Mine is a 2 part question. The first one is... After reading my second question... am I going about this in a way that seems crrect?

Ok here is the situation:

I am on the technology staff at a college and we are wanting to put in a Linux server to limit the bandwidth to the dorms (4).
So our students that are distance learning can actually get connected. Morpheus and Kaza ad all of their buddies are choking us to death.


We have decided that the best way to do it without limiting our faculty/staff network is to put the server in place where all of the fiber lines from the dorms connect to the network.

What I was hoping to do is to set up a Redhat Linux 7.3 Server with 5 network cards in it to act as a Router/DHCP Server/Bandwidth Limiter/Firewall.

My question is what is the best way to set up a DHCP server so it gives for example 10.20.1.10 through 10.20.1.100 to the machines contacting the dhcp server through one NIC and give 10.30.1.10 through 10.30.1.100 the machines conecting through one of the other NIC ....etc?


Thanks for your help

Paul

whew, easy. I thought this was going to get into the actual bandwidth limiting. You're going to be running 5 seperate dhcp daemons, one per card, all with different dhcpd.conf files.

Say the dhcpd.conf file for the first subnet is named subnet1.conf, and has the following entry:

subnet 10.20.1.0 netmask 255.255.255.0 {
# --- default gateway
option routers 10.20.1.1;
option subnet-mask 255.255.255.0;

# option nis-domain "blahblah.edu";
# option domain-name "blahblah.edu";
option domain-name-servers 216.27.175.2,216.231.41.2; #don't use mine :P

option time-offset -5; # Eastern Standard Time
# option ntp-servers ;
# option netbios-name-servers 10.20.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
# option netbios-node-type 2;
range dynamic-bootp 10.20.1.10 10.20.1.100;
# default-lease-time 21600;
# max-lease-time 43200;
}

man dhcpd and you'll get all the field options that are cool. To invoke:

/sbin/dhcpd ethx -cf /directoryhere/subnet1.conf

It will then report back that its listening for requests on the device. x of course stands for the numeric of the card, should be 0-4. Create a different file for each subnet, put the invoke commands in rc.local so it brings the dhcpd servers up at boot, hook it up to a UPS just in case, and then wall it off in a bathroom and forget about it.

-Cheers

Finegan

Thanks Finegan I will give it a whirl.... Then I will have to get into the badwidth limiting thing...

I was able to write the config files and start up eth1 as a dhcp server but when I try the /sbin/dhcpd eth2 -cf /etc/subnet2.conf command it says that there is already a dhcp server running.

When I went ahead and put the commands one after another in my rc.local file it runs them but after the first one goes all of the rest go through it and give the error at the end that sya "dhcp server already running"

Is there a way I can start all of them at once pointing to diffrent configuration files?

Thanks


Paul

I'm an idiot, I should have known better than to post on something I had only seen running and hadn't set up myself. Its not a matter of 5 config files and 5 dhcpd servers, but 1 server, 1 big config file, and some weird arguments to dhcpd. I have to look this up to be of any help and twidle with the man pages.

I really must apologize, but I really must have posted out my ass. I should have something worked out (and tested) by later this evening.

Cheers,

Finegan

Okay, sorry for my egregious idiot attack before... the one dhcpd.conf file should have all of the subnet declarations in it. For instance:



subnet 10.20.1.0 netmask 255.255.255.0 {

# --- default gateway

option routers 10.20.1.1;

option subnet-mask 255.255.255.0;

option domain-name "blahblah.edu";

option domain-name-servers 216.27.175.2,216.231.41.2; #don't use mine :P

option time-offset -5; # Eastern Standard Time

range dynamic-bootp 10.20.1.10 10.20.1.100;

}

subnet 10.20.2.0 netmask 255.255.255.0 {

# --- default gateway

option routers 10.20.2.1;

option subnet-mask 255.255.255.0;

option domain-name "blahblah.edu";

option domain-name-servers 216.27.175.2,216.231.41.2; #don't use mine :P

option time-offset -5; # Eastern Standard Time

range dynamic-bootp 10.20.2.10 10.20.2.100;

}



To build this out of the all of those files I told you to build just do this:



cat subnet2.conf >> subnet1.conf

cat subnet3.conf >> subnet1.conf



blah blah blah repeat 3 times until all of the subnets are in the one conf file.



Make sure all of the NIC are ifconfig'd to have an address on the subnet they'll be serving addresses to. They of course, do not necessarily have to be the same address as the router you are specifying in the first field of each subnet declaration.



Then:



dhcpd eth0 eth1 eth2 eth3 eth4 -cf /wherever/subnet1.conf



The output should look something like this: (my test run was with 2 cards)



root@tenacious:~# dhcpd eth0 eth1 -cf /root/dhcpd.conf

Internet Software Consortium DHCP Server 2.0

Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium.

All rights reserved.



Please contribute if you find this software useful.

For info, please visit http://www.isc.org/dhcp-contrib.html



Listening on LPF/eth1/7b:7b:7b:7b:7b:7b/192.168.1.0

Sending on LPF/eth1/7b:7b:7b:7b:7b:7b/192.168.1.0

Listening on LPF/eth0/00:a0:24:6b:18:95/192.168.0.0

Sending on LPF/eth0/00:a0:24:6b:18:95/192.168.0.0

Sending on Socket/fallback/fallback-net



There you go. Sorry for the confusion earlier man and the fact this took me a while to throw out... I had to go see Lord of the rings.



-Cheers



Finegan

Also, it just occured to me that you might want to post the second half of this questions to the security part of the forum as to what would be a solid iptables firewall rules-set that would at least be a solid firewall for forwarding... they might also be able to help you with bandwidth limiting on the typical kazaa, gnutella ports (63000-ish?). IPtables I know a little about, but I mastered chains and all my servers still run on 2.2 kernels (not broke, why fix?). Limiting I'm a babe in the woods. Make sure to be as specific as possible so as to keep the forum moderators from considering it a double post. (That's not a good thing around here.)

Thanks so much for all your help on this Finegan. Don't worry about the earlier post, I learned a few things from it.

I put all of the files into one file and started them all in rc.local and they work! All of them but my last nic wich happens to be ISA and I havent really verified that is has ever worked.

I'll check out some man pages and how-to's to see if there is anything special that should be done for an ISA nic.

Thanks so much again for your help.


Oh and by the way... I saw The Lord of The Rings last night as well. I would have to say that I was quite pleased.

Long live Frodo and Finegan!



Paul