Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: DHCP service
« previous next »
Pages: [1]   Go Down

DHCP service

  • 2 Replies
  • 581 Views

Rick Pellicciotti

DHCP service
« on: April 28, 2000, 07:22:34 PM »
Hi,
Where I work, they originally had a class C address block and a static IP address on each machine.  Since I have been here, we have installed a firewall (WatchGuard) and switched all of the computers to non-routable addresses (172.16.x.x).  The WatchGuard has a web blocking feature which we have implemented.  I have set up "classes" of machines, depending on where  they are used.  The WatchGuard weblocking software allows for different access restrictions depending on the class of the machine.  In other words, computers in the address group 172.16.1.x have unlimited access to the web.  Computers in 172.16.2.x have some restrictions and 172.16.3.x computers
have a lot of restrictions.

Is there a way to get DHCP to work in this environment?  I can imagine it taking 3 servers to do it and some creative netmasking but I am not sure.

I have put up E-smith 3.1 on a box here and I was really impressed with how fast and easy it was to get up and running.  If I can work out this DHCP thing, a big part of my job will be simplified.

Thanks in advance,

Rick Pellicciotti
Logged

Charlie Brady

RE: DHCP service
« Reply #1 on: May 01, 2000, 05:39:04 PM »
Rick Pellicciotti wrote:
> In other words, computers in the
> address group 172.16.1.x have unlimited access to the web.
> Computers in 172.16.2.x have some restrictions and 172.16.3.x
> computers have a lot of restrictions.
>
> Is there a way to get DHCP to work in this environment?  I can
> imagine it taking 3 servers to do it and some creative
> netmasking but I am not sure.

It looks as though three servers each with address 172.16.n.x/netmask 255.255.255.0 will do the trick (for n = 1,2,3). Nothing fancy required. There is no easy way to do it with only one server.

Regards

Charlie
Logged

Brian Snipes

RE: DHCP service
« Reply #2 on: May 05, 2000, 03:34:41 AM »
Is the netmask that you are using 255.255.0.0 or 255.255.255.0?  If it is 255.255.255.0, then I assume you have 3 seperate network segments and need three seperate DHCP servers (although you might be able to tell the DHCP daemon on an e-smith server with 3 NICs (one in each segment) to pass config 1 = 172.16.1.x to NIC1, 172.16.2.x to NIC2, etc.)
If you only have one segment and are using the 255.255.0.0 netmask then you would have to set up exceptions in the DHCP server config file and tell it the MAC address of the workstation and the ip address you want assigned to it.  This is almost as bad as physically setting each ip address but your security would function properly.
The are DHCP how-to docs and FAQs on www.linuxdoc.org and that would be the next place to start (unless someone knows off the top of their head what the config syntax is and shares it here).

Brian
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: DHCP service