Reconfig of dhcp.conf

Chris Arnold carnold at electrichendrix.com
Wed Nov 25 21:05:37 UTC 2009 

On 11/25/09 9:25 AM, "Glenn Satchell" <Glenn.Satchell at uniq.com.au> wrote:

> With a bit of ascii art can you draw the network diagram showing where
> the various networks, server and firewall are set up? Here's a starting
> point based on how I think you've described things so far:
> 
> 192.168.124.0   dhcp server   192.168.123.0            192.168.123.0?
> ----------------eth0==eth1-------------------Firewall----------------
> | | | |                                                      | | | |
> dhcp clients                                             dhcp clients
Firewall(trust port)-----------192.168.123.0(switch)
(dmz port)                       |   |||
    |                            |  dhcp clients
    |                            |
    |                            |
|-- 192.168.124.0(switch)        |
|   |||                          |
|  Dhcp clients                  |
|--(eth0)Dhcp in question(eth1)--|

Above is the basic setup (I hope that makes sense)---cable from
eth0=192.168.124.0 that plugs into a switch on the dmz and cable from
eth1---192.168.123.0 that plugs into a switch on the trust side.

> And can you include dhcpd.conf again please?
authoritative;
option domain-name "domain.com";
option domain-name-servers dns.server.here;
option ntp-servers ntp.server.here;
ddns-update-style interim;
default-lease-time 14400;
max-lease-time 172800;
       subnet 192.168.123.0 netmask 255.255.255.0 {
         option routers 192.168.123.1;
       range 192.168.123.20 192.168.123.250;
         }
       subnet 192.168.124.0 netmask 255.255.255.0 {
         option routers 192.168.124.2;
       range 192.168.124.20 192.168.124.253;
         }
 
Here is the start/stop from dhcpd:
Nov 25 15:29:38 mail dhcpd: Internet Systems Consortium DHCP Server V3.0.7
Nov 25 15:29:38 mail dhcpd: Copyright 2004-2008 Internet Systems Consortium.
Nov 25 15:29:38 mail dhcpd: All rights reserved.
Nov 25 15:29:38 mail dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
Nov 25 15:29:38 mail dhcpd: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
Nov 25 15:29:38 mail dhcpd: Internet Systems Consortium DHCP Server V3.0.7
Nov 25 15:29:38 mail dhcpd: Copyright 2004-2008 Internet Systems Consortium.
Nov 25 15:29:38 mail dhcpd: All rights reserved.
Nov 25 15:29:38 mail dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
Nov 25 15:29:38 mail dhcpd: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
Nov 25 15:29:38 mail dhcpd: Wrote 163 leases to leases file.
Nov 25 15:29:38 mail dhcpd: Listening on LPF/eth1/00:0d:60:19:50:8e/192.168.124/24
Nov 25 15:29:38 mail dhcpd: Sending on   LPF/eth1/00:0d:60:19:50:8e/192.168.124/24
Nov 25 15:29:38 mail dhcpd: Sending on   Socket/fallback/fallback-net

So i know it is listening/sending on 192.168.124. Therefore, will need a trust to dmz policy and a dmz to trust policy? I did that and made no difference. Would it be better to have dhcp on the trust network, 192.168.123.0?

More information about the dhcp-users mailing list