Date: Mon, 24 May 2004 06:34:58 +0900 From: Rob <stopspam@users.sourceforge.net> To: Gary Kline <kline@thought.org>, freebsd-questions@freebsd.org Subject: Re: dhcp "dhcpd_ifaces" question. Message-ID: <40B11902.8070801@users.sourceforge.net> In-Reply-To: <20040523192644.GA46148@tao.thought.org> References: <20040523192644.GA46148@tao.thought.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Gary Kline wrote: > To any network wizards on-list, > > I'm just tidying up dhcp and namedb files and would like > to know what strings to put after this: > > dhcpd_ifaces= # ethernet interface(s) > > I'm assuming it should be "dc0 dc1" but would like to make > sure. If it would be just as well to leave it blank and > let dhcpd figure it out, please advise. (In my old config > file $IFACES wasn't defined.) I have dhcpd configured; I'm not using named, so I don't know about that. As far as I know, you can use dhcpd_ifaces to limit the DHCP service to only one interface (provided you have more than one interface on your system). I have rl0 and rl1, where rl0 is on the out-side internet, and rl1 on the internal network (with IP 10.0.0.1). I only want DHCP server for internal network: I therefore have in /etc/rc.conf: dhcpd_ifaces="rl1" However, when you look at netstat output, dhcpd is still listening to all interfaces, which may have some security risks. To further limit this, you probably need a extra global line in /usr/local/etc/dhcpd.conf : local-address 10.0.0.1; Then you get a netstat output like this: udp4 0 0 10.0.0.1.bootps *.* Regards, Rob.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40B11902.8070801>