ipfw add divert natd all from any to any via fxp0
/sbin/ipfw add pass all from any to any
# Start the DHCP server on the internal interface :
/usr/local/sbin/dhcpd fxp1


My /etc/dhcpd.conf file is based on the sample provided :
# dhcpd.conf
server-identifier proxy.ourdomain.com;   # the name of the proxy
option domain-name "ourdomain.com";      # our company's domain
option domain-name-servers ns.ourdomain.com;  # our dns server

shared-network NEURONET {
  option subnet-mask 255.0.0.0;
  default-lease-time 600;
  max-lease-time 7200;
  subnet 10.0.0.0 netmask 255.0.0.0 {
    range 10.0.0.50 10.0.0.254;
    option broadcast-address 10.0.0.255;
    option routers 10.0.0.1;
  }
}

Basically, I just want IPs between 10.0.0.50 and 10.0.0.254 to be
allocated dynamically to PCs connecting on the LAN. The above  seems
to work but it was trial and error so I'm not that confident about 
what I've done.

Also, if I then want to run a server with fixed IP (eg. 202.184.153.17) 
on one of the IPs on the LAN not assigned dynamically (eg. 10.0.0.17),
where is this translation entered ?  

chas

ps. Since DHCP requires the bpfilter option in the kernel, should 
anything else be done to beef up security on this machine ? 
(I'm disabling telnet, ftp, sendmail etc. Plus it sits behind a firewall)





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.32.19980928092424.00683d48>