DHCP
Tom
Eastep
2002-11-03
2001
2002
Thomas M. Eastep
Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled
GNU Free Documentation License
.
If you want to Run a DHCP Server on your firewall
Specify the "dhcp" option on each interface to be served
by your server in the /etc/shorewall/interfaces file. This will
generate rules that will allow DHCP to and from your firewall system.
When starting "dhcpd", you need to list those interfaces
on the run line. On a RedHat system, this is done by modifying
/etc/sysconfig/dhcpd.
If a Firewall Interface gets its IP Address via DHCP
Specify the "dhcp" option for this interface in the
/etc/shorewall/interfaces
file. This will generate rules that will allow DHCP to and from
your firewall system.
If you know that the dynamic address is always going to be in
the same subnet, you can specify the subnet address in the
interface's entry in the /etc/shorewall/interfaces
file.
If you don't know the subnet address in advance, you should
specify "detect" for the interface's subnet address in the
/etc/shorewall/interfaces
file and start Shorewall after the interface has started.
In the event that the subnet address might change while
Shorewall is started, you need to arrange for a "shorewall
refresh" command to be executed when a new dynamic IP address gets
assigned to the interface. Check your DHCP client's documentation.