DHCP (Dynamic Host Configuration Protocol) allows you to control the network configuration of all your computers or other devices from your Endian Firewall. When a computer (or a device like a printer, pda, etc.) joins your network it will automatically be given a valid IP address and its DNS and WINS configuration will be set from the EFW machine. To use this feature the machines must be configured in order to obtain their network configuration automatically.
You can choose if you want to provide this service to your GREEN (private) network and/or your BLUE (wireless) or ORANGE (DMZ) network. Just tick the relevant box.
For a full explanation of DHCP you may want to read Linux Magazine's “Network Nirvana - How to make Network Configuration as easy as DHCP ”
The following DHCP parameters can be set from the web interface:
- Start Address (optional)
You can specify the lowest and highest addresses that the server will hand out to other requestors. The default is to hand out all the addresses within the subnet you set up when installing your Endian Firewall. If you have machines on your network that do not use DHCP, and have their IP addresses set manually, you should set the start and end address so that the server will not hand out any of these manually assigned IPs.
Note
You should also make sure that any addresses listed in the fixed lease section (see below) are also outside this range.
- End Address (optional)
Specify the highest address you want to handout (see above).
- Default lease time
This can be left at its default value unless you want to specify your own value. The default lease time is the time interval that is used before the lease for an assigned IP address expires and your computers will request a renewal of their lease, specifying their current IP address.
Note
If you change your DHCP parameters those changes will be propagated to the machines in your network when they request a new lease. Generally, leases are renewed by the server.
- Maximum lease time
This can be left at its default value unless you want to specify your own value. The maximum lease time is the time interval during which the DHCP server will always honor client renewal requests for their current IP addresses. After the maximum lease time, client IP addresses may be changed by the server. If the dynamic IP address range has changed, the server will hand out an IP address in the new dynamic range.
- Domain name suffix (optional)
Sets the domain name that the DHCP server will pass to the clients. If a host name cannot be resolved, the client will try again after appending the specified name to the original host name. Many ISP's DHCP servers set the default domain name to their network name and tell customers to get to the web by entering “www” as the default home page on their browser. “www” is not a fully qualified domain name. But the software in your computer will append the domain name suffix supplied by the ISP's DHCP server to it, creating a FQDN for the web server. If you do not want your users to have to unlearn addresses like www, set the Domain name suffix to your ISP's DHCP server specifications.
Note
There should not be a leading dot in this box.
- Primary DNS
Specifies what the DHCP server should tell its clients to use as Primary DNS server. Because Endian Firewall runs a DNS proxy, you will probably want to leave the default value here so the Primary DNS server is set to the EFW box's IP address. If you have your own DNS server then specify it here.
- Secondary DNS
You can also specify a second DNS server which will be used if the primary is unavailable. This could be another DNS server on your network or that of your ISP.
- Primary NTP Server (optional)
If you are using Endian Firewall as an NTP Server, or want to pass the address of another NTP Server to devices on your network, you can put its IP address in this box. The DHCP server will pass this address to all clients when they get their network parameters.
- Secondary NTP Server (optional)
If you have a second NTP Server address, put it in this box. The DHCP server will pass this address to all clients when they get their network parameters.
- Primary WINS server address (optional)
If you are running a Windows network and have a Windows Naming Service (WINS) server, you can put its IP address in this box. The DHCP server will pass this address to all hosts when they get their network parameters.
- Secondary WINS server address (optional)
If you have a second WINS Server, you can put its IP address in this box. The DHCP server will pass this address to all hosts when they get their network parameters.
Below you will find the following global confguration possibility:
- Custom configuration lines
In this field you have the possibility to add configuration lines which will then be added to the configuration file of the DHCP server. This certainly is optional.
Warning
Use it only if you know exactly what you are doing, since wrong syntax will cause the DHCP server to refuse to work! Read the documentation of the DHCP server on ISC to be sure if you need to add custom configuration lines.
For example you may use this configuration possibility to send the location of the configuration files of your VoIP telephones to those telephones.
When you press , the changes will be applied.
If you have machines whose IP addresses you would like to manage centrally but require that they always get the same fixed IP address you can tell the DHCP server to assign a fixed address based on the MAC address of the network card in the machine.
This is different from using manual addresses as these machines will still contact the DHCP server to ask for their IP address and will take whatever you have configured for them.
You can specify the following fixed lease parameters:
- MAC Address
The six octet/byte colon separated MAC address of the machine that the fixed lease is for.
Warning
The format of the MAC address is xx:xx:xx:xx:xx:xx, not xx-xx-xx-xx-xx-xx, as some machines show, i.e. 00:e5:b0:00:02:d2.
- IP Address
The static lease IP address that the DHCP server will always hand out for the associated MAC address.
Note
Do not use an address from the server's dynamic address range.
- Remark (optional)
If you want, you can include a string of text to identify the device using the fixed lease.
- Next Address (optional)
Some machines on your network may be thin clients that need to load a boot file from a network server. You can specify the server here if needed.
- File Name (optional)
Specify the boot file for this machine.
- Root Path (optional)
If the boot file is not in the default directory then specify the full path to it here.
- Enabled
Click on this check box to tell the DHCP server to hand out this static lease. If the entry is not enabled, it will be stored in EFW's files, but the DHCP server will not issue this lease.
This section displays current fixed leases and allows editing or deleting them.
You can sort the display of the fixed leases by clicking on the underlined headings MAC Address or IP Address. Another click on the heading will reverse the sort order.
To edit an existing lease, click on its pencil icon. The fixed leases values will be displayed in the Edit an existing lease section of the page. The fixed lease being edited will be highlighted in yellow. Click the Update button to save any changes.
To remove an existing profile, click on its trash can icon. The lease will be removed.
If DHCP is enabled, this section lists the dynamic leases contained in the /var/lib/dhcp/dhcpd.leases file. The IP Address, MAC Address, hostname (if available) and lease expiry time of each record are shown, sorted by IP Address.
You can sort the display of dynamic leases by clicking on any of the four underlined column headings. A further click will reverse the sort order.
It is easy to cut and paste a MAC Address from here into the fixed lease section (see the section called “Current fixed leases”), if needed.
Lease times that have already expired are “struck through”.