Slashdot Mirror
Set up a DHCP server to manage IP addresses
An anonymous reader writes "The second in a three-part series on how to leverage Linux to get the most from your network, this tutorial shows how to set up a Dynamic Host Configuration Protocol (DHCP) server with Internet Systems Consortium (ISC) DHCP. Sample code and configuration files are provided throughout to aid understanding."
http://www.bugmenot.com/view.php?url=www.ibm.com
For small networks, I recommend using dnsmasq. It's a combined DHCP server and DNS server/proxy intended for use on a masquerading gateway that can run nearly without any configuration. Add your mac addresses to /etc/ethers for fixed IP adresses, add your hostnames to /etc/hosts, finito. There is no need to fiddle with to big servers (bind and ISC dhcpd). I use it on my (heavily modified) WRT54G with about 10 to 20 systems without any problems.
Tux2000
Denken hilft.
Actually, DHCP is especially useful on a small network, as you can setup the DHCP server to assign addresses to specific MAC addresses instead of manually configuring the details in the OS.
This is handy if you continually resinstall operating systems on a box, and have gotten used to accessing it via a specific IP address, or whatever.
Besides, by using DHCP, you can add new hosts without doing a thing. This means your friends can come over and plug their shit in without problems, and your network will be filled with with trojans in no time.
Is Slashdot posting Howto's now?
:|
Or did an editor slip up (never!) and hit the "post this" button instead of the "delete" button?
I hate being this confused on a Monday morning...
On my network at home, my DHCP server sets itself up according to my DNS. So if I want to change a few IP addresses, or change my entire network to run in a different netblock, or whatever, it's a simple matter of modifying the two name server zones (something I'd have to do anyway), and restarting everything.
I, admittedly, have a relatively large network for a home user (not that it's that big by /. standards), but it's not large by general standards.
Different people will appreciate different tools for the jobs. Some people like those dedicated router things, but most of them have never left a secure shell session to the office open for fifteen minutes...
You are not alone. This is not normal. None of this is normal.
Anyway my suggestion is if you want better control, what you do is to have your DHCP server assign unknown machines to IP addresses in a quarantine network that possibly runs something like nocatauth to tell new users to contact the admin - phone num etc. Heck maybe put each of them in their own /30 network or something.
Once they call you and you've identified the previously unknown machine and the user and everything is OK (scan for viruses, detect worms etc), you can reassign this machine to its own reserved IP - and possibly reconfigure the relevant switch's port to take it out of the special mode that only allows it to talk to one server and not each other (not all switches support this feature).
This could help prevent unknown machines from spreading worms, or automatically getting access to your network.
This is nice and all, but how about a comprehensive resource for setting up an internal network running IPv6. When adoption of IPv6 is always on the "Coming soon..." list (in North America at least), it would be nice to see an article, HOWTO, or something dealing the current setup and pitfalls.
Knowing that the tools (RADVD or DHCPv6, 6to4 gateways, DNS "AAAA" records, etc.) are out there is one thing, knowing how to get them to fit together and pull it off is another. If anybody knows how to setup an internal IPv6-only network where systems are accessible from "the outside", info would be appreciated.