LinuxQuestions.org - Questions around a home webserver DHCP and using Linux as Router

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - Questions around a home webserver DHCP and using Linux as Router (https://www.linuxquestions.org/questions/linux-networking-3/questions-around-a-home-webserver-dhcp-and-using-linux-as-router-159378/)

Questions around a home webserver DHCP and using Linux as Router

Greetings - I'm a Newbie BUT I've been messing with Suse Linux for a while
and now have some questions as I want to get more indepth.....

Basically I'm looking to do/figure out several inter- related things -
namely I have an interest in getting more into Linux - and I have this
Art/Book thing that I'm working on and want to make in to a website
to be able to direct parties I want to approach about publishing....
- so I'm not looking for any real traffic unless someone is directed
there by me.

What I'm looking to do -

Put 2 Nic cards in the Linux box and make it the router on my front end -
Make a DHCP client to Roadrunner (Cable Modem Company) via one NIC card-
Make the other the DHCP server for the rest of my house (is this science fiction on my part)
and somehow bridge the 2.

Also - I run a basic D-link Router on the Front BUT now but want to put that behind the Linux
box as well.The in my imagination would look to the Linux DHCP server for its DHCP info -

I've installed :
Apache2
Tomcat
Java SDK w/ Netbeans

SO I'm now looking to set up a webserver on the Linux box -

I'm looking to -
register a domain name (which I've done in the past) (www.mindlitter.com)

BUT I want to run this whole thing myself from home
So I want to set up Apache to work with another domain name of my choosing

I have questions around how do I get around
the Roadrunner IP address changing/updating
if I register a domain name? I've had the same
IP address for a couple years - but if it changes
or starts changing all the time (who knows with RR)
- Is it possible to update/automate the changing of
the IP address so if someone types in www.mywebsite.com
they'll still get in - etc....

Anybody out there have Recipes on what I'm rambling on about here?

Thanks for any pushes in the right direction -
:newbie:

Hi drifter,
I don't know if I got you well, but I couldn't help replying. Routing my win98 box was the major issue, when I migrated to linux. And we both have similar hardware/internet isp.
First time trying, two years ago, I installed mandrake 8.2, and messed around. I could route the win box, but the dhcp config was a pain. I had to call the cable company everytime and ask them to renew my ip. I couldn't do that locally, don't know why. I was dualbooting, and from linux to win I could grab an IP. from win to linux I couldn't.
Decided to erase mandrake, and gave sometime. Got back to win.

One year later I installed redhat 8.0. I was impressed at first time with it. But the dhcp issue remained. After a few weeks I figured out that dualbooting itself was a problem, although the only way to try linux. Dualbooting raises a few issues that would be absent, if linux was to be standalone. Therefore, any problems dualbooting are not to be considered when using linux alone.
Redhat lasted for some time more, upgraded to 9.0, and then I finally erased it.
After all that, back in july/august last year, I was reading a review comparing all major distros, about stability and easiness, user-experience, etc...
The reviewer said that suse was to have the best hardware support for linux. Cool! I had never tried suse. I read a few more about it, and decided to go get it.
Well, from september 2003 to now I am using it. And in january this year I finally stopped dualbooting, suse is standing alone here. I am very satisfied with it.

After all that history, here you go:

"Put 2 Nic cards in the Linux box and make it the router on my front end -
Make a DHCP client to Roadrunner (Cable Modem Company) via one NIC card-
Make the other the DHCP server for the rest of my house (is this science fiction on my part)
and somehow bridge the 2."

First install the two nic's. Then, when installing suse, it will ask you how to config both. You can select dhcp for the first. As to the dhcp server for your internal, if your intranet is small (2-3 machines) I would recommend setting static IP (192.168.etc etc). But you can set a dhcp server as well. Just run the runlevel editor inside yast2 and bring up the service (easy!).

Bridging both cards is possible. But the config can be a bit tricky. You have to enable "IP forward" with yast2. If it works promptly, good. Sometimes you have to edit a few files. I can give you more detail, if you wish. My current setup is forwarded, and the win98 machine has access to the internet through the suse box.

****

"Also - I run a basic D-link Router on the Front BUT now but want to put that behind the Linux
box as well.The in my imagination would look to the Linux DHCP server for its DHCP info -"

Hmmm... I'm not sure. Why can't you just remove it? Isn't linux doing its job instead?

****

"I've installed :
Apache2
Tomcat
Java SDK w/ Netbeans

SO I'm now looking to set up a webserver on the Linux box -"

The intranet can browse it just by IP. It's faster and more secure.

*****

"I have questions around how do I get around
the Roadrunner IP address changing/updating
if I register a domain name? I've had the same
IP address for a couple years - but if it changes
or starts changing all the time (who knows with RR)
- Is it possible to update/automate the changing of
the IP address so if someone types in www.mywebsite.com
they'll still get in - etc...."

Have you considered installing something like the "myip.com" stuff? There are redirecting services designed to do just that, redirect traffic to machines with dynamic ip. Take a look.

Post again, if you wish!
regards,

Bruno

Appreciate the history - mine goes REDHAT 8 -> RH 9 -- pain in the but to update dumped it interested again tried Unix SCO ---> FreeBSD ---> PC hard drive Blew up ---> let's try something German ----> SuSe

The rest of my home network is Win2K (wife and kid users on 3 other boxes)

//My responses:

"Bridging both cards is possible. But the config can be a bit tricky. You have to enable "IP forward" with yast2. If it works promptly, good. Sometimes you have to edit a few files. I can give you more detail, if you wish. My current setup is forwarded, and the win98 machine has access to the internet through the suse box. "

// I'd like that detail if you're will to provide it.

"First install the two nic's. Then, when installing suse, it will ask you how to config both. You can select dhcp for the first. As to the dhcp server for your internal, if your intranet is small (2-3 machines) I would recommend setting static IP (192.168.etc etc). But you can set a dhcp server as well. Just run
the runlevel editor inside yast2 and bring up the service (easy!)."

//Thank you

****

"Also - I run a basic D-link Router on the Front BUT now but want to put that behind the Linux
box as well.The in my imagination would look to the Linux DHCP server for its DHCP info -"

Hmmm... I'm not sure. Why can't you just remove it? Isn't linux doing its job instead?

// The intranet network speed dumbs down to the Roadrunner network speed 10kbs when running on a net hub - I switched to a router to get around that (so the kids could play Counterstrike against each other etc.)

I'm trying to keep that intact (for whatever reason - and want to move the Linux box to the FRONT so when I do the webserver I know its the frontend of the system etc - seems cleaner to me (in my mind).

****

"I have questions around how do I get around
the Roadrunner IP address changing/updating
if I register a domain name? I've had the same
IP address for a couple years - but if it changes
or starts changing all the time (who knows with RR)
- Is it possible to update/automate the changing of
the IP address so if someone types in www.mywebsite.com
they'll still get in - etc...."

Have you considered installing something like the "myip.com" stuff? There are redirecting services designed to do just that, redirect traffic to machines with dynamic ip. Take a look.

// Will do on the myip.com Thanks for the tip.

Post again, if you wish!
regards,

Bruno

Hi drifter!
Liked your story! I tryied freeBSD 4.7 too, but the install cd froze at detecting my eth card, so I aborted. It's a shame I don't have a test-only machine. All these installs and test-drives on linux I made on my production machine. That's quite scaring! Now I am only running ONE system on it, and I am trying to not be seduced by others....
But, if things go ok, next saturday I'll put my hands on a 486 DX2, to play around with. It's gonna be funny to search for a linux suited to it.

****

Here are the details about IP forwarding:

I am assuming that you are running suse 9.0, and you did a complete install, with kde/gnome/flux*, server software, etc...(by the way: suse is an impressive mass of rpm's. If you have enough space, try installing the most rpm's you can. This way, it'll never ask for libs or give dep problems. The best time to solve that is at install time):

1. Try first the easiest way. Enable IP forward on yast2 network configuration. After that, ping the machines. If it doesn't work (it's possible):

2. Take a look at this link (http://www.tldp.org/HOWTO/Masquerading-Simple-HOWTO/). It's a mini howto, detailing the most simple case of ip forwarding, for home networks. Good for us. It's really very simple and straightforward. If you can be able to issue the commands it explains, you allow IP forward for that session (just pay attention to edit the correct names for your devices). To allow IP forward permanently, just add the command lines to a script and insert it to the boot process. If you wish, I can send you mine, but you'll have to edit for your particular case.

To config suse to run the script at boot time, first save the script to /etc/init.d (as root). Then, open yast2 and choose runlevel editor. Change it to advanced mode, choose the script from the list and check the checkboxes from runlevels 3 and 5. That's what I did.

You can take a look at this, too:
http://www.networknewz.com/2002/0424.html (scroll the page down).
It's simple and easy.

I suppose you'll have to look for ways to open ports for the services you want to run. I didn't go trough that, but it's not difficult.

Please post if it works!
Cheers,

Bruno

Hi again - OK its the weekend so now I am taking the time to dive into this -

I am doing this via Yast2
I'm not opposed to using emacs to edit a file it's just that I have to know EXACTLY what I'm editing to change items.

I have both network cards installed:

eth0 - is what connected (network cable) (in) to what I would call the front end

eth1 - is connected (network cable) (out) to the internal network

They both are set tp DHCP enabled - and I've tried forcing the eth1 to be static instead 192.168.0.100

(have I mentioned I'm stuck)

The front end piece works (eth0) - I can get on the net (thus this note)

The backend (the out piece (eth1)) goes to a dlink router that has 4 other PC's on it (in the house) and (the router) is not able to find the net via DHCP.

I've tried

eth1 both DHCP enable and static

etho as both Ipfowarding or not

***
next part (where I think the problem lies)
***

DHCP server
I'm trying to configure this within YAST2

I'm thinking the NIC configureed to be the server point is eth0
so its reading the net - and eth1 should look to it to get its information
(does that make any sense)

Please note that the DHCP server is configured to be enabled
when I start the system

general issues and items

1. Any thoughts on why I get the error message starting up Yast
"Timeout when trying to execute 'su'."

2. Do you have any resourse on exactly DHCP server should be set up
there are many prompts/choices but nothing to really set as 'default' and the log keeps giving me error after error I'm just not sure what to fill in

3. I was wondering if you could cut and paste in your dhcpd.conf file for me to look at (with your real external IP's entered as X's of course) to give me an idea/template for how it should look

4. The IP masquesrading How to appears helpful - but only confused matters more (I think)

Thanks again for any help.

I have both network cards installed:

eth0 - is what connected (network cable) (in) to what I would call the front end

Should be configured to get address via dhcp.

eth1 - is connected (network cable) (out) to the internal network

Should be configured with static ip eg 192.168.0.250

dhcp.conf should be something like
********************************************************
default-lease-time 600;
max-lease-time 7200;
ddns-update-style ad-hoc;

# option definitions common to all supported networks...
option domain-name "cosmos";
option domain-name-servers 192.168.1.250;
option broadcast-address 192.168.1.255;
option routers 192.168.1.250;
option subnet-mask 255.255.255.0;

authoritative;

subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.5 192.168.1.20;
range 192.168.1.100 192.168.1.200;
}

You can also add fixed ips at this point if you want each machine to have a name.
***********************************************************

I have also flicked the firewall that comes with suse and use arnos ip-tables firewall.

you can download from here http://rocky.molphys.leidenuniv.nl/. It is fairly easy to install and configure and provides great logging.

This is the key to accessing the net through your gateway. The firewall configures the ip-forwarding and ip-masquerading.

I hope this is of some assistance. I do not use adsl just 56K dialup.

Thanks Roy -

Can you define this a bit more -

"option domain-name "cosmos";"

Is this an arbitrary name you've given your system or do I need
to create Cosmos (or some other word) in some other table first?

and

Can you give my the specifics on how you 'flicked' Suse's fire wall? Did you just disable it through the runlevel editor?

Hi drifter and royb,
Sorry for delaying! Been down for a while, due to a hdd crash. I recommend to nobody! It's ugly!
The points that popped to my attention were:

"The backend (the out piece (eth1)) goes to a dlink router that has 4 other PC's on it (in the house) and (the router) is not able to find the net via DHCP."

How do you talk to the router? Is there any terminal or the like? Can you re-program the router?
Did you try setting the router to search for the gateway (the linux box) as a static IP (192.168.0.100)? I was thinking that linux was to be the router. Therefore, you could use just a hub, instead of a switch.
I'm not sure, but I think that you can't deploy a router behind a dhcp server. Besides, there will be one more daemon running on your box, one more concern on patches and updates, and from time to time, the intranet machines will request attention from the linux box. Static IP's are less resource-consuming, in this case. And take less time to boot.
And, if you have few machines, there's no need of dynamic IP's. Setting static IP's is simpler.
Why don't you try setting like this:
1 - Set the eth0 linux to grab IP with dhcp client. This should be easy.
2 - Set the eth1 to 192.168.0.1 (just to make things clearer. If you prefer ....100, it's ok, too).
3 - Set the router to use gateway=192.168.0.1 (the linux machine will be seen by the intranet only by it's static intranet ip.
4 - Set the intranet machines in the range 192.168.0.2; ...0.3; ...0.4 etc...

1 and 2 should be easy acomplished by yast2.
3 I don't know.
4 should be set on each machine. control panel in win*.

I can paste a copy of my configs, but I'm not sure it's gonna work for you, as my intranet use only two computers connected by a crossover cable, no switch, no hub. The linux pc is the router. Do you still want it?

Hi Bruno or ROYB -

I have gone with a cut and paste of RoyB's dhcpd.conf and still have errors
around no inferface listening etc. - and I changed cosmos to something else - but ----->

Lets go back to this - I think this is where I'm falling down :o

From Bruno -
"2. Take a look at this link (http://www.tldp.org/HOWTO/Masquerading-Simple-HOWTO/). It's a mini howto, detailing the most simple case of ip forwarding, for home networks. Good for us. It's really very simple and straightforward. If you can be able to issue the commands it explains, you allow IP forward for that session (just pay attention to edit the correct names for your devices). "

Can you decipher this part for me on page 2 ?

***
Assuming external internet card is eth0,
and external IP is 123.12.23.43
and the internal network card is eth1,
then:

$> modprobe ipt_MASQUERADE # If this fails, try continuing anyway
$> iptables -F; iptables -t nat -F; iptables -t mangle -F
$> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 123.12.23.43
$> echo 1 > /proc/sys/net/ipv4/ip_forward
***

A
I don't see a reference to eth1 ????

B
In regards to
"123.12.23.43"
How does that work under DHCP? I would think it changes all the time.
OR do I have it wrong and
"123.12.23.43" actually equals the static IP I've assigned to Eth1 192.168.1.0

AND it you have the patience

I'd like to know more about this -

"To allow IP forward permanently, just add the command lines to a script and insert it to the boot process. "
Thanks again -

Hi drifter,
Today I reinstalled all my system agan on a new hdd (still the hdd crash thing) and I must say that, this time, SuSE enabled ip forward for me just by clicking inside yast windows, no editing at all! I don't know if I'm getting intimacy with SuSE, but I got VERY happy not to edit sys files.
So, I have it fresh on memory, the steps I did were:
- Install everything.
- Config network: I told suse eth0 was the external interface. I guess it assumed eth1 was the internal one.
- I told it to enable firewall, and "do masquerading". Masquerading is performed by the susefirewall. You can enable it by issuing "rcSuSEfirewall start" at the terminal (as root). But first you have to tell yast to do masquerading.

Why don't you try to test the other machines inside your intranet? I feel it's something with the router. If you have a crossover cable, try connecting only one machine at the suse eth1, and test the link. That way you can unmistakenly know if suse is ip_forwarding.

I really recommend you to try and set routing just through yast2. There's a firewall module, under "security and users", I guess. There's this option "Forward traffic and do masquerading". I guess when it's enabled, it writes iptables lines such as those from the howto. You should really try.

*******
Let's see:

"I don't see a reference to eth1 ????"

I don't see either. I guess linux is assuming eth1 as the external.

******

"In regards to "123.12.23.43" How does that work under DHCP? I would think it changes all the time. OR do I have it wrong and "123.12.23.43" actually equals the static IP I've assigned to Eth1 192.168.1.0"

Well, it is said that 123.12.23.43 is the external IP. So, it can't be assigned to eth1.
This is my interpretation of the command lines:

$> modprobe ipt_MASQUERADE # If this fails, try continuing anyway

Load the ipt_masquerading modules.

$> iptables -F; iptables -t nat -F; iptables -t mangle -F

Just routine, flush iptables rules, keep things clear.

$> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 123.12.23.43

This line will do the trick. It tells iptables to apply nat (network address translation, or "masquerading") and use the postrouting table to route outgoing packets being routed through the box, and also tells that the external is 123. etc etc.

$> echo 1 > /proc/sys/net/ipv4/ip_forward

No idea. On my system this is an empty document.

********

Additionally, you can compare the output of your "lsmod" command with mine (notice the modules mentioned at the lines above):

Module Size Used by Tainted: P
bttv 76384 1 (autoclean)
snd-pcm-oss 49344 0 (autoclean)
nls_iso8859-1 2844 0 (autoclean)
vfat 11052 0 (autoclean)
fat 32792 0 (autoclean) [vfat]
snd-mixer-oss 15576 1 (autoclean) [snd-pcm-oss]
tuner 10856 1 (autoclean)
i2c-algo-bit 7944 0 (autoclean) [bttv]
i2c-core 15492 0 (autoclean) [bttv tuner i2c-algo-bit]
videodev 6272 4 (autoclean) [bttv]
agpgart 45752 3 (autoclean)
nvidia 1628480 11 (autoclean)
st 29648 0 (autoclean) (unused)
sr_mod 14616 0 (autoclean)
sg 35232 0 (autoclean)
isa-pnp 32712 0 (unused)
usbserial 19836 0 (autoclean) (unused)
usbcore 64364 0 (autoclean) [usbserial]
parport_pc 28648 1 (autoclean)
lp 6304 0 (autoclean)
parport 25608 1 (autoclean) [parport_pc lp]

***
*** These are the ones I suppose are envolved:
***

ipt_TCPMSS 2392 1 (autoclean)
ipt_TOS 1048 18 (autoclean)
ipt_MASQUERADE 1368 1 (autoclean)
ipt_state 568 80 (autoclean)
ipt_LOG 3384 102 (autoclean)

*** end
***

snd-seq-oss 30048 0 (autoclean)
snd-seq-midi 5088 0 (unused)
snd-emu10k1-synth 6396 0
snd-emux-synth 31484 0 [snd-emu10k1-synth]
snd-seq-midi-emul 5376 0 [snd-emux-synth]
snd-seq-virmidi 4040 0 [snd-emux-synth]
snd-seq-midi-event 3840 0 [snd-seq-oss snd-seq-midi snd-seq-virmidi]
snd-seq 41424 3 [snd-seq-oss snd-seq-midi snd-emux-synth snd-seq-midi-emul snd-seq-virmidi snd-seq-midi-event]
snd-emu10k1 78916 5 [snd-emu10k1-synth]
snd-pcm 74116 0 [snd-pcm-oss snd-emu10k1]
snd-timer 17056 0 [snd-seq snd-pcm]
snd-rawmidi 15776 0 [snd-seq-midi snd-seq-virmidi snd-emu10k1]
snd-page-alloc 6676 0 [snd-emu10k1 snd-pcm]
snd-util-mem 1696 0 [snd-emux-synth snd-emu10k1]
snd-seq-device 4528 0 [snd-seq-oss snd-seq-midi snd-emu10k1-synth snd-emux-synth snd-seq snd-emu10k1 snd-rawmidi]
snd-ac97-codec 45304 0 [snd-emu10k1]
thermal 6180 0 (unused)
processor 8280 0 [thermal]
snd-hwdep 5408 0 [snd-emu10k1]
snd 40388 4 [snd-pcm-oss snd-mixer-oss snd-seq-oss snd-seq-midi snd-emu10k1-synth snd-emux-synth snd-seq-midi-emul snd-seq-virmidi snd-seq-midi-event snd-seq snd-emu10k1 snd-pcm snd-timer snd-rawmidi snd-util-mem snd-seq-device snd-ac97-codec snd-hwdep]
fan 1472 0 (unused)
button 2380 0 (unused)
soundcore 3940 0 [bttv snd]
battery 5600 0 (unused)
ac 1696 0 (unused)
raw1394 18288 0 (unused)
ieee1394 188260 0 [raw1394]
af_packet 13168 1 (autoclean)
8139too 15084 2
mii 2640 0 [8139too]
ip6t_LOG 3736 2 (autoclean)
ip6t_REJECT 1528 3 (autoclean)

***
*** These are the ones I suppose are envolved:
***

ip6table_mangle 2744 0 (autoclean) (unused)
ipt_REJECT 3288 3 (autoclean)
iptable_mangle 2168 1 (autoclean)
iptable_filter 1708 1 (autoclean)
ip_nat_ftp 2992 0 (unused)
iptable_nat 16366 2 [ipt_MASQUERADE ip_nat_ftp]
ip_conntrack_ftp 3920 1
ip_conntrack 18084 3 [ipt_MASQUERADE ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ip_tables 11328 11 [ipt_TCPMSS ipt_TOS ipt_MASQUERADE ipt_state ipt_LOG ipt_REJECT iptable_mangle iptable_filter iptable_nat]
ip6table_filter 1804 1 (autoclean)
ip6_tables 12148 4 [ip6t_LOG ip6t_REJECT ip6table_mangle ip6table_filter]
ipv6 227264 -1 (autoclean) [ip6t_REJECT]

*** end
***

key 70456 0 (autoclean) [ipv6]
ide-scsi 11056 0
scsi_mod 100788 4 [st sr_mod sg ide-scsi]
ide-cd 32416 0
cdrom 29216 0 [sr_mod ide-cd]
lvm-mod 64996 0 (autoclean)
dm-mod 46928 0 (unused)
reiserfs 217908 4

This is no definitive answer, but it can be helpful, if you think the problem is the suse config. Is there much difference compared to yours?

*************

At last:

"To allow IP forward permanently, just add the command lines to a script and insert it to the boot process. "

If the commands you issued at the terminal were able to do forwarding, if you reboot the computer, you'll loose the feature, unless you add the forwarding commands to the boot process.
You can do that by creating a shell script with the same commands and saving it properly.

1. As root, open a text file from your favorite editor (mine is kwrite).
2. Type the first line as follows (exactly):

#! /bin/sh

3. Now type the ip forwarding commands. One by line. And an "echo" line, for the script to give any output in the screen during runtime, say:

echo "Running ip forward script"

4. Save the document as root, in /etc/init.d/
5. Give it execution permission.
6. Now open yast2, go to runlevel editor.
7. Ask to change to advanced mode.
8. You'll see your script there, and you'll be able to check the boxes underneath, to start the script at levels 3 and 5 (it's a good choice). Next time you reboot, you'll see your script being executed at boot time.

**** But first, try setting masquerading at the firewall module, inside yast2 ******

Thanks again -

You're welcome.
But let thanks to be said when we get to make forward function properly!

Cheers!

I will review thanks!

after much hair pulling I believe I have it down to this.

eth0 is set as DHCP client - it connects to internet fine

The dlink router on the LAN side the 3 PC's see each other
on the WAN side I have set it to Statis IP off of DHCP on the
device itself - because I'm a dummy I hav configured it as follows
(all guesses)
IP Address 192.168.0.100
sub net mask 255.255.255.0
ISP gatewat 192.168.0.100
Primary DNS 192.168.0.100
MTU 1500

(I will try putting this back to DHCP once I resolve the problem
below)

HOWEVER!
Here's where I'm really stuck
eth1 is connected to the dlink router
when I configure dhcp server I keep
getting this error :

************
Starting DHCP server Internet Software Consortium DHCP Server V3.0.1rc12
Copyright 1995-2003 Internet Software Consortium.
All rights reserved.
For info, please visit http://www.isc.org/products/DHCP
Internet Software Consortium DHCP Server V3.0.1rc12
Copyright 1995-2003 Internet Software Consortium.
All rights reserved.
For info, please visit http://www.isc.org/products/DHCP
Wrote 0 deleted host decls to leases file.
Wrote 0 new dynamic host decls to leases file.
Wrote 0 leases to leases file.

No subnet declaration for eth1 (192.168.0.100).
** Ignoring requests on eth1. If this is not what
you want, please write a subnet declaration
in your dhcpd.conf file for the network segment
to which interface eth1 is attached. **

Not configured to listen on any interfaces!

***********

Needless to say I can't find examples anywhere that I have looked on exactly what or where this is suppose to go in the dhcpd.conf file.

" subnet declaration in your dhcpd.conf file for the network segment
to which interface eth1 is attached "

All of this is very squirrely - and I've found that a lot of the info out there is over 3 years old!!!

Hi drifter,
I'll try to be straightforward:

"eth0 is set as DHCP client - it connects to internet fine"

So far, so good.

" The dlink router on the LAN side the 3 PC's see each other
on the WAN side I have set it to Statis IP off of DHCP on the
device itself - because I'm a dummy I hav configured it as follows
(all guesses)
IP Address 192.168.0.100
sub net mask 255.255.255.0
ISP gatewat 192.168.0.100
Primary DNS 192.168.0.100
MTU 1500"

Don't go this way. It's much more difficult and unnecessary.
Instead, set static IP's for the internal machines.

SuSE eth1: static 192.168.0.100 Mask: 255.255.255.0

Local Machine 1: static (disable dhcp on win control panel tcp/ip properties): 192.168.0.101 Mask: 255.255.255.0
Local Machine 2: static (idem): 192.1658.0.102 Mask: 255.255.255.0
Local Machine 3: static (idem): 192.1658.0.103 Mask: 255.255.255.0
Local Machine 4: static (idem): 192.1658.0.104 Mask: 255.255.255.0
Local Machine 5: static (idem): 192.1658.0.105 Mask: 255.255.255.0

Gateway for every local machine: eth1's IP.

Also, disable ANY dhcp server running. You wont run dhcp server. The only dhcp related stuff is a client running at eth0.

Did you go to yast2 firewall module?

Post if it works.

I'm at work and will attempt when I go home tonight - I'm US-Eastern Standard Time.

1
I am going to set the dlink router back to DHCP

2
I now believe that the issue is in dhcpd.conf and eth1

I'm going to set the static IP on eth1 to 192.168.0.1
and
on the dhcpd.conf I think I need to set up eth1
as a HOST with something like

host eth1 [
hardware ethernet 1:(eth1's mac address)
}

Do you think I need to put a RANGE in there as well?

3
And do what you stated on the firewall

OK - (Still stuck)

I set the router back to DHCP

The dhcpd.conf configurator is still giving me the subnet error/not listening on any interfaces - here is mt ifconfig and the dhcpd.conf

Do you see anything wrong

( I made change to eth0 IP and the MAC address)

local:/etc # ifconfig

eth0 Link encap:Ethernet HWaddr Z0:10:5A:CA:9F:86
inet addr: ??.??.999.999 Bcast:255.255.255.255 Mask:255.255.252.0
inet6 addr: fe80::210:5aff:feca:2f86/64 Scope:Link
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:96298 errors:0 dropped:0 overruns:0 frame:0
TX packets:297 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:5880497 (5.6 Mb) TX bytes:35826 (34.9 Kb)
Interrupt:11 Base address:0x2000

eth1 Link encap:Ethernet HWaddr 92:60:8C:F2:08:9E
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::60:8cff:fef2:83e/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:1490 errors:0 dropped:0 overruns:0 carrier:1490
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:98581 (96.2 Kb)
Interrupt:11 Base address:0x20c0

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1307 errors:0 dropped:0 overruns:0 frame:0
TX packets:1307 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:109998 (107.4 Kb) TX bytes:109998 (107.4 Kb)

88888888888888888888888888888

local:/etc # cat dhcpd.conf
#
# This file was generated by YaST2.
#
# If you update it manually, YaST2 component for DHCP server
# configuration will rewrite it next time you use it.
#
# Creation time: Thu Mar 25 00:07:37 EST 2004
#

authoritative ;
ddns-update-style ad-hoc;
option subnet-mask 255.255.255.0;

subnet 255.255.255.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
}

host eth1 {
fixed-address 192.168.0.1;
hardware ethernet 92:60:8C:F2:08:9E;
option broadcast-address 192.168.0.255;
option subnet-mask 255.255.255.0;
}

local:/etc #

Well, drifter,
As you opted for dhcp-server, I think my experience won't be useful to you. I use static IP.
But the second line of your ifconfig output is evidently wrong:

inet addr: ??.??.999.999 Bcast:255.255.255.255 Mask:255.255.252.0

I guess suse is displaying this odd IP to call your attention, or something. IP numbers can grow only until 255 (8 bits). And interrogations are not welcome, either.

Hi Bruno -

Actually thats the eth0 card and its working fine ( did change the 999 items)
...the subnet 255.255.252.0 is issued to the eth0 as it it set up to be DHCP to my ISP.

Eth1 is the internal card.

What does this mean

"And interrogations are not welcome, either"

Easy one I missed when I was working on this. Did you relese and renew the IP addresses on the interanl boxes after initiating the DCHP service on eth1 (NIC serving internal net)?

My 1st post, questions to follow . . .

RedBeard55

Yep I did that (endlessly! :) )

Here's the latest - and further down where I ended up

DLINK's weak ass support - stated:

*************

Your Case ID is PTS23605516.

[Critical: Please do not change the subject line of your email when you reply. Leaving the subject line as it is will allow us to review your complete history and help us to better serve you.]

Date of Reply: 3/24/2004 8:16:51 AM

Products: DI-604
Operating System: Linux

To use your router as an access point/switch only, please follow the steps below:

Step 1 Do not use the WAN port.

Step 2 Depending on your network setup, you may need to change the LAN IP address of the router. The default is 192.168.0.1. If you are using another router, DHCP server, or Internet connection sharing software, change the LAN IP address of the router to an IP in your subnet. The LAN IP address must be static.

Step 3 Disable DHCP on the router. To disable DHCP, go into the routers configuration > Home > DHCP. Click Disable and then click apply.

Step 4 Your computer will not receive a DHCP address from you DHCP server so you will need to set the IP addresses statically on your computer.

To view the FAQ on how to set your IP address statically please visit: http://support.dlink.com/faq/view.asp?prod_id=1053

Should you require further assistance with your D-Link products, please reply to this message, or call toll free at 877-453-5465. Thank you for networking with D-Link.

**********

So basically you can't have a router behind a router ....

Heres what I settled on for all interested parties ...

Cable modem
to
HUB (old 4 port)

out of 2 ports a and b

a
out on one port to
Dlink Router for home network (set as DHCP)

b
into ETH0 (set up as DHCP)

and in addition -
OUT of ETH1 (now set as DHCP)
to a port on the DLINK router
so I can see it on my network neighborhood
and it will be easier to admin apache via Dreamweaver

So basically I gave up on the DHCP server on eth1 trying
to feed the dlink router

The End (?)

"Cable modem
to
HUB (old 4 port)

out of 2 ports a and b

a
out on one port to
Dlink Router for home network (set as DHCP)

b
into ETH0 (set up as DHCP)

and in addition -
OUT of ETH1 (now set as DHCP)
to a port on the DLINK router
so I can see it on my network neighborhood
and it will be easier to admin apache via Dreamweaver

So basically I gave up on the DHCP server on eth1 trying
to feed the dlink router"

****

1. My Terayon cable modem won't route, so I can't use that config. If yours can route, it's ok.

2. I thought you were doing like this:

internet >>> cbmodem >>> SuSE >>> DLink >>> PC's

3. Is everything working the way you wanted?

CableModem
V
V
V
V
Dumb HUB >>>.SuSE PC on eth1 (DHCP)
V ~
V ~
V eth1 (DHCP) (not necessary but a nice backdoor in)
V ~
V ~
DLINK--- >-----W2kPC1--->----W2kPC2--->---W2kPC3
(WAN in)

Is it working this way? If it is, discard the diagram below.

This is my final trial, drifter. I think you should do this:

Internet
V
V
V
CableModem
V
V
V
eth0 (dhcp)
SuSE (SuSe will do routing. Remove the dlink piece from the
assembly)
eth1 (static 192.168.0.1)
V
V
V
V
Dumb HUB
V V V
V V V
V V V
V V V
PC1 PC2 PC3 etc...

The hub has no IP. The PCn machines receive IP's 192.168.0.X, being X between 2 and 255.
Gateway for internal machines is eth1, you see? Gateway is 192.168.0.1.