BSD DevCenter
oreilly.comSafari Books Online.Conferences.

advertisement


FreeBSD Basics Configuring a DHCP Server

by Dru Lavigne
05/01/2003

In my last article, we took a look at the DHCP client that comes with your FreeBSD system. This week, I want to move on to configuring a DHCP server.

Unlike the built-in dhclient, your FreeBSD system does not come with DHCP server software. This is because you only need to configure a DHCP server if you want to lease out IP configuration for your own network.

However, there are two ports that allow you to create your own DHCP server. The first is known as WIDE, or Widely Integrated Distributed Environment. As the name suggests, it has been optimized for very large networks, so I won't cover it in this series. The second is from the ISC, or Internet Software Consortium, and can be found here.

The dhclient that comes with FreeBSD is also from the ISC. The site has some good information regarding DHCP, including a FAQ and some introductory tutorials.

Before building the DHCP server port, ensure that the bpf device is built into your kernel. If you are using the default kernel, do a search through the default kernel configuration file:

$ grep bpf /usr/src/sys/i386/conf/GENERIC
# The `bpf' device enables the Berkeley Packet Filter.
device		bpf		# Berkeley packet filter

If you're not using the default kernel, substitute the name of your custom kernel configuration file for "GENERIC." If you don't get anything back when you grep for bpf, add that line to your kernel configuration file and rebuild your kernel.

Once you have the bpf device, build the DHCP server port:

# cd /usr/ports/net/isc-dhcp3   
# make install clean

This build will install several files. Let's take a quick overview. First, you'll get four executables:

Related Reading

The Complete FreeBSD
Documentation from the Source
By Greg Lehey

  • /usr/local/sbin/dhclient will be the latest edition of the DHCP client; the DHCP client that came with your FreeBSD system is located in /sbin/dhclient. On a side note, system binaries (applications) are always located in a directory called sbin. If the binary came installed with the operating system, it will be in the sbin located on the root (/sbin). If the binary was installed as a port or a package, it will be located in /usr/local/sbin.

  • /usr/local/sbin/dhcpd is the actual DHCP server application. Like most servers, or daemons, it ends in "d".

  • /usr/local/sbin/dhcrelay is the bootp relay agent. You may remember from the last article that you will only need this application if you have multiple network segments and don't want to create a DHCP server on every segment.

  • /usr/local/bin/omshell is the OMAPI command shell. This application allows you to make changes to the DHCP server while it is running. You don't have to stop and restart DHCP in order for the changes to take effect.

You'll also get two sample startup scripts and a sample configuration script to get started with your own configurations:

  • /usr/local/etc/rc.d/isc-dhcpd.sh.sample
    Sample startup script for the DHCP server.

  • /usr/local/etc/rc.d/isc-dhcrelay.sh.sample
    Sample startup script for the bootp relay agent.

  • /usr/local/etc/dhclient.conf.sample
    Sample configuration script for the DHCP server.

To aid in your configuration, the following manpages are installed:

  • man dhcpd
  • man dhcrelay
  • man dhcpd.leases
  • man dhcpd.conf

And finally, a documents directory:

  • /usr/local/share/doc/isc-dhcp3/

The Configuration File

Let's start by taking a look at the configuration file for the DHCP server. You should leave the sample as is, and copy it over to the file that you will edit:

$ cp /usr/local/etc/dhcpd.conf.sample /usr/local/etc/dhcpd.conf

Let's go through each line of this file to make sure you understand all of the options; then we'll customize it for a sample network.

$ more /usr/local/etc/dhcpd.conf

# dhcpd.conf
# Sample configuration file for ISC dhcpd
As you're reading through this, or any, configuration file, any line that starts with a "#" is a comment.
# option definitions common to all supported networks...
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
Each bit of information a DHCP server leases to a client is known as an "option." Some options are considered to be "global," meaning that every DHCP client in the network will receive that option as part of their lease. Some options are considered to be "local" to a specific subnet. For example, the option for the IP address of the default gateway will always be "local," as a default gateway must live on the same subnet as the client. However, the two above options are considered to be "global," as every computer in your network will share the same domain name and will use the same DNS servers.
default-lease-time 600;
max-lease-time 7200;
Some DHCP client software requests a lease time. If the client doesn't, the server will assign the lease with the default-lease-time value. If the client does, the server will honor the request, but only up to the max-lease-time value. Both values are in seconds.
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
This line should be uncommented, as it allows your DHCP server to send a DHCPNACK to misconfigured clients. An example of a misconfigured client would be a computer that was physically moved to another subnet without releasing its old lease.
# ad-hoc DNS update scheme - set to "none" to disable dynamic DNS updates.
ddns-update-style ad-hoc;
The ddns-update-style parameter has three possible values. ad hoc has been deprecated and shouldn't be used. interim allows your DHCP server to update a DNS server whenever it hands out a lease. This way, your DNS server will know which IP addresses are associated with which computers in your network. In order for this to work, your DNS server must support DDNS (Dynamic DNS). If your DNS server doesn't support DDNS, or you don't want to take advantage of dynamic DNS, you should change this value to none.
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
#log-facility local7;
How you handle this option will affect where the DHCP server will send its logging information. local7 refers to a locally defined log file. Until you define that log file, the DHCP server will write all of its events to the system log file, or /var/log/messages.
# No service will be given on this subnet, but declaring it helps the 
# DHCP server to understand the network topology.

subnet 10.152.187.0 netmask 255.255.255.0 {
}

Now we get to the meat of this file, the "subnet declarations." A DHCP server needs to know which network or subnet IDs your network contains. Additionally, for each network or subnet, it needs to know which "pool" of addresses it is allowed to lease out to the devices on that segment of the network. It is helpful to sketch out your network ahead of time, so you know which addresses are available for DHCP clients and which addresses are unavailable because they are already statically assigned. I'll walk through such a sketch with you in the next article, when I demonstrate a more complex network configuration.

In the meantime, it is important to "declare" each segment of your network, even if a segment does not contain any DHCP clients. This is the case in the above declaration for the subnet ID 10.152.187.0. Notice that the declaration includes the mask that matches the network ID, and is then followed by a pair of curly braces ({}). Let's compare this declaration to the next subnet declaration:

# This is a very basic subnet declaration.

subnet 10.254.239.0 netmask 255.255.255.224 {
    range 10.254.239.10 10.254.239.20;
    option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
}

This declaration is for the subnet 10.254.239.0. Within the curly braces is the "range" of IP addresses available to be leased. If you're familiar with classful subnet masking, you know that every IP address in your network must share the portion of the IP address that is masked by 255. In this example, there are three 255s in the mask, so every IP address in this network must start with the same three numbers: 10.254.239. The mask also contains a 224 in the last octet, which leaves a range of 30 possible valid addresses for each subnet represented by that octet. In this example, the DHCP server has been instructed to give out 11 of those possible valid addresses: 10 to 20.

The DHCP server has also been instructed to lease out two default gateway addresses. The closing curly brace indicates the end of the information to be leased out to each client.

The default configuration file continues on with several more examples of subnet declarations. I won't rehash them here; you'll notice as you read through them on your own that the examples vary in which options are to be leased to clients on each declared subnet.

Pages: 1, 2

Next Pagearrow





Sponsored by: