On Thu, Jul 08, 2004 at 10:44:18AM +1000, James Gray wrote:
> Simon Males wrote:
> >
> >I am trying to serve dhcp out of eth2, eth0 is my optus internet
> >connection. Can i specify in dhcp which interface to use?
> >
> >syslog:
> >Jul 7 18:18:01 erupt dhcpd: No subnet declaration for eth0
> >(211.30.175.xxx).
> >Jul 7 18:18:01 erupt dhcpd: Please write a subnet declaration in your
> >dhcpd.con
> >f file for the
> >Jul 7 18:18:01 erupt dhcpd: network segment to which interface eth0 is
> >attached
> >.
> >Jul 7 18:18:01 erupt dhcpd: exiting.
> >
> ># more /etc/network/interfaces
> >auto lo
> >iface lo inet loopback
> >auto eth0
> >iface eth0 inet dhcp
> >auto eth2
> >iface eth2 inet static
> > address 192.168.6.1
> > netmask 255.255.255.0
> >
> ># more /etc/dhcpd.conf
> >option subnet-mask 255.255.255.0;
> >default-lease-time 600;
> >max-lease-time 7200;
> >
> >subnet 192.168.6.0 netmask 255.255.255.0 {
> > range 192.168.6.10 192.168.6.20;
> >
> >}
>
> I had a similar problem on my triple interface router/firewall box. It
> wants a declaration for each interface, but I only provide DHCP on the
strange my doesn't especially after I set the interface to listen on
> internal one. The way I got around it was to create two "empty"
> sections for the DMZ and Internet interface and configured the internal
> one how I wanted. Then I just added some iptables rules to drop DHCP
> requests/replies on the DMZ and Internet interfaces. Here's a sanitized
> version of my config file:
>
> >cat /etc/dhcpd.conf
>
> # dhcpd.conf
> #
> # Configuration file for ISC dhcpd
> #
>
> # option definitions common to all supported networks...
> option domain-name "mydomain.foo.bar";
> default-lease-time 7200;
> max-lease-time 14400;
>
> # Internal network - allocate addresses between .100-150
> subnet 10.0.0.0 netmask 255.255.255.0 {
> option ntp-servers 10.0.0.1;
> option time-servers 10.0.0.1;
> range 10.0.0.100 10.0.0.150;
> option domain-name-servers 10.0.0.1;
> option domain-name "mydomain.foo.bar";
> option routers 10.0.0.1;
> option subnet-mask 255.255.255.0;
> option broadcast-address 10.0.0.255;
> }
>
> # Internet interface - EMPTY, we dont provide DHCP!
> subnet 1.2.3.4 netmask 255.255.255.252 {
> deny unknown-clients;
> deny booting;
> }
>
> # DMZ interface - EMPTY, we dont provide DHCP!
> subnet 1.2.4.5 netmask 255.255.255.224 {
> deny unknown-clients;
> deny booting;
> }
>
> ### SNIPPED the static IP group ###
>
> <<< END OF /etc/dhcpd.conf >>>
>
> Then just block UDP+TCP ports 67/68 on the interfaces you DONT want to
> use DHCP.
>
> HTH
>
> Cheers,
>
> James
> --
> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
>
signature.asc
Description: Digital signature
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
