Anyway to run DHCP without Shorewall?

Psykoral · 06-20-2003, 10:37 AM

I'm running Mandrake 9.1 and thier DHCP server setup automatically runs Shorewall. I have no need for a firewall, infact it's more of a headache then it's worth at this point.

When I turn shorewall off all the rest of the machines on the network have no internet access at all...

My Setup is pretty standard...
eth0 connects to my cable modem
eth1 connects to my hub, which several other windows machines dhcp from.

I just want to run DHCP without blocking ANY ports!!!!! Anyway to run it without Shorewall?!?!?

Psykoral · 06-20-2003, 11:43 AM

Sorry, I guess this more belongs in the "Security" Forum... I guess you can close this... Anyone have an ANSWER though?!?!?!?

moses · 06-20-2003, 11:58 AM

I have dhpcd running without a firewall of any kind. just edit /etc/dhcpd.conf and run /usr/sbin/dhcpd -- at least on my slack boxes, that's the way to do it -- I assume dhpcd is hiding in the same place on Mandrake.

Psykoral · 06-20-2003, 12:07 PM

Well, thank you for your assistance, however I'm not exactly sure what you mean... I've been around linux for some time now, but this FIrewall and DHCP stuff is all new to me. Could you be a bit more descriptive, maybe even post examples of what your refering to as far as what settings I should have in the dhcpd.conf, etc ...

moses · 06-20-2003, 03:16 PM

You need to read the following man pages:
dhcpd
dhcpd.conf
Blindly copying configuration files will just get you into trouble, things can be very site specific. There are numerous examples in the dhcpd.conf man page, some of which are, actually, usefull. Once you've edited /etc/dhcpd.conf to your satisfaction, you run (as root) /usr/sbin/dhcpd. It's a relatively smart daemon and will probably tell you if the settings are grossly wrong. If you've already set up your firewall and dhcpd stuff using shorewall, you may not have to bother with editing /etc/dhcpd.conf.
Once you've decided that the settings are right, you may want to make dhcpd run at startup. To do this, you have to add it to the startup scripts. There is probably some GUI config tool that will "help" you do this, but if you want to be certain it works, you can edit files in /etc/sysconf and /etc/rc#.d (# is a number, probably 3 for you).

Psykoral · 06-20-2003, 03:37 PM

No one said anything about blindly copying configurations, I just wanted an example to see how a proper 2 eth card setup would look like.

Those man's are pages and pages long and go into the creation of the center of the universe and who knows what... all it did was confuse me more.

I learn best by seeing a correct example, and then from there I can learn what does what and make changes on my own...

Does anyone have a working dhcpd.conf example of a DHCP server running eth0 to the net and eth1 locally with no firewall invloved?

moses · 06-20-2003, 04:41 PM

Code:

# dhcpd.conf
#
# Configuration file for ISC dhcpd (see 'man dhcpd.conf')
#

# Standard configuration directives...
allow booting;
allow bootp;


ddns-update-style none;
option domain-name "valhalla.org";
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option domain-name-servers 128.196.11.233;
option routers 192.168.0.2;
option vendor-class-identifier "PXEClient";
option vendor-encapsulated-options ff;
filename "pxelinux.0";


subnet 192.168.0.0 netmask 255.255.255.0 
{
  range 192.168.0.176 192.168.0.224;
  default-lease-time 600;
  max-lease-time 7200;
}

# Group the PXE bootable hosts together
group
{
  use-host-decl-names           on;
  option vendor-class-identifier "PXEClient";
  # PXE-specific configuration directives...
  next-server 192.168.0.2;
  option root-path "/export/root";
  filename "pxelinux.0";

  host Libretto
  {
    hardware ethernet 00:00:XX:XX:XX:XX;
    fixed-address 192.168.0.175;
  }
}