dhcpd gateway settings

Tim ignored_mailbox at yahoo.com.au
Sun Apr 24 04:53:13 UTC 2011 

Tim:
>> It doesn't *have* to be the gateway to do that.  It can merely be a
>> server on the LAN.
>         
Aaron Gray:
> It needs to be a DHCP server to serve the BOOTP protocol. Also I need
> to access HTTP to do netboot.

Yes, but it doesn't actually have to be the gateway.  The DHCP server
only needs to be accessible, somehow, on the network.  The IPs it gives
out, either with DHCP or BOOTP can be for any machine on the network
that can be a gateway.

But anyway, I think that's probably digressing from the problem.  I was
just pointing out that the DHCP/BOOTP server only has to be the source
of configuration information.
>         
>> If the computers on the 192.168.0 and 192.168.1 subnets are actually
>> sharing a switch/router where they can directly talk to each other,
>> then they don't need something acting as a gateway.  And you could
>> change the netmask to 255.255.0.0.

> Yes but it would not be separately serving DHCP on 192.168.1.x.

A single server can still do that...  You configure a server to give a
certain response to machines from one place, and another response to the
rest.  Or, you have specific configurations for each machine configured
in the server.


>> It all depends on whether you're trying to enforce a segregation, or
>> just get two different IP address ranges communicating together.

> Just to allow 192.168.1.x to have access to the internet. 

Well, it seems like you're going about it the hard way, then.  If you're
just trying to give access to everything, then I'd have one gateway that
they're all networked to.

My own home LAN consists of various machines, with everything connected
to network switches.  The gateway to the WWW is the ADSL modem/router,
but that's all it does.  A PC on my LAN is a DHCP server, doling out IPs
to other PCs and devices, informing them of the gateway address (the
modem/router), and the DNS server address (the same PC as the DHCP
server, though it doesn't have to be).



>> I have to wonder why do you want 192.168.XXX. subnetting, then?
>> If it's not actually separated by hardware, you can't *enforce*
>> separate networks just by putting in different IPs.

> I am not too worried about that its a temporary thing just to allow
> PXE booting. 

Again, this sounds like you're going about it the hard way.  I see no
reason to need to have split subnets just to play with pixies.  They can
all be on the one subnet.

The only needs for subnetting are when you want to enforce segregation,
so you deliberately isolate parts of the network; or you already have
two isolated networks with one junction between them, and you need to
make them talk through each other.
 

>> Likewise, everything on the 192.168.1 subnet has to go through the
>> 192.168.1 gateway, and *that* gateway has to have access to whatever
>> it needs (e.g. the WWW, if necessary).

> This is what I need to know how to set up.

Well, it sounds like you need to:

      * Test whether the gateway, itself, can access what it needs to
        (the WWW, and both sides of the subnet).
      * Test whether the clients can access the gateway (for testing
        purposes, it's handy to have a webserver on the gateway, so it
        can be "looked at").  For this test, I'd be hand-configuring the
        clients (telling them their own IPs, the gateway IP, the DNS
        server IPs).
      * Test what they can access through the gateway.

The gateway has to pass *everything* through, it has to connect the
traffic from one side to another (e.g. DNS queries have to go through to
a DNS server, HTTP connections have to be made through).  Usually, it
does this with NAT.  Ping is only one test tool you'd use, you'd use dig
to test DNS queries.

You should probably post DHCP/BOOTP configuration files, firewall rule
sets (of gateway and clients), for more eyes to have a look at them.


P.S.  Please do not post HTML emails to this list (including dual plain
text and HTML emails), it's not wanted for a plethora of reasons (which
will start a whole new debate, and possible flamefest, if you ask about
it on the list).  Just one of which is that it makes it a lot harder to
quote text when replying.


-- 
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.

More information about the users mailing list