Date: Wed, 29 Sep 1999 14:46:20 -0500 From: "Nathan Mahon" <nathanm@socket.net> To: "Troy Settle" <st@i-plus.net>, <freebsd-isp@FreeBSD.ORG> Subject: RE: Need Authoritative DHCP server ... Message-ID: <NDBBIOANCLGLNFOCLGEOKEEJCBAA.nathanm@socket.net> In-Reply-To: <NDBBKPEMLJEBDEPFNHOHKEEGCAAA.st@i-plus.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a good setup, however, I'm not sure that it has anything to do with
the /*enforcment*/ part of my question.
I need something that will require that the dhcp lease match the ip/mac
address of the outgoing packet before it will actually translate it...
I've got issues of users opting not to use DHCP and entering in the numbers
manually.... this is not something I want to allow...
So ... i need to find something that will choose not to NAT if the DHCP
lease doesn't match the originator of the packet.
Does this make any sense to anyone?
Vaevictus Asmadi
-----Original Message-----
From: owner-freebsd-isp@FreeBSD.ORG
[mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Troy Settle
Sent: Wednesday, September 29, 1999 12:34 PM
To: Vaevictus Asmadi; freebsd-isp@FreeBSD.ORG
Subject: RE: Need Authoritative DHCP server ...
Not sure if I'm answering your question here, but I've got a box running
natd and dhcp without problems.
In this setup, ed0 faces the internet, and ed1 faces the internal LAN.
First, compile your kernel with IPFW and bpfilter.
Second, apply these IFPW rules:
00100 divert 8668 ip from any to any via ed1
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
65000 allow ip from any to any
Third, enable natd with the following options in /etc/rc.conf:
natd_enable="YES"
natd_interface="ed1"
natd_flags="-s -m"
Fourth, install and configure DHCP.
From my /etc/dhcpd.conf:
server-identifier 10.10.100.1;
subnet 10.10.100.0 netmask 255.255.255.0 {
range 10.10.100.2 10.10.100.254;
option domain-name-servers xxx.yyy.zzz.3 xxx.yyy.zzz.4 xxx.yyy.zzz.5;
option routers 10.10.100.1;
option subnet-mask 255.255.255.0;
option broadcast-address 10.10.100.255;
default-lease-time 2592000;
max-lease-time 2592000;
}
# match this to the subnet facing the internet
subnet xxx.yyy.zzz.0 netmask 255.255.255.0 {
}
Hope this helps,
-Troy
> -----Original Message-----
> From: owner-freebsd-isp@FreeBSD.ORG
> [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Vaevictus Asmadi
> Sent: Wednesday, September 29, 1999 9:39 AM
> To: freebsd-isp@FreeBSD.ORG
> Subject: Need Authoritative DHCP server ...
>
>
> I need a reliable DHCP server that will either do NAT or use existing NAT,
> and using the NAT to enforce use of DHCP...
> Is this possible?
> Has anyone got this to work?
>
>
> Vaevictus Asmadi
>
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NDBBIOANCLGLNFOCLGEOKEEJCBAA.nathanm>