Installing dhcpd on your LAN interface under Red Hat 7.3

Sins committed in Dec 2002, but Jan K. Labanowski, jkl@ccl.net
Disclaimer: all stuff below is a nonsense, and you cannot rely on any of this. Only laywers can tell you how to install your software reliably, or how to sue someone for giving you the wrong advice. The advice below is wrong, and you should not use it, and you cannot sue me either, since you have been warned that this is nonsense. You can also post it wherever you want, provided that you include this notice, or remove any trace of my identity from this memo. -- Jan Labanowski, jkl@ccl.net. Please send corrections to me at jkl@ccl.net and be lenient on me if I do not answer -- I am kind of busy lately.

You may often prefer to have an option that your firewall acts also as DHCP server, i.e., it assigns a dynamic, temporary IP address to a computer when it requests it, e.g., when it boots. Note that static and dynamic IP addresses can coexists safely on the LAN. You need to specify the range of addresses to be used for static addressing, and select a range of addresses to be used for dynamic assignment. In my case, I use static addresses for the desktop computers (which do not move), and the dynamic addresses for the laptops. Static addresses have the advantage since you can assign some services to them (e.g., print server, NFS server, etc) and they will not change their IP addresses. However, when your computer is a client by definition (e.g., a laptop which you carry to work, to hotels, and then bring home), the DHCP is very handy.

Installing dhcpd

To do this, you need to install dhcp (namely, dhcpd -- DHCP daemon). DO not confuse this with a dhcpcd (DHCP client daemon). The DHCP is the server which provides the IP addresses for computers which request it. The DHCP Client daemon is the program running on the computer which requests the address, and renews/maintains it.

I used the RPM package: dhcp-2.0pl5-8.i386.rpm which is available on the 2nd CD in RH 7.3 distribution under RedHat/RPMS. You can also get it from the net, e.g.: ftp://rpmfind.net/linux/redhat/7.3/en/os/i386/RedHat/RPMS/dhcp-2.0pl5-8.i386.rpm
Being a root, I unpacked it as:

rpm -Uhv dhcp-2.0pl5-8.i386.rpm

By default it will come inactive on boot. You need to add a few things.

dhcpd.conf

The /etc/dhcpd.conf file:


subnet 192.168.0.0 netmask 255.255.255.0 { 
        range 192.168.0.127 192.168.0.254; 
        option subnet-mask 255.255.255.0; 
        option broadcast-address 192.168.0.255; 
        option routers 192.168.0.1; 
        option domain-name-servers 192.159.44.10, 211.158.23.19; 
        option domain-name "mylan"; 

This assumes that you will be returning addresses for the "nonroutable"
subnet:  192.168.0.0. Only addresses in the range from 192.168.0.127
to 192.168.0.254 will be served. This way you can use addresses in the
range: 192.168.0.2 to 192.168.0.126 for your computers with static assigned 
addresses. The routers option relates to the IP address of your
router interface (in my case eth1) which is connected to the internal
LAN. In my case, it has the IP address: 192.168.0.1. The domain-name-servers
is a VERY IMPORTANT ENTRY. It is intentionally BOGUS in the above
example (note that digits are larger than 7 in the example above).
You take these numbers from the file: /etc/resolv.conf on
your firewall. Those are usually assigned by your Internet Service 
Provider. You can also run your own DNS server, and then you give
its address here (e.g., if you ran it on the firewall [bad idea], than
it would be 192.168.0.1). Domain name in the above example is what you
want to assigne to your internal network internally. It does not matter
for the world outside, since they only see your firewall, and the
name/address assigned to it.

/etc/sysconfig/dhcpd
The /etc/sysconfig/dhcpdf contains parameters to be entered
on the command line of dhcpd when it is started. In my case, I only give
there the interface name on which I want DHCP to run. In my case,
my LAN is attached to the eth1 interface of my firewal, so this is
where it need to be:
# Command line options here 
DHCPDARGS=eth1



/etc/rc.d/init.d/dhcpd
The script which starts the DHCP server on boot-up is located in
/etc/rc.d/init.d/dhcpd with other startup scripts of RH7.3 linux.
You do not need to edit the script, and look for the line:# chkconfig: - 65 35

or something similar. Change it to:# chkconfig: 345 65 35

The boot-up links for DHCP are usually inactive, so you need to add them.
What I did is:cd /etc/rc.d
find . -name "[SK]*dhcpd" -exec rm {} \;       # this deletes old links
cd init.d
chkconfig --add dhcpd
chkconfig --list dhcpd

You should see "on" at runlevels: 3, 4, and 5.


Your firewall script
By default, the firewall will usually block the broadcasts and will
not allow your LAN computers to query the DHCP for address.
You need to put something like this close to the top of your
firewall script, to allow for the DHCP to serve your LAN
$IPTABLES -t nat -A PREROUTING -i eth1 -p UDP -s 192.168.0.1 \
       --sport 68 --dport 67 -j ACCEPT

$IPTABLES -A OUTPUT -o eth1 -p UDP -s 0.0.0.0/32 --sport 67  \
       -d 255.255.255.255/32 --dport 68 -m state --state ESTABLISHED -j ACCEPT

$IPTABLES -A INPUT  -i eth1 -p UDP -s 0.0.0.0/32 --sport 68 \
      -d 255.255.255.255/32 --dport 67 -m state --state NEW,ESTABLISHED \
      -j ACCEPT

$IPTABLES -A OUTPUT -o eth1 -p UDP -s any/0--sport 67 -d 192.168.0.1 \
      --dport 68 -m state --state ESTABLISHED -j ACCEPT

$IPTABLES -A INPUT  -i eth1 -p UDP -s 192.168.0.1 --sport 68 
     -d any/0 --dport 67 -m state --state NEW,ESTABLISHED -j ACCEPT

                  Rgds





   $IPTABLES -A OUTPUT -o eth1 -p tcp -s 0.0.0.0/32 --sport 67 -d 255.255.255.255/32 --dport 68 -j ACCEPT
        $IPTABLES -A OUTPUT -o $internal_int -p udp -s $internal_ip --sport 67 -d 255.255.255.255 --dport 68 -j ACCEPT
        
        $IPTABLES -A INPUT -i $internal_int -p tcp --sport 68 --dport 67 -j ACC\EPT
   $IPTABLES -A INPUT -i $internal_int -p udp --sport 68 --dport 67 -j ACCEPT



The 

http://www.nobell.org/~gjm/linux/gateway/