range 10.5.5.26 10.5.5.30;
option domain-name-servers ns1.internal.example.org;
option domain-name 'internal.example.org';
option routers 10.5.5.1;
option broadcast-address 10.5.5.31;
default-lease-time 600;
max-lease-time 7200;
}
This defines the IP addressing for the 10.5.5.0 subnet. It defines the IP address ranging from 10.5.5.26 through 10.5.5.30 to be dynamically assigned to hosts that reside on that subnet. This example shows that any TCP/IP option can be set from the subnet portion of
the configuration file. It shows to which DNS server the subnet will connect, which can be good for DNS server load balancing, or which can be used to limit the hosts that can be reached through DNS. It defines the domain name, so you can have more than one domain on your network. It can also change the default and maximum lease time.
If you want your server to ignore a specific subnet, the following entry can be used to accomplish this:
subnet 10.152.187.0 netmask 255.255.255.0 {
}
This defines no options for the 10.152.187.0 subnet; therefore, the DHCP server ignores it.
The last part of your dhcp.conf is for defining hosts. This can be good if you want a computer on your network to have a specific IP address or other information specific to that host. The key to completing the host section is to know the hardware address of the host. The hardware address is used to differentiate the host for configuration. You can obtain your hardware address by using the ifconfig command as described previously. The hardware address is on the eth0 line labeled 'Hwaddr'.
host fantasia {
hardware ethernet 08:00:07:26:c0:a5;
fixed-address fantasia.fugue.com;
}
This example takes the host with the hardware address 08:00:07:26:c0:a5 and does a DNS lookup to assign the IP address for fantasia.fugue.com to the host.
DHCP can also define and configure booting for diskless clients like this:
host passacaglia {
hardware ethernet 0:0:c0:5d:bd:95;
filename 'vmunix.passacaglia';
server-name 'toccata.fugue.com';
}
The diskless host passacaglia gets its boot information from server toccata.fugue.com and uses the vmunix.passacaglia kernel. All other TCP/IP configuration can also be included.
Remember, only one DHCP server should exist on a local network to avoid problems. Your DHCP might not work correctly on a LAN with hosts running outdated legacy operating systems. Often Windows NT servers have the Windows DHCP server installed by default. Because there is no configuration file for NT to sort through, that DHCP server configures your host before the Linux server if both machines are on the same LAN. Check your Windows NT servers for this situation and disable DHCP on the Windows NT server; afterward, your other DHCP-enabled hosts should configure correctly. Also, check to make sure that there are no conflicts if you use a cable or DSL modem, wire less access point (WAP), or other intelligent router on your LAN that can provide DHCP
Other Uses for DHCP
A whole host of options can be used in dhcpd.conf; entire books are dedicated to DHCP. The most comprehensive book is The
The DHCP server distribution contains an example of the dhcpd.conf file that you can use as a template for your network. The file shows a basic configuration that can get you started with explanations for the options used.
Using IP Masquerading in Fedora
Three blocks of IP addresses are reserved for use on internal networks and hosts not directly connected to the Internet. The address ranges are from 10.0.0.0 to 10.255.255.255, or 1 Class A network; from 172.16.0.0 to 172.31.255.255, or 16 Class B networks; and from 192.168.0.0 to 192.168.255.255, or 256 Class C networks. Use these IP addresses when building a LAN for your business or home. Which class you choose can depend on the number of hosts on your network.
Internet access for your internal network can be provided by a PC running Fedora or other broadband or dialup router. The host or device is connected to the Internet and is used as an Internet gateway to forward information to and from your LAN. The host should also be used as a firewall to protect your network from malicious data and users while functioning as an Internet gateway.
A PC used in this fashion typically has at least two network interfaces. One is connected to the Internet with the other connected to the computers on the LAN (via a hub or switch). Some broadband devices also incorporate four or more switching network inter faces. Data is then passed between the LAN and the Internet using
Do not rely on a single point of protection for your LAN, especially if you use wireless networking, provide dial-in services, or allow mobile (laptop or PDA) users internal or external access to your network. Companies, institutions, and individuals relying on a 'moat mentality' have often discovered to their dismay that such an approach to security is easily breached. Make sure that your network operation is accompanied by a security policy that stresses multiple levels of secure access, with protection built in to every server and workstation — something easily accomplished with Linux.
Ports
Most servers on your network have more than one task. For example, web servers have to serve both standard and secure pages. You might also be running an FTP server on the same host. For this reason,
