Droms R. The DHCP handbook

Подождите немного. Документ загружается.

FIGURE 21.9 The Network dialog box.

The Network dialog box lets you set a

client identifier to send to the DHCP

server; just type a string of text into the text box labeled

Client Identifier

(optional). This is equivalent to Example 21.4. You can also customize the list of

domain name servers to use and enter a list of domain names to search, by using

the

Domain Name Servers and Search Domains text boxes. This is equivalent to

Example 21.3.

Controlling the MacOS X DHCP Client from the Command Line

You can make temporary changes to the DHCP configuration on MacOS X and also

get the results of the most recent DHCP exchange by using the

ipconfig command.

This can be very helpful because there is no way to use the GUI to release a lease or

renew a lease. The

ipconfig command operates on a single network interface, and

you have to know the name of the network interface on which you want to operate.

Ethernet and wireless Ethernet interfaces on MacOS X always have a name that starts

with

en and ends with a number. If you have only one Ethernet interface in your

computer, it is

en0. If you have one Ethernet interface and one wireless Ethernet

interface, one is

en0 and the other is en1. You can tell which is which by getting

a list of all the interfaces by using the

ifconfig command, as shown in

Example 21.13.

Example 21.13

dechen% ifconfig -a

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

inet 127.0.0.1 netmask 0xff000000

en0: flags=8863<UP,BROADCAST,b6,RUNNING,SIMPLEX,MULTICAST> mtu 1500

ether 00:03:93:17:66:3c

media: autoselect (none) status: inactive

CHAPTER 21 DHCP Clients376

025 3273 CH21 10/3/02 4:57 PM Page 376

supported media: none

autoselect

10baseT/UTP <half-duplex>

10baseT/UTP <half-duplex,hw-loopback>

10baseT/UTP <full-duplex>

10baseT/UTP <full-duplex,hw-loopback>

100baseTX <half-duplex>

100baseTX <half-duplex,hw-loopback>

100baseTX <full-duplex>

100baseTX <full-duplex,hw-loopback>

en1: flags=8863<UP,BROADCAST,b6,RUNNING,SIMPLEX,MULTICAST> mtu 1500

inet 10.0.0.102 netmask 0xff000000 broadcast 10.255.255.255

ether 00:30:65:01:e7:88

media: autoselect status: active

supported media: autoselect

dechen%

In Example 21.13 you can see three network interfaces: lo0, en0, and en1. The loop-

back interface,

lo0, is never configured with DHCP. The other two can be configured

with DHCP. You can tell that

en0 is the twisted-pair Ethernet interface and en1 is

the wireless interface because

en0 provides so many supported media options, and

with wireless, there is no choice of media type.

In Example 21.13

en1 has the IP address 10.0.102. To release the lease on this IP

address, you use the

ipconfig command as shown in Example 21.14.

Example 21.14

dechen% ipconfig set en0 NONE

After you have released the lease in this way, the DHCP client does not attempt to

get another IP address until you reenable it. You can reenable it by using the

ipcon-

fig command as shown in Example 21.15. You can also trigger a lease renewal at

any time by using the command shown in Example 21.15, even if the client already

has a valid lease.

Example 21.15

dechen% ipconfig set en0 DHCP

You can also find out what options the DHCP server sent the DHCP client on a

particular interface the last time the DHCP client communicated with the server, also

by using the

ipconfig command, as shown in Example 21.16.

The Apple MacOS X DHCP Client 377

Example 21.13 Continued

025 3273 CH21 10/3/02 4:57 PM Page 377

Example 21.16

dechen% ipconfig getpacket en1

op = BOOTREPLY

htype = 1

dp_flags = 0

hlen = 6

hops = 0

xid = 856380767

secs = 0

ciaddr = 10.0.0.102

yiaddr = 10.0.0.102

siaddr = 0.0.0.0

giaddr = 0.0.0.0

chaddr = 0:30:65:1:e7:88

sname =

file =

options:

Options count is 11

server_identifier (ip): 10.0.0.1

dhcp_message_type (uint8): ACK 0x5

lease_time (uint32): 0xe10

renewal_t1_time_value (uint32): 0x708

rebinding_t2_time_value (uint32): 0xbb8

domain_name (string): fugue.com

router (ip_mult): {10.0.0.1}

domain_name_server (ip_mult): {10.0.0.1}

subnet_mask (ip): 255.0.0.0

broadcast_address (ip): 10.255.255.255

end (none):

dechen%

This shows everything in the packet—the options and the BOOTP packet header. A

shell script can use this information to extract interesting options from the packet.

Unfortunately, at the time of this writing there is no way to get the MacOS X DHCP

client to request different options or to send different options.

Summary

This chapter describes the theory of operation of a DHCP client, and then describes

several popular DHCP clients, how to install them, how to configure them, and

some problems that you might see with the clients in the event of a server miscon-

figuration.

CHAPTER 21 DHCP Clients378

025 3273 CH21 10/3/02 4:57 PM Page 378

The DHCP client drives the DHCP protocol; it contains a state machine, handles

message timeouts, configures the network interface according to the responses it gets

from the DHCP server, and unconfigures the interface if it loses contact with the

DHCP server for such a long time that its lease expires.

All DHCP clients follow pretty much the same process in acquiring IP addresses, but

each DHCP client behaves slightly differently in some cases, depending on the

design goals of the implementor.

Summary 379

025 3273 CH21 10/3/02 4:57 PM Page 379

025 3273 CH21 10/3/02 4:57 PM Page 380

IN THIS CHAPTER

• Small Office Network

Architectures

•IP Address Translation

• Running a DHCP Server and

Client on the Same Computer

• Running the DHCP Server on

Your Firewall

•Problems with DSL Routers

• Configuring an Integrated

Router/Server

• Configuring a WAN Port

• Configuring a LAN Port and

Small Network Services

Setting Up DHCP in a

Small Office

Most of this book is targeted at professional network

administrators who are setting up DHCP service for large

sites and who have a great deal of control over how their

networks are configured. This chapter describes how to set

up DHCP service for a smaller network, which may be

connected to the Internet using an analog phone line,

ISDN, DSL, or a cable modem. Seamless integration of

DHCP service from an ISP and DHCP service on a local

network can pose some problems. This chapter addresses

these problems and includes some discussion about fire-

walls that might also be of interest to network administra-

tors at large sites.

The networks discussed in this chapter are in a small office

of some kind—perhaps an ophthalmologist’s office, a

home office, or a network that enables you to share an

Internet connection transparently with your family.

Setting up a DHCP server for such an application isn’t

much different from setting one up for a large site; just

about everything you have learned in previous chapters

applies equally well to a small office environment.

However, some of the things you might do to work around

the limitations of a small networking environment could

interact badly with DHCP service. This chapter informs

you of some of these problems and provides ways of

working around them.

You can use the information in this chapter if any of the

following is true:

•You are connected to an ISP through a bridge, not a

router (for example, with DSL or cable modem

service).

026 3273 CH22 10/3/02 5:05 PM Page 381

•You are running DHCP server on the same computer that you are using to do

IP address translation between your office network and the Internet.

•You are running a DHCP server on the same computer that you are using as a

router or firewall between your network and the Internet.

•You are using one of the integrated, or “appliance,” Internet connection

devices that act as routers and provide DHCP, DNS, and NAT services to the

small office or home network.

Small Office Network Architectures

A very common configuration in small office environments is a computer running

Linux or NetBSD that is connected to the Internet on one interface and to the local

office LAN on a second interface; this computer acts as a router and as a DHCP

server. Often, the Internet connection provides only one IP address, so the router

must be configured to provide NAT (also known as IP masquerading). Even when the

ISP provides more than one IP address, the router is often configured to act as a fire-

wall. In some cases, the router might need to act as a DHCP client on the interface

that is connected to the Internet but as a DHCP server on the other interface. In this

situation, you might use one of the three topologies shown in Figure 22.1.

In Topology A, the router/server is connected directly to the ISP through some kind

of point-to-point link: an analog or ISDN modem, a leased line, or something

similar.

In Topology B, the ISP provides a device that is connected to the ISP’s network on

one side and to the local network on the other. This device is a bridge, forwarding

packets from one network to the other. It probably also filters what it sends so that it

doesn’t forward packets on one side of the bridge that aren’t intended for computers

on the other side of the bridge.

Topology C also includes a device provided by the ISP, but instead of connecting

your side of the device to the local network, you connect it to a separate network

that only your router/server is connected to.

BRIDGING DEVICES

If your ISP provides you with a bridging device to connect your local office network to the

ISP’s network, you should use Topology C if possible. Topology B might inappropriately allow

packets from your ISP’s customers or your ISP onto your network, and it might inappropriately

allow your packets onto your ISP’s customers’ networks. Because your ISP is providing the

interface, you must trust your ISP to configure the bridge so as not to forward packets

containing private information from your network to the ISP’s network. Even if the ISP doesn’t

intend to do this, you might not want to assume that the ISP knows how to configure the

CHAPTER 22 Setting Up DHCP in a Small Office382

026 3273 CH22 10/3/02 5:05 PM Page 382

bridge so that this won’t happen. In addition to the obvious potential security problems, your

DHCP service might interfere with the ISP’s DHCP service, and vice versa.

Ralph Droms tried to use Topology B to set up a home network when he could not locate a

router/server computer to use that had two network interfaces. He found that his DSL link

failed whenever he tried to connect a second computer to the hub in his home. After a few

calls to the ISP, Ralph learned that the DSL link functioned with only one device; as soon as

the DSL equipment in the ISP’s office detected a second computer on the hub, it shut down.

Ralph tracked down a second network interface for his router/server and successfully

connected his home network by using Topology C.

IP Address Translation 383

Internet

Service

Provider

Router/

Server

WAN link

Topology A

Internet

Router/

Server

WAN link ISP Network

Internet

ISP Network

Topology B

Router/

Server

Topology C

Bridge

to ISP

Bridge

at ISP

WAN link

Bridge

to ISP

Bridge

at ISP

Local end of

ISP Network

local LAN

FIGURE 22.1 Three topologies for a small office network.

IP Address Translation

If you are connecting through an Internet connection that provides you with only

one IP address but you have more than one computer in your office that needs to

use the Internet, you need IP address translation. An IP address translation router

operates by rewriting packet headers so that packets sent from your office network to

026 3273 CH22 10/3/02 5:05 PM Page 383

the Internet appear to be coming from the router (which has a valid IP address on

the Internet). Packets sent from the Internet to your router are rewritten and

forwarded to the correct machine on your local network.

If you are using private IP addresses and NAT on a small office network, you can use

DHCP to manage the private IP addresses. Configuring the ISC DHCP server for a

small network, using private IP addresses, is discussed in more detail later in this

chapter.

You can configure an IP address translation router by using any of the topologies

shown in Figure 22.1. If the router also acts as a firewall, keep in mind that

Topology B provides less security than Topology A or C because packets from outside

the firewall actually run on the same network segment as packets running inside the

firewall.

Running a DHCP Server and Client on the Same Computer

If you are connecting to the Internet by using DSL or a cable modem, your ISP most

likely expects you to use DHCP to get an IP address to communicate on the Internet.

In that case, you must set up both a DHCP client and a DHCP server on your

router/server machine.

Running the DHCP Server and Client on Different Interfaces

If you set up a network by using Topology B, you must make sure that the DHCP

server running on your server/router doesn’t try to provide the DHCP client running

on your server/router with an IP address. You can easily exclude the DHCP client

from receiving DHCP service by including a host declaration in the server’s configu-

ration file (see Example 22.1).

Example 22.1

host router-server {

hardware ethernet 08:00:2b:5a:19:22;

deny booting;

}

To run the client and server on different interfaces, you must use an operating system

on which the DHCP distribution supports the use of multiple network interfaces.

You can find a list of these operating systems in Appendix H, “DHCP Server and

Operating System Versions.”

You must also make sure that your DHCP client and server use the correct interfaces;

that is, the DHCP client needs to configure the interface that is connected to your

ISP, and the DHCP server needs to listen for DHCP messages on the interface that is

CHAPTER 22 Setting Up DHCP in a Small Office384

026 3273 CH22 10/3/02 5:05 PM Page 384

connected to your small office network. For both the client and server, you can

specifically identify the interfaces on the command line for each, as shown in

Example 22.2.

Example 22.2

dhclient if0

dhcpd if1

Configuring the Client

The DHCP client normally configures all broadcast interfaces that it finds. To prevent

this, you can either specify on the command line the name of the interface that it

should configure when you invoke it or you can write an interface declaration for

that interface in the

/etc/dhclient.conf

file. The declaration can be as simple as the

one shown in Example 22.3 or as complex as you need to make it.

Example 22.3

interface “ep0” {

}

Configuring the Server

You can either invoke the DHCP server with the name of the interface connected to

your local office network or write a shared-network declaration for the network

connected to the subnet on which your Internet connection is terminated. Example

22.4 shows how you can do this.

Example 22.4

not authoritative;

shared-network ISP {

subnet 192.168.0.0 netmask 255.255.255.0 {

}

subnet 10.0.0.0 netmask 255.255.255.0 {

authoritative;

}

Running a DHCP Server and Client on the Same Computer 385

026 3273 CH22 10/3/02 5:05 PM Page 385