[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Make a DHCP server using Fedora - Help



--- On Sat, 11/15/08, edwardspl ita org mo <edwardspl ita org mo> wrote:

> From: edwardspl ita org mo <edwardspl ita org mo>
> Subject: Re: Make a DHCP server using Fedora - Help
> To: olivares14031 yahoo com, "Community assistance, encouragement, and advice for using Fedora." <fedora-list redhat com>
> Date: Saturday, November 15, 2008, 7:06 AM
> Antonio Olivares wrote:
> 
> >--- On Sat, 11/15/08, Tim
> <ignored_mailbox yahoo com au> wrote:
> >
> >  
> >
> >>From: Tim <ignored_mailbox yahoo com au>
> >>Subject: Re: Make a DHCP server using Fedora - Help
> >>To: olivares14031 yahoo com, "Community
> assistance, encouragement, and advice for using
> Fedora." <fedora-list redhat com>
> >>Date: Saturday, November 15, 2008, 1:57 AM
> >>On Fri, 2008-11-14 at 17:42 -0800, Antonio Olivares
> wrote:
> >>    
> >>
> >>>subnet 10.154.19.0 netmask 255.255.255.0 {
> >>>}
> >>>
> >>># This is a very basic subnet declaration.
> >>>
> >>>subnet 10.154.19.0 netmask 255.255.255.224 {
> >>>  range 10.154.19.10 10.154.19.20;
> >>>  option routers rtr-239-0-1.example.org,
> >>>      
> >>>
> >>rtr-239-0-2.example.org;
> >>    
> >>
> >>>}
> >>>      
> >>>
> >>It seems pointlessly redundant to declare a subnet
> twice. 
> >>And stranger
> >>to declare it differently.  I see no point for the
> first
> >>one.
> >>
> >>-- 
> >>[tim localhost ~]$ uname -r
> >>2.6.26.6-79.fc9.i686
> >>
> >>Don't send private replies to my address, the
> mailbox
> >>is ignored.  I
> >>read messages from the public lists.
> >>    
> >>
> >
> >Which one should I keep Tim, the first one or the
> second one?
> >
> >I have tried  before and not succeeded, I want to
> succeed this time. 
> >
> >The machine that will become the server has gateway
> 10.154.19.1, is it okay to make the server 
> >10.154.19.0 ?
> >
> >Also the machine's netmask is 255.255.255.0 and the
> netmask of the server should it be 255.255.255.0 or
> 255.255.255.254 or other thing?
> >
> >Thanks,
> >
> >Antonio
> >
> 
> Dear You,
> 
> Please try these :
> 
> <>subnet 10.154.19.0 netmask 255.255.255.224
> {
> range 10.154.19.10 10.154.19.20;
> option routers
> rtr-239-0-1.example.org,rtr-239-0-2.example.org;
> }
> 
> Good luck !

I tried that and it does not work :(

[root localhost ~]# cat /etc/dhcpd.conf
# dhcpd.conf                           
#                                      
# Sample configuration file for ISC dhcpd
#                                        

# option definitions common to all supported networks...
#option domain-name "example.org";                      
#option domain-name-servers ns1.example.org, ns2.example.org;

default-lease-time 600;
max-lease-time 7200;   

# Use this to enble / disable dynamic dns updates globally.
ddns-update-style none;                                    

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.  
authoritative;                                                 

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).              
log-facility local7;                                                  

# No service will be given on this subnet, but declaring it helps the 
# DHCP server to understand the network topology.                     

#subnet 10.154.19.0 netmask 255.255.255.0 {
#}                                         

# This is a very basic subnet declaration.

subnet 10.154.19.0 netmask 255.255.255.224 {
  range 10.154.19.10 10.154.19.20;          
  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
}                                                                 

[root localhost ~]# dhcpd -f
Internet Systems Consortium DHCP Server 4.0.0
Copyright 2004-2007 Internet Systems Consortium.
All rights reserved.                            
For info, please visit http://www.isc.org/sw/dhcp/
Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file                                                          
Wrote 0 leases to leases file.                                                  

No subnet declaration for eth0 (10.154.19.210).
** Ignoring requests on eth0.  If this is not what
   you want, please write a subnet declaration
   in your dhcpd.conf file for the network segment
   to which interface eth0 is attached. **


Not configured to listen on any interfaces!

This version of ISC DHCP is based on the release available
on ftp.isc.org.  Features have been added and other changes
have been made to the base software release in order to make
it work better with this distribution.

Please report for this software via the Red Hat Bugzilla site:
    http://bugzilla.redhat.com

exiting.


I also have added to iptables two lines and ran iptables-save 

when I read the following:
upon reading another page:
http://chwang.blogspot.com/2007/11/making-linux-fedora-core-8-as-gateway.html

it says iptables and has this part: 

# Forward all packets from eth1 (internal network) to eth0 (the public internet)
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
# Forward packets that are part of existing and related connections from eth0 to eth1
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Enable SNAT functionality on eth0. a.b.c.d are generally the ip of the eth0
iptables -A POSTROUTING -t nat -s 192.168.1.0/24 -o eth0 -j SNAT --to-source a.


Added ===> iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
and ===> iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT

Did not add SNAT, does that make a difference?  

[root localhost ~]# iptables-save                                               
# Generated by iptables-save v1.4.1.1 on Sat Nov 15 11:42:58 2008               
*filter                                                                         
:INPUT ACCEPT [0:0]                                                             
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [59634:9393428]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -i eth1 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sat Nov 15 11:42:58 2008


Thanks,

Antonio 


      


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]