LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   dhcp server with two subnets (https://www.linuxquestions.org/questions/linux-networking-3/dhcp-server-with-two-subnets-796026/)

strycnine 03-17-2010 08:41 AM
dhcp server with two subnets
 
Hi, I'm trying to build a linux(fedora 12) dhcpd server(and gateway), that have 3 network cards(eth0 have with public ip, eth1 192.168.2.1 class and eth3 with 192.168.3.1 class).

Because I have just a switch, I want to put both cables(from eth1, eth2) in the switch.
Every client has 2 network card(eth0, eth1).
My question is, is there any way to conf eth0 to take from server ip from 192.168.2.1 class, and eth1 from 192.168.3.1?
The internet will work only on eth0.


my dhcpd.conf for now looks like this:

subnet 192.168.2.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option routers 192.168.2.1;
range 192.168.2.101 192.168.2.254;
}

subnet 192.168.3.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option routers 192.168.3.1;
range 192.168.3.101 192.168.3.254;
}

thx

cardy 03-17-2010 12:18 PM
Ok if I am understanding your setup then your asking a lot more than simple DHCP.

The DHCP options you have look good however if you want each client to have an IP on one of each of your internal networks (192.168.2.0 and 192.168.3.0) I believe you would either need separate switches or you will need to setup vLANs on the local switch so that you split the local LANs.

As far as your machines on the internal network talking to the internet you will need a few more things enabled before they can talk to the internet.

On the gateway machine you will need to enable IP routing, this can be done by the following command

Quote:
echo 1 > /proc/sys/net/ipv4/ip_forward
You can also set the above value on most RedHat style distributions in /etc/sysctl.conf by modifying the line

Quote:
# Controls IP packet forwarding
net.ipv4.ip_forward = 0
and setting it to 1 then running

Quote:
sysctl -p
This will allow machines with IPs on the different subnets to logically talk to each other.

I am assuming your eth0 has a single IP from your ISP that allows it to talk to the Internet. To allow other machines on the local network to talk through to the net you will need to enable Network Address Translation (NAT) on the gateway machine so it masquerades the IP addresses of the machines on your local network.

A script similar to this will turn on the masquerade options in linux to allow the machines to talk through the gateway to the Internet. I should point out however that this script does not implement any firewall security for the local host and that if your planning on building a gateway you may first want to investigate some of the linux distributions that have the features you need but with firewall and other security measures included.

Quote:
#!/bin/sh

# Define External and Internal Interfaces.

EXT='eth0'
INT='eth1'
INT2='eth2'

# Ensure ip_forwarding is enabled.
echo 1 > /proc/sys/net/ipv4/ip_forward

# Clear the IP Tables, NOTE: This will flush ANY firewall rules you have in place already on the machine if you
# need your existing rules you will need to integrate the iptables commands to allow it.
echo Flushing IP Tables
/sbin/iptables -F

# Enable NAT (Masquerade) for the Internal interfaces to the external interfaces.
echo Setting up Masquerade

# Enable NAT
/sbin/iptables -t nat -A POSTROUTING -o $EXT -j MASQUERADE

# Enable the network eth1
/sbin/iptables -A FORWARD -i $EXT -o $INT -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i $INT -o $EXT -j ACCEPT

# Enable the network eth2
/sbin/iptables -A FORWARD -i $EXT -o $INT2 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i $INT2 -o $EXT -j ACCEPT

# Display the IP tables configuration
/sbin/iptables -L

# I have used a program called dnsmasq, this allows the gateway to accept DNS requests for clients on the local network
# and to proxy them to your ISP DNS servers so the internal clients are able to resolve IP's. Your internal clients would
# Need to point to the IP address of the gateway for their network for DNS/nameserver requests.

service dnsmasq restart


All times are GMT -5. The time now is 06:37 AM.