HowTo DHCP your Linux machine

Dear IsmailiaLUG members,

Secondly this article is about the DHCP server

Sure first you should to have the DHCP server in your Linux box
If you don't have it ,Use yum command to get it from the repository
other wise Download the source code ,extract it and then use ./configure ,make and make install
Or you simply download rpm from http://freshrpms.net/ or http://rpmfind.net/linux/RPM/

First i'l like to give you a background about What is DHCP SERVER
Dynamic Host Configuration Protocol (DHCP)
Automatically assigns IP addresses and other network configuration information subnetmask, broadcast address, GateWay etc to computers on a network
A DHCP client send a broadcast request to the DHCP server requesting an address

DHCP assignment:

1. Lease Request: Client broadcasts request to DHCP server with a source address of 0.0.0.0 and a destination address of 255.255.255.255. The request includes the MAC address which is used to direct the reply.
2. IP lease offer: DHCP server replies with an IP address, subnet mask, network gateway, name of the domain, name servers, duration of the lease and the IP address of the DHCP server.
3. Lease Selection: Client receives offer and broadcasts to al DHCP servers that will accept given offer so that other DHCP server need not make an offer.
4. The DHCP server then sends an ack to the client. The client is configured to use TCP/IP.
5. Lease Renewal: When half of the lease time has expired, the client will issue a new request to the DHCP server.

Note:
You should to be root to configure and run DHCP server
You Should to have this information
Ethernet ID (eth0 ,eth1,eth2,etc)
IP address ( Server Ip address that connected to the LAN )
Ethernet MAC address ( 00:00:00:0D:11:D4 )

You can know this information as following :
You will know all this information by using this command ( ifconfig -a )

The Magical file here named as " dhcpd.conf "
All work will be with this file " dhcpd.conf " ---> /etc/dhcpd.conf
You can before we start working with dhcpd.conf you can check a sample start up script for the DHCP server.
/usr/share/doc/dhcp-4.X/dhcpd.conf.sample
This file have every thing about DHCP configuration
We can do a tip ,
for easy configuration the file we can copy the sample file to /etc/dhcpd.conf
Using the following command
cp -f /usr/share/doc/dhcp-4.X/dhcpd.conf.sample /etc/dhcpd.conf
then open and modify the /etc/dhcpd.conf this will be easiest to configure
To run DHCP server it's so sample but you should to have background about networking specially ip range

lets start explain what inside the /etc/dhcpd.conf file and how to understand the file
The script will be written as follow

The ddns-update-style parameter
ddns-update-style style;
The style parameter must be one of ad-hoc, interim or none.
The ddns-update-style statement is only meaningful in the outer scope it is evaluated once after reading the dhcpd.conf file,
rather than each time a client is assigned an IP address, so there is no way to use different DNS update styles for different clients.


ddns-update-style none;
ddns-updates off;
option T150 code 150 = string;
deny client-updates;
one-lease-per-client false;
allow bootp;


subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.128 192.168.1.254; # Range of IP addresses to be issued to DHCP clients
interface eth1; #Assign the ethernet eth1 to be the ethernet who connected to LAN
option subnet-mask 255.255.255.0; # Default subnet mask to be used by DHCP clients
option broadcast-address 192.168.1.255; # Default broadcast address to be used by DHCP clients

option routers 192.168.1.1; # Default gateway to be used by DHCP clients
option domain-name "your-domain.org"; #Here to assign a domain name if you have
option domain-name-servers 40.175.42.254, 40.175.42.253; # Default DNS to be used by DHCP clients
option netbios-name-servers 192.168.1.100; # Specify a WINS server for MS/Windows clients.
# (Optional. Specify if used on your network)

# DHCP requests are not forwarded. Applies when there is more than one ethernet device and forwarding is configured.
# option ipforwarding off;

default-lease-time 21600; # Amount of time in seconds that a client may keep the IP address
max-lease-time 43200;

option time-offset -18000; # Eastern Standard Time
# option ntp-servers 192.168.1.1; # Default NTP server to be used by DHCP clients
# option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless you understand Netbios very well
# option netbios-node-type 2;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

# We want the nameserver "ns1" to appear at a fixed address.
# Name server with this specified MAC address will receive this IP.

host ns1 {
next-server ns2.your-domain.com;
hardware ethernet 00:02:c3:d0:e5:83;
fixed-address 40.175.42.254;
}

# Laser printer obtains IP address via DHCP. This assures that the
# printer with this MAC address will get this IP address every time.

host wkstn1 {
hardware ethernet 00:00:00:0D:11:D4;
fixed-address 192.168.1.1;
}
}

---------------
Each bit of information a DHCP server leases to a client is known as an "option."
Some options are considered to be "global," meaning that each DHCP client in the local network will receive that option as part of their lease.
Some options are should to be in the same ip range such as subnet.
subnet 192.168.1.0
For example, the option for the IP address of the default gateway Shold to be as ip range in the local network
option broadcast-address 192.168.1.255;
option routers 192.168.1.1;
as a default gateway must live on the same subnet as the client.
the options are considered to be "global,"
option domain-name-servers 40.175.42.254, 40.175.42.253;
as every computer in the network will share the same domain name and will use the same DNS servers.
option domain-name "your-domain.org";

Some DHCP client software requests a lease time.
the server will assign the lease with the
default-lease-time 21600;
But only up to the
max-lease-time 43200;
Both values are in seconds.

This option allow DHCP server to write all of its logging events to the system log file, or /var/log/messages.
log-facility local7;
local7 refers to a locally defined log file


Now we get to the meat of this file, the "subnet declarations." A DHCP server needs to know which network or subnet IDs your network contains.
Additionally, for each network or subnet, it needs to know which "pool" of addresses it is allowed to lease out to the devices on that segment of the network.
It is helpful to sketch out your network ahead of time, so you know which addresses are available for DHCP clients and which addresses are unavailable because they are already statically assigned.
subnet 192.168.1.0 netmask 255.255.255.0 {
}

But here we have a case if we needn't to write all of that
We here have a minimum script to run your DHCP server as well as you need

ddns-update-style none;
ddns-updates off;
option T150 code 150 = string;
deny client-updates;
one-lease-per-client false;
allow bootp;

lease-file-name "/var/lib/dhcpd/dhcpd.leases";
authoritative;

default-lease-time 86400; # 24 hours
max-lease-time 172800; # 48 hours

host wkstn1 {
hardware ethernet 00:00:00:0D:11:D4;
fixed-address 172.1.1.5;
}
subnet 192.168.1.0 netmask 255.255.255.0 {
interface eth1;
range 192.168.1.128 192.168.1.254;
option routers 192.168.1.100;
option domain-name-servers 192.168.1.2 , 192.168.1.1;
}


Hope i success to share my information as well
Please if you have any note about my article You can welcome asking me
Note: all this configuration is based of Fedora
references
http://www.onlamp.com/pub/a/bsd/2003/05/01/FreeBSD_Basics.html?page=1
http://en.wikipedia.org/wiki/Dhcp
http://www.dhcp.org/
http://www.yolinux.com/TUTORIALS/DHCP-Server.html

Thank you
Sherif Sayed

HowTo Gateway your Linux machine

Dear IsmailiaLUG,

How are you ... ?

At this days i configure a server(Ofcours Fedora)
The services it should to run is (Gateway,DHCP,DNS,Samba,HTTP,Database)
And in the time i configure this services i'll write howto RUN this services

All i just finished of this services is the Gateway
So that let's start with Gateway machine
The target of gateway here is to make your LAN client connect to the Internet throw your machine

First you need two physical Ethernet in your machine
One of them will connect to ISP and the other one will connect to LAN

eth0 #Connect to your LAN
eth1 #connect to Your modem (ISP)

Now your machine connected to ISP throw eth1
And you have your LAN clients connected to you throw eth0

All we need now is FORWARD packets from LAN (eth0) to World wild(ISP) and back throw my machine
This mation can done by iptables because as you see we need to FORWARD packets from eth0 eth1 to and back

Basically we need to have two sets of rules
*Allow outgoing packets from the LAN (via eth0)
*Allow established connections to return

Note:
I'll explain here each rule of gateway only i'll ignore any other cases
The command starts with iptables ,Be careful don't copy the rule line number

# Always accept loop back traffic it's safe
1- iptables -t filter -A INPUT -i lo -j ACCEPT

# Allow established connections, and those not coming from the outside
2- iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
3- iptables -t filter -A INPUT -m state --state NEW -i ! eth1 -j ACCEPT

1- iptables -t filter -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT


# Allow outgoing connections from the LAN side.
2 -iptables -t filter -A FORWARD -i eth0 -o eth1 -j ACCEPT


# Masquerade.
1 - iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE


And after you enter this rules in iptables run this commend
/etc/init.d/iptables save
Or
iptables-save

Then run this commend for enable routing.
echo 1 > /proc/sys/net/ipv4/ip_forward

#This's the explain of the iptables commends

iptables -t filter -A INPUT -i lo -j ACCEPT
Accept all connections (traffic) come from localhost


iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Accept all connection that they status is ESTABLISHED or RELATED
ESTABLISHED and RELATED means the connection requested from my machine and the answer of the request is RELATED or ESTABLISHED connection


iptables -t filter -A INPUT -m state --state NEW -i ! eth1 -j ACCEPT
Accept all NEW connection that not come from eth1

iptables -t filter -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
Accept any ESTABLISHED or RELATED connection that come World wild to eth1 and forward it to eth0

iptables -t filter -A FORWARD -i eth0 -o eth1 -j ACCEPT
Accept any connection come from eth0 forwarded to eth1

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
MASQUERADE eth1
Source Network Address is eth1
rewrite the Source address in the header of the packet
Forwarding all packets going out from our local network(eth0) to the World Wild (eth1) of the Internet connection.


Note About masquerade :
masquerade target is used only in POSTROUTING chain in nat table
masquerade target as snat target but with a little difference
to use snat you should to have a static ip address
But with masquerade does not require any ip address
masquerade made for working with dynamic ip address

Note:
The all this configured under Fedora distribution

Some references:
http://iptables-tutorial.frozentux.net/iptables-tutorial.html#NATINTRO

http://www.debian.org/doc/manuals/reference/ch-gateway.en.html

http://www.linuxquestions.org/questions/linux-networking-3/gateway-problems-on-fedora-c6-533657/

http://www.debian-administration.org/articles/23
---
Please if you need to ask any thing about gateway you can write me back
Wait for me in DHCP
Thank you
Sherif Sayed