DHCP (Dynamic Host Configuration Protocol) allows you to control the network configuration of all your computers or devices from your Endian Firewall. When a computer (or a device like a printer, pda, etc.) joins your network it will be given a valid IP address and its DNS and WINS configuration will be set from the EFW machine. To use this feature new machines must be set to obtain their network configuration automatically.
You can choose if you want to provide this service to your GREEN (private) network and/or your BLUE (wireless) or ORANGE (DMZ) network. Just tick the relevant box.
For a full explanation of DHCP you may want to read Linux Magazine's “Network Nirvana - How to make Network Configuration as easy as DHCP ”
The following DHCP parameters can be set from the web interface:
You can specify the lowest and highest addresses that the server will hand out to other requestors. The default is to hand out all the addresses within the subnet you set up when you installed Endian Firewall. If you have machines on your network that do not use DHCP, and have their IP addresses set manually, you should set the start and end address so that the server will not hand out any of these manual IPs.
You should also make sure that any addresses listed in the fixed lease section (see below) are also outside this range.
Specify the highest address you will handout (see above).
This can be left at its default value unless you need to specify your own value. The default lease time is the time interval IP address leases are good for. Before, the lease time for an address expires your computers will request a renewal of their lease, specifying their current IP address. If DHCP parameters have been changed, when a lease renewal request is made the changes will be propagated. Generally, leases are renewed by the server.
This can be left at its default value unless you need to specify your own value. The maximum lease time is the time interval during which the DHCP server will always honor client renewal requests for their current IP addresses. After the maximum lease time, client IP addresses may be changed by the server. If the dynamic IP address range has changed, the server will hand out an IP address in the new dynamic range.
There should not be a leading period in this box. Sets the domain name that the DHCP server will pass to the clients. If any host name cannot be resolved, the client will try again after appending the specified name to the original host name. Many ISP's DHCP servers set the default domain name to their network and tell customers to get to the web by entering “www” as the default home page on their browser. “www” is not a fully qualified domain name. But the software in your computer will append the domain name suffix supplied by the ISP's DHCP server to it, creating a FQDN for the web server. If you do not want your users to have to unlearn addresses like www, set the Domain name suffix identically to your ISP's DHCP server specifies.
Specifies what the DHCP server should tell its clients to use for their Primary DNS server. Because Endian Firewall runs a DNS proxy, you will probably want to leave the default alone so the Primary DNS server is set to the EFW box's IP address. If you have your own DNS server then specify it here.
You can also specify a second DNS server which will be used if the primary is unavailable. This could be another DNS server on your network or that of your ISP.
If you are using Endian Firewall as an NTP Server, or want to pass the address of another NTP Server to devices on your network, you can put its IP address in this box. The DHCP server will pass this address to all clients when they get their network parameters.
If you have a second NTP Server address, put it in this box. The DHCP server will pass this address to all clients when they get their network parameters.
If you are running a Windows network and have a Windows Naming Service (WINS) server, you can put its IP address in this box. The DHCP server will pass this address to all hosts when they get their network parameters.
If you have a second WINS Server, you can put its IP address in this box. The DHCP server will pass this address to all hosts when they get their network parameters.
Below you will find the following global confguration possibility:
Within this field you have the possibility to add configuration lines which then will be added to the configuration file of the DHCP server. This certainly is optional.
Use it only if you know what you are doing, since wrong syntax will cause the DHCP server to refuse the work! Read the documentation of the DHCP server on ISC to be sure if you need to add custom configuration lines.
For example we use this configuration possibility to send to all of our VoIP telephones the location of where they can find their configuration files.
When you press
, the change is acted upon.If you have machines whose IP addresses you would like to manage centrally but require that they always get the same fixed IP address you can tell the DHCP server to assign a fixed IP based on the MAC address of the network card in the machine.
This is different to using manual addresses as these machines will still contact the DHCP server to ask for their IP address and will take whatever we have configured for them.
You can specify the following fixed lease parameters:
The six octet/byte colon separated MAC address of the machine that will be given the fixed lease.
The format of the MAC address is xx:xx:xx:xx:xx:xx, not xx-xx-xx-xx-xx-xx, as some machines show, i.e. 00:e5:b0:00:02:d2.
The static lease IP address that the DHCP server will always hand out for the associated MAC address. Do not use an address in the server's dynamic address range.
If you want, you can include a string of text to identify the device using the fixed lease.
Some machines on your network may be thin clients that need to load a boot file from a network server. You can specify the server here if needed.
Specify the boot file for this machine.
If the boot file is not in the default directory then specify the full path to it here.
Click on this check box to tell the DHCP server to hand out this static lease. If the entry is not enabled, it will be stored in EFW's files, but the DHCP server will not issue this lease.
This section displays current fixed leases and allows editing or deletion of them.
You can sort the display of the fixed leases by clicking on the underlined headings MAC Address or IP Address. Another click on the heading will reverse the sort order.
To edit an existing lease, click on its pencil icon. The fixed leases values will be displayed in the Edit an existing lease section of the page. The fixed lease being edited will be highlighted in yellow. Click the Update button to save any changes.
To remove an existing profile, click on its trash can icon. The lease will be removed.
If DHCP is enabled, this section lists the dynamic leases contained in the /var/lib/dhcp/dhcpd.leases file. The IP Address, MAC Address, hostname (if available) and lease expiry time of each record are shown, sorted by IP Address.
You can sort the display of dynamic leases by clicking on any of the four underlined column headings. A further click will reverse the sort order.
It is easy to cut and paste a MAC Address from here into the fixed lease section (see the section called “Current fixed leases”), if needed.
Lease times that have already expired are “struck through”.