Wednesday, December 19, 2007

DHCP Server @ Home

My wife's windows PC is connected to my Debian box with a crossover Ethernet cable. It was configured to use a fixed IP (10.0.0.4), and my box (10.0.0.2) serves as both its gateway and its DNS. This setup works fine, but I decided, in the interest of flexibility and control, to attempt to install a DHCP server on my box.

So here goes:
  1. install the DHCP server:
    apt-get install dhcp3-server
  2. edit /etc/dhcp3/dhcpd.conf and add the following at its bottom:

    host windows-pc {
    hardware ethernet 00:16:36:8E:92:3B;
    fixed-address windows-pc.home;
    }

    subnet 10.0.0.0 netmask 255.255.255.0 {
    option domain-name "home";
    option domain-name-servers machine-cycle.home;
    option routers machine-cycle.home;
    default-lease-time 28800;
    max-lease-time 28800;

    # Unknown clients get this pool.
    pool {
    max-lease-time 300;
    range 10.0.0.200 10.0.0.253;
    allow unknown-clients;
    }

    # Known clients get this pool.
    pool {
    range 10.0.0.5 10.0.0.199;
    deny unknown-clients;
    }
    }

    subnet 172.27.208.0 netmask 255.255.240.0 {
    }


    The first stanza (host) assigns an IP address (or a host name) to the specified MAC address. The second stanza (subnet) defines the properties common to all computers on the home network (at the moment it's just my wife's laptop). Note the use of address pools (this stanza was copied almost verbatim from the man page for dhcpd.conf). The last stanza defines a subnet associated with my cable modem with no properties or hosts - this allows the DHCP server to ignore requests originating from the cable modem network interface.

  3. (Re)start the DHCP server:
    /etc/init.d/dhcp3-server start
  4. Configure the firewall (if you're using one) to allow DHCP traffic. For Shorewall simply add the following lines to the /etc/shorewall/rules file:
    #       dhcpd
    ACCEPT loc $FW udp 67 68
    ACCEPT $FW loc udp 68 67
  5. Restart the firewall:
    /etc/init.d/shorewall restart

  6. On the windows machine disable the relevant network interface, and reconfigure it (right-click, properties, etc.) to get its IP address by DHCP and the same for DNS.
  7. Configure the firewall on the windows machine to allow traffic on the 10.0.0.x subnet (in ZoneAlarm this means that this subnet should be added to the trusted zone).
  8. Enable the network interface and verify that it acquires the correct IP address, gateway and DNS.

No comments:

Post a Comment