Make a DHCP server using Fedora - Help
Antonio Olivares
olivares14031 at yahoo.com
Sat Nov 15 17:55:41 UTC 2008
--- On Sat, 11/15/08, Antonio Olivares <olivares14031 at yahoo.com> wrote:
> > >>>subnet 10.154.19.0 netmask 255.255.255.0 {
> > >>>}
> > >>>
> > >>># This is a very basic subnet declaration.
> > >>>
> > >>>subnet 10.154.19.0 netmask 255.255.255.224
> {
> > >>> range 10.154.19.10 10.154.19.20;
> > >>> option routers rtr-239-0-1.example.org,
> > >>>
> > >>>
> > >>rtr-239-0-2.example.org;
> > >>
> > >>
> > >>>}
> > >>>
> > >>>
> > >>It seems pointlessly redundant to declare a
> subnet
> > twice.
> > >>And stranger
> > >>to declare it differently. I see no point for
> the
> > first
> > >>one.
> > >>
> > >>--
> > >>[tim at localhost ~]$ uname -r
> > >>2.6.26.6-79.fc9.i686
> > >>
> > >>Don't send private replies to my address,
> the
> > mailbox
> > >>is ignored. I
> > >>read messages from the public lists.
> > >>
> > >>
> > >
> > >Which one should I keep Tim, the first one or the
> > second one?
> > >
> > >I have tried before and not succeeded, I want to
> > succeed this time.
> > >
> > >The machine that will become the server has
> gateway
> > 10.154.19.1, is it okay to make the server
> > >10.154.19.0 ?
> > >
> > >Also the machine's netmask is 255.255.255.0
> and the
> > netmask of the server should it be 255.255.255.0 or
> > 255.255.255.254 or other thing?
> > >
> > >Thanks,
> > >
> > >Antonio
> > >
> >
> > Dear You,
> >
> > Please try these :
> >
> > <>subnet 10.154.19.0 netmask 255.255.255.224
> > {
> > range 10.154.19.10 10.154.19.20;
> > option routers
> > rtr-239-0-1.example.org,rtr-239-0-2.example.org;
> > }
> >
> > Good luck !
>
> I tried that and it does not work :(
>
> [root at localhost ~]# cat /etc/dhcpd.conf
> # dhcpd.conf
> #
> # Sample configuration file for ISC dhcpd
> #
>
> # option definitions common to all supported networks...
> #option domain-name "example.org";
>
> #option domain-name-servers ns1.example.org,
> ns2.example.org;
>
> default-lease-time 600;
> max-lease-time 7200;
>
> # Use this to enble / disable dynamic dns updates globally.
> ddns-update-style none;
>
> # If this DHCP server is the official DHCP server for the
> local
> # network, the authoritative directive should be
> uncommented.
> authoritative;
>
>
> # Use this to send dhcp log messages to a different log
> file (you also
> # have to hack syslog.conf to complete the redirection).
>
> log-facility local7;
>
>
> # No service will be given on this subnet, but declaring it
> helps the
> # DHCP server to understand the network topology.
>
>
> #subnet 10.154.19.0 netmask 255.255.255.0 {
> #}
>
> # This is a very basic subnet declaration.
>
> subnet 10.154.19.0 netmask 255.255.255.224 {
> range 10.154.19.10 10.154.19.20;
> option routers rtr-239-0-1.example.org,
> rtr-239-0-2.example.org;
> }
>
>
> [root at localhost ~]# dhcpd -f
> Internet Systems Consortium DHCP Server 4.0.0
> Copyright 2004-2007 Internet Systems Consortium.
> All rights reserved.
> For info, please visit http://www.isc.org/sw/dhcp/
> Not searching LDAP since ldap-server, ldap-port and
> ldap-base-dn were not specified in the config file
>
> Wrote 0 leases to leases file.
>
>
> No subnet declaration for eth0 (10.154.19.210).
> ** Ignoring requests on eth0. If this is not what
> you want, please write a subnet declaration
> in your dhcpd.conf file for the network segment
> to which interface eth0 is attached. **
>
>
> Not configured to listen on any interfaces!
>
> This version of ISC DHCP is based on the release available
> on ftp.isc.org. Features have been added and other changes
> have been made to the base software release in order to
> make
> it work better with this distribution.
>
> Please report for this software via the Red Hat Bugzilla
> site:
> http://bugzilla.redhat.com
>
> exiting.
>
>
> I also have added to iptables two lines and ran
> iptables-save
>
> when I read the following:
> upon reading another page:
> http://chwang.blogspot.com/2007/11/making-linux-fedora-core-8-as-gateway.html
>
> it says iptables and has this part:
>
> # Forward all packets from eth1 (internal network) to eth0
> (the public internet)
> iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
> # Forward packets that are part of existing and related
> connections from eth0 to eth1
> iptables -A FORWARD -i eth0 -o eth1 -m state --state
> ESTABLISHED,RELATED -j ACCEPT
> # Enable SNAT functionality on eth0. a.b.c.d are generally
> the ip of the eth0
> iptables -A POSTROUTING -t nat -s 192.168.1.0/24 -o eth0 -j
> SNAT --to-source a.
>
>
> Added ===> iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
> and ===> iptables -A FORWARD -i eth0 -o eth1 -m state
> --state ESTABLISHED,RELATED -j ACCEPT
>
> Did not add SNAT, does that make a difference?
>
> [root at localhost ~]# iptables-save
>
> # Generated by iptables-save v1.4.1.1 on Sat Nov 15
> 11:42:58 2008
> *filter
>
> :INPUT ACCEPT [0:0]
>
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [59634:9393428]
> :RH-Firewall-1-INPUT - [0:0]
> -A INPUT -j RH-Firewall-1-INPUT
> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
> -A FORWARD -i eth1 -o eth0 -j ACCEPT
> -A FORWARD -i eth0 -o eth1 -m state --state
> RELATED,ESTABLISHED -j ACCEPT
> -A RH-Firewall-1-INPUT -i lo -j ACCEPT
> -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j
> ACCEPT
> -A RH-Firewall-1-INPUT -p esp -j ACCEPT
> -A RH-Firewall-1-INPUT -p ah -j ACCEPT
> -A RH-Firewall-1-INPUT -d 224.0.0.251/32 -p udp -m udp
> --dport 5353 -j ACCEPT
> -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
> -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED
> -j ACCEPT
> -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp
> --dport 22 -j ACCEPT
> -A RH-Firewall-1-INPUT -j REJECT --reject-with
> icmp-host-prohibited
> COMMIT
> # Completed on Sat Nov 15 11:42:58 2008
>
>
> Thanks,
>
> Antonio
>
>
>
>
> --
Also, I forgot to mention that ifcfg-eth1 does not exist, should I create it? and what should I put in it also?
[root at localhost ~]# cd /etc/sysconfig/network-scripts/
[root at localhost network-scripts]# ls
ifcfg-eth0 ifdown-isdn ifup-aliases ifup-plip ifup-wireless
ifcfg-lo ifdown-post ifup-bnep ifup-plusb init.ipv6-global
ifdown ifdown-ppp ifup-eth ifup-post net.hotplug
ifdown-bnep ifdown-routes ifup-ippp ifup-ppp network-functions
ifdown-eth ifdown-sit ifup-ipsec ifup-routes network-functions-ipv6
ifdown-ippp ifdown-sl ifup-ipv6 ifup-sit
ifdown-ipsec ifdown-tunnel ifup-ipx ifup-sl
ifdown-ipv6 ifup ifup-isdn ifup-tunnel
[root at localhost network-scripts]# cat ifcfg-eth0
# nVidia Corporation nForce2 Ethernet Controller
DEVICE=eth0
BOOTPROTO=dhcp
HWADDR=00:0E:A6:42:59:AF
IPV6_AUTOCONF=yes
ONBOOT=yes
[root at localhost network-scripts]# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:0E:A6:42:59:AF
inet addr:10.154.19.210 Bcast:10.154.19.255 Mask:255.255.255.0
inet6 addr: fe80::20e:a6ff:fe42:59af/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:202848 errors:0 dropped:0 overruns:0 frame:0
TX packets:61502 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:106886534 (101.9 MiB) TX bytes:10819090 (10.3 MiB)
Interrupt:22 Base address:0x6000
eth1 Link encap:Ethernet HWaddr 00:60:97:C5:2A:C3
inet6 addr: fe80::260:97ff:fec5:2ac3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:572 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:102299 (99.9 KiB) TX bytes:1836 (1.7 KiB)
Interrupt:18 Base address:0xdf00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:64 errors:0 dropped:0 overruns:0 frame:0
TX packets:64 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:10582 (10.3 KiB) TX bytes:10582 (10.3 KiB)
pan0 Link encap:Ethernet HWaddr AA:FA:32:AC:03:01
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
[root at localhost network-scripts]#
only ifcfg-eth0 exists, and it is the one that gets the ip from the network, the other one is the one that will forward the packets so that other machines can get ips and connect to the internet.
Thanks,
Antonio
More information about the users
mailing list