Re: [SLUG] learning dhcpd

James Gray Wed, 07 Jul 2004 17:44:41 -0700

Simon Males wrote:

I am trying to serve dhcp out of eth2, eth0 is my optus internet connection. Can i specify in dhcp which interface to use?

syslog: Jul 7 18:18:01 erupt dhcpd: No subnet declaration for eth0 (211.30.175.xxx). Jul 7 18:18:01 erupt dhcpd: Please write a subnet declaration in your dhcpd.con f file for the Jul 7 18:18:01 erupt dhcpd: network segment to which interface eth0 is attached . Jul 7 18:18:01 erupt dhcpd: exiting.
# more /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto eth2
iface eth2 inet static
        address 192.168.6.1
        netmask 255.255.255.0
# more /etc/dhcpd.conf
option subnet-mask 255.255.255.0;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.6.0 netmask 255.255.255.0 {
  range 192.168.6.10 192.168.6.20;
}

I had a similar problem on my triple interface router/firewall box. It wants a declaration for each interface, but I only provide DHCP on the internal one. The way I got around it was to create two "empty" sections for the DMZ and Internet interface and configured the internal one how I wanted. Then I just added some iptables rules to drop DHCP requests/replies on the DMZ and Internet interfaces. Here's a sanitized version of my config file:

>cat /etc/dhcpd.conf

# dhcpd.conf
#
# Configuration file for ISC dhcpd
#

# option definitions common to all supported networks...
option domain-name "mydomain.foo.bar";
default-lease-time 7200;
max-lease-time 14400;

# Internal network - allocate addresses between .100-150
subnet 10.0.0.0 netmask 255.255.255.0 {
        option ntp-servers 10.0.0.1;
        option time-servers 10.0.0.1;
        range 10.0.0.100 10.0.0.150;
        option domain-name-servers 10.0.0.1;
        option domain-name "mydomain.foo.bar";
        option routers 10.0.0.1;
        option subnet-mask 255.255.255.0;
        option broadcast-address 10.0.0.255;
        }

# Internet interface - EMPTY, we dont provide DHCP!
subnet 1.2.3.4 netmask 255.255.255.252 {
  deny unknown-clients;
  deny booting;
}

# DMZ interface - EMPTY, we dont provide DHCP!
subnet 1.2.4.5 netmask 255.255.255.224 {
  deny unknown-clients;
  deny booting;
}

### SNIPPED the static IP group ###

<<< END OF /etc/dhcpd.conf >>>

Then just block UDP+TCP ports 67/68 on the interfaces you DONT want to use DHCP.

HTH

Cheers,

James
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] learning dhcpd

Reply via email to