Solved

ipchains and DHCP

Posted on 2002-04-07
10
258 Views
Last Modified: 2010-03-18
Hello experts:

Is it possible to have a DHCP server setup on a seperate network and obtain your ip address from that server?

DHCP Server Address is 10.1.102.90
DHCP Server has the following scopes:
10.1.101.100 - 200
10.1.102.100 - 200
10.1.103.100 - 200

How can I setup rules on this linux router to distribute the correct ip address to a requesting client?

For instance, if I'm on the 10.1.101.x network, and perform an ipconfig /renew, how can I obtain the ip parameters from the dhcp server?
0
Comment
Question by:escheider
10 Comments
 
LVL 7

Expert Comment

by:HalldorG
ID: 6924959
Think you need seperate network cards as you can only bound one scope to each card.

As the DHCP server would have no chance to deside which network it should give if there where more than one to choose from on the same network card.
0
 
LVL 2

Expert Comment

by:hangman
ID: 6925344
Try setting your network mask to 255.255.0.0
0
 
LVL 40

Accepted Solution

by:
jlevie earned 30 total points
ID: 6925488
DHPC is a broadcast protcol and as such it won't cross router boundaries unassisted. When using hardware routers, like Cisco gear, one configures the router to act as a dhcp forwarder. A similar thing can be done on a linux router with dhcrelay.

Assuming that your linux router can see the DHCP server via eth0 (meaning that eth0 has an IP on the same subnet as the DHCP server, 10.1.102.0/24 in this case) and that eth1 is the subnet that contains the clients you could use 'dhcrelay -i eth1 10.1.102.90'. That will cause dhcrelay to listen for requests on eth1 and forward those requests to the server. You'll want to arrainge for dhcrelay to be started at boot and adding the command to rc.local would be one option. For more information see 'man dhcrelay'.
0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 
LVL 4

Author Comment

by:escheider
ID: 6925534
I think you're on the right track jlevie.  I have done this with Cisco routers using ip helper.  

I will try your suggestion and see what happens.

0
 
LVL 4

Author Comment

by:escheider
ID: 6925541
Question, is dhcprelay a module that will need to be installed.  How can I check to see if it is on my linux box?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 6925568
dhcprelay is part of the dhcp server package and will be installed if dhcp is installed.
0
 
LVL 4

Author Comment

by:escheider
ID: 6926212
jlevie:

It actuall works...now, dhcp uses udp ports 67 and 68, so after I switch to a deny all policy, I assume I'll have to open these ports up to communicate to the server?

Let me know and I'll award you the points.

E
0
 
LVL 40

Expert Comment

by:jlevie
ID: 6926367
I'm guessing that your DHCP server is, per my example above, on the untrusted (eth0) interface and that's where you'll be doing a deny all. If that's the case, then yes you'll need to allow thost UDP ports.
0
 
LVL 4

Author Comment

by:escheider
ID: 6926940
Works great...I knew it could be done.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 6926993
Cool...
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question