Author Topic: DHCP - combine with other DHCP - HOWTO?  (Read 24437 times)

Lexje

  • Guru
  • ****
  • Posts: 230
    • View Profile
DHCP - combine with other DHCP - HOWTO?
« on: March 15, 2008, 11:00:40 am »
Hi forum,

I already have an existing network with a DHCP server (Linux 192.168.100.0) present.
As this box is functioning as a firewall etc, I would prefer to leave this in place and not touch it.

I was wondering:
Could I just let MCE get its outbound IP from my present DHCP server and use the second NIC as a second network?
Is it possible / allowed to have two networks on one physical network layout and one SWITCH?

Thanks for your advise!

Erwin

teedge77

  • Addicted
  • *
  • Posts: 591
    • View Profile
Re: DHCP - combine with other DHCP - HOWTO?
« Reply #1 on: March 15, 2008, 02:55:15 pm »
if your switch is vlan capable. do you know if it is? it may also be possible to hand out reserved ips by MAC address.
AMD Athlon 64 X2 6000+
Asus M2V Via AM2 ATX
Lite-On LH-20A1S SATA DVD Burner
80GB  SATA-150
EVGA GeForce 7300 GT 512MB DDR2 PCI Express
Sound Blaster Audigy SE
Kingston 2 GB PC6400 DDR2 800MHz
Ultra X-Finity 800-Watt
ZCU000
Cisco 7970
TDM400P

Zaerc

  • Alumni
  • LinuxMCE God
  • *
  • Posts: 2256
  • Department of Redundancy Department.
    • View Profile
Re: DHCP - combine with other DHCP - HOWTO?
« Reply #2 on: March 15, 2008, 02:56:00 pm »
That is how it's supposed to work, you'll need a second switch for the internal network though or you'll end up running 2 dhcp servers on one network with the usual unpredictable results.  It's either that or switching the existing DHCP off and configuring lmce's external network staticly.
"Change is inevitable. Progress is optional."
-- Anonymous


Lexje

  • Guru
  • ****
  • Posts: 230
    • View Profile
Re: DHCP - combine with other DHCP - HOWTO?
« Reply #3 on: March 15, 2008, 04:38:18 pm »
Thanks for your replies;
I have a switch (not used at the mo) that is vlan capable, that I'm sure of. But I'd rather concentrate on getting MCE running instead of lan issues.

As for now, I'll go for a separete mini-network with a hub to test things out.

I'm still not free of nvidia hassles...

Thanks again,

Erwin

gazzzman

  • Veteran
  • ***
  • Posts: 118
    • View Profile
Re: DHCP - combine with other DHCP - HOWTO?
« Reply #4 on: March 15, 2008, 04:42:01 pm »
hi!
I have switched the DHCP off on the router..
and left the lan clients with static ip's and the default gateway set up pointing to the router..
I have kept all the lan clients in the range 192.168.0.1 to 100
I have left the DHCP server on in Linuxmce, and assigned the DHCP pool to 192.168.0.101 to 200
I have my router at 192.168.0.220 and Lmce at 192.168.0.254
this all works fine as long as you dont add anything using DHCP that you dont want to use Lmce's router with :)
though to be fair.. if you do I am not sure it would really be a problem (it would just add an extra hop)
as using DHCP the Lmce box would be seen as the default gateway.. but once the packets reach your Lmce box they would automatically be routed to your router by the router in Lmce anyway :)
not sure if there is a local DNS server running on Lmce?
if there is then this arrangement could actually improve your internet expierence on the normal lan clients aswell!
don't forget.. if your windows shares are on a different workgroup.. you will need to configure wins to allow for their autodetection in Lmce :)
Gazzzman
-----BEGIN GEEK CODE BLOCK-----
Version 3.1
GCC@GE@GIT@GO dpu S-: a+ C+++ L++ E-- W+++ N+ o+++ w-- O M+ PS+++ PE-- Y++
PGP+ t++ 5 X++ R- tv b+ DI++ D---- G e++* h*++ r+++ Y++++
-----END GEEK CODE BLOCK-----

royw

  • Guru
  • ****
  • Posts: 261
    • View Profile
Re: DHCP - combine with other DHCP - HOWTO?
« Reply #5 on: March 16, 2008, 05:43:00 am »
not sure if there is a local DNS server running on Lmce?

Out of the box, LMCE runs bind9 but is not configured as a local authoritative DNS server.
Here's some notes I did for changing the config to add this support:

http://wiki.linuxmce.org/index.php/How_to_setup_Local_Authoritative_DNS

HTH,
Roy

orionsune

  • Veteran
  • ***
  • Posts: 133
    • View Profile
Re: DHCP - combine with other DHCP - HOWTO?
« Reply #6 on: March 18, 2008, 09:24:59 pm »
Here is my setup, despite the OPINION of all our green starred posters.

I have a firewall linux box (not lmce box) running a very intricately constructed firewall, intrustion detection, and alerting system I designed.  So I definately was not going to accept the "Just use the lmce as your gateway and everything will work ok" as a solution.  Instead I found a MUCH simpler solution, that alot of people are claiming won't work, so you can try this at your own risk.  If it works, please post back saying so, so maybe some of these green starred posters will start pulling heads out of asses.

Ok, so i'm using 192.168.75.0 as my internal network address.  My external is just a cablemodem connection directly to my linux/firewall box.  My linux firewall box (not lmce) is running my DHCP server for dynamic clients.  My lmce box is NOT running DHCP with only a single network interface.  I allow the lmce's single network interface to get an ip from my firewall DHCP server.  The virtual interface lmce creates called eth0:0 has a static address that is in the same 192.168.75.0 subnet/network address as everything else.  Now, what this does exactly is turn off the automatic detection of devices such as those cisco ip based phones that can be used as orbiters, and whatever other ip based device that is not a storage device.  Now, network shares are still automatically detected as it relies on a combination of a pinging for loop using your network address for range, and netbios name broadcasting.  If all you plan on doing is the basic, watching tv and viewing movies on computers around the house, then disabling DHCP will not affect you a single bit.

As for the diskless media directors, those can work too, but with a little extra modification.  You would have to configure your other DHCP server to point to the right location for serving filesystems.  Mine works great, just use lmce's current dhcp configuration file as an example, it's really easy to setup from another DHCP server.

I was interested in writing a comprehensive guide regarding all this for these situations, but after being ridiculed and contradicted I refuse.  I had also written a MUCH better interface for firewalling for lmce for a buddy of mines lmce box (since he's using it as a gateway and dhcp server) I was eventually going to have some of these other people take a look at and consider including or building upon it in the next releases.  Since the networking ability of lmce is EXTREMELY bland and not versatile at all.  I HIGHLY RECOMMEND NOT USING THIS AS YOUR GATEWAY!!!  These lmce boxes are extremely insecure by nature, it is best to keep it behind a firewall of some sort and not using it as a firewall.

I mean int he firewall interface, you can specify a range of ports for accepting cnonections, and a range of ports for incoming forwarding.  But the destination field does not allow for the specification of ranges.  For example, torrentflux using bittornado needs a port for each torrent/download in progress.  Therefore a range of about 10 or so ports is required.  In lmce one would have to create each individual rule.  On the command line using iptables you simply specify the range in this syntax "49160:49300".  So rewrote the php templating, and iptable interfacing it was using for my own custom needs.  My needs ended up including these abilities.

Specify ranges for destination ports.
Packet Marking - \
Packet Logging - - Both are dependencies of an intrusion detection program I developed.
Packet Priority/Quality of Service
Full DMZ support.
Ability to specify "both" for protocol instead of tcp/udp
Automatically opening the ports you forward instead of having to specify twice.  (this also can be turned off for the rare need to redirect traffic internally and an open port is not needed)
Ability to specify deny rules based on IP, port, or protocol.



oh snap, i'm rambling... well there are some more features, but whatever I know this wasn't the subject... just a little worked up still over a previous thread I read today.
entia non sunt multiplicanda praeter necessitatem

hari

  • Administrator
  • LinuxMCE God
  • *****
  • Posts: 2428
    • View Profile
    • ago control
Re: DHCP - combine with other DHCP - HOWTO?
« Reply #7 on: March 18, 2008, 10:05:10 pm »
sorry to interfere, but by now way a single nic configuration without DHCP is "MUCH SIMPLER" than a dual nic configuration (and you can daisy chain your preferred other firewall in front of LMCE).

Of course it works as described by orionsune, but I really assume the given instructions are more of a hurdle to newbie users without networking experience than fitting another nic into the core.

best regards,
Hari
rock your home - http://www.agocontrol.com home automation

orionsune

  • Veteran
  • ***
  • Posts: 133
    • View Profile
Re: DHCP - combine with other DHCP - HOWTO?
« Reply #8 on: March 18, 2008, 10:09:16 pm »
without networking experience, yes your right...

I guess hari, my problem is this.  I have this problem of assuming anyone seeking help from the forums is also seeking to educate themselves.  If I don't put this information out there, then they will never educate themselves.  You see, I don't like giving people simple solutions, that reminds of the old ass saying "Give a man a fish, feed him for a day, teach a man to fish, feed him for a lifetime"

Basically what i'm trying to say, is I treat everyone equal, so if someone asks about getting something working, I will give them my opinion based on my own expertise, maybe dumb down some of the terminology.  And I have no problem whatsoever explaining or walking people through my proposed solutions.  Maybe they will learn something in the long run...
entia non sunt multiplicanda praeter necessitatem

Lexje

  • Guru
  • ****
  • Posts: 230
    • View Profile
Re: DHCP - combine with other DHCP - HOWTO?
« Reply #9 on: March 18, 2008, 11:22:30 pm »
Thanks for your suggestions. Much appreciated.
I personally was not ready to submit my network to LMCE's firewall blindly either.
So at the moment I'm daisy chaining too, but as I have had lots of difficulties and still have to add my TV card (.....yes, I'd like to take it step by step) I prefer to simulate the 'example' situation as much as possible.

I was thinking of using IPCOP. What are you using? Is it available, or information about your system?

Thanks,

Erwin

orionsune

  • Veteran
  • ***
  • Posts: 133
    • View Profile
Re: DHCP - combine with other DHCP - HOWTO?
« Reply #10 on: March 18, 2008, 11:29:40 pm »
I am using a combination of SNORT, BASE, and SQL.  I used this generic guide to get everying up and running, then I wrote my own intrusion detection rules. http://www.howtoforge.com/intrusion_detection_base_snort

Then I use an opensource enterprise monitoring application called Zabbix http://www.zabbix.com/ for my alerting, it's highly versatile on how it can detect and alert certain events, it was made for a huge enterprise environment, but I just have simple rules in there, one that checks the SQL database (where it logs intrusion attempt details)  for a specific string, and then sends me a txt message to my phone with the details of the attempt.

It's extremely complicated for a novice user, so I wouldn't recommend for casual use.

entia non sunt multiplicanda praeter necessitatem

Lexje

  • Guru
  • ****
  • Posts: 230
    • View Profile
Re: DHCP - combine with other DHCP - HOWTO?
« Reply #11 on: March 18, 2008, 11:32:08 pm »
Thanks for your information, I'll definitely look into it.

Erwin

royw

  • Guru
  • ****
  • Posts: 261
    • View Profile
Re: DHCP - combine with other DHCP - HOWTO?
« Reply #12 on: March 19, 2008, 06:20:40 am »
Now, what this does exactly is turn off the automatic detection of devices such as those cisco ip based phones that can be used as orbiters, and whatever other ip based device that is not a storage device.

IIRC, the dhcpd is just firing scripts when leases are issued/released.  It should be possible to remotely invoke these scripts.

I've been reading up on RESTful (REST = Representational State Transfer) rails apps.  Basically this is a way for servers to communicate with clients using stateless connections.  The state is inferred from the HTTP protocol (put, get, post) and url.

Now imagine if LMCE had a REST server, then the DHCPD would notify the LMCE that a device just was issued an IP by sending the LMCE an http post 'client/new?ip=192.168.80.111'.  Then it wouldn't matter where the DHCPD was running...

I was interested in writing a comprehensive guide regarding all this for these situations, but after being ridiculed and contradicted I refuse.

Please do write your solution up.  I, for one, find what you are doing very interesting.

oh snap, i'm rambling... well there are some more features, but whatever I know this wasn't the subject... just a little worked up still over a previous thread I read today.

No problem, I enjoy a good ramble now and then.  :)

My turn to ramble a little.  IMO we are hitting a few of the original design decisions.  For example the core as a firewall made sense for Pluto's market.  And that is the way the system is implemented.  What we (LMCE community) need to accept is that we have different requirements and that some of the original designs are too limiting for us.  Alternative designs like yours should be warmly welcomed, examined and integrated into LMCE.  I know this can be tricky, especially considering that we consist of a population that varies across the full computer literate spectrum.  Personally I favor having a default, one shoe fits all, out of the box product, but then have advanced options and really good documentation on how to expand it.  By really good documentation I mean documentation like the gentoo community has (official docs + wiki + forums), not the crap like ubuntu has (which seems to be our silly model).

Enough for now.  Keep up the good work!

Have fun,
Roy

Lexje

  • Guru
  • ****
  • Posts: 230
    • View Profile
Re: DHCP - combine with other DHCP - HOWTO?
« Reply #13 on: March 19, 2008, 09:31:37 am »
Perhaps a little off topic but nevertheless adding to the documentation remark:
I do realize that an enormous amount of work lies below the surface of LMCE, so please no offence taken.
It is absolutely true that this group consists of
Code: [Select]
a population that varies across the full computer literate spectrumIt is also true that we're still talking beta in a lot of cases.
It is also tremendously important to realize that LMCE consists of MULTIPLE opensource projects bundled together under the surface.
I personally feel it's a pity and a shame to see some members ramble negatively about this work in progress.
Also I have personally experienced (over the short time that I'm actively investigating LMCE) that a GREAT AMOUNT of documentation is there, often with incredible detail and photo material present.
My suggestions are:
- perhaps to try to thread movement according to difficulty degree / release number, possibly threading by larger subtopic such as: pluto / asterisk / mythtv / dhcp - dns - bind / etc
- add relevant release numbering and date issued information to the docu wiki
- arrange for a better 'table of contents' section at the beginning of the wiki - to make things easier to find
- I would also suggest to increase better understanding for people new to the project but also for those less technically inclined to better grasp how the project really 'functions' - to elaborate on the diagram http://wiki.linuxmce.org/index.php/Image:Diagram1.jpg in such a way that I would prefer to see more visually understandable grouping and icons: I think for example about grouping the core with its components together in a group, put a PC drawing next to it, then, connect to this PC drawing e.g. hardware such as IR USB-UIRT or Z-Wave or RS232 or whatever.

In my opinion improving documentation and information would greatly counter negative criticism that this project encounters on multiple blogs and fora.

Just my 2cents,  or is it tuppence?

Erwin

Up to now for one I haven't touched the wiki, as I am not that experienced with this, but as an example I lost about 2 days trying to install because of an error written in the wiki http://wiki.linuxmce.org/index.php/Installation_Guide stating clearly that the mentioned CD's only work with Kubuntu 7.04, whereas it turns out they DON'T work with 7.04 but with 7.10.
This of course is a complete waste of time and resources, bandwidth etc. Mind this is not intended as flaming on the author of this part, just indicating that perhaps adding a date would put people at guard of the relevance / correctness of the documented issue. (PS: I just corrected the wiki pages - hope this will be positively accepted)  :)
« Last Edit: March 19, 2008, 09:51:32 am by Lexje »

Zaerc

  • Alumni
  • LinuxMCE God
  • *
  • Posts: 2256
  • Department of Redundancy Department.
    • View Profile
Re: DHCP - combine with other DHCP - HOWTO?
« Reply #14 on: March 19, 2008, 11:43:43 am »
Here is my setup, despite the OPINION of all our green starred posters.

I have a firewall linux box (not lmce box) running a very intricately constructed firewall, intrustion detection, and alerting system I designed.  So I definately was not going to accept the "Just use the lmce as your gateway and everything will work ok" as a solution.  Instead I found a MUCH simpler solution, that alot of people are claiming won't work, so you can try this at your own risk.  If it works, please post back saying so, so maybe some of these green starred posters will start pulling heads out of asses.

Ok, so i'm using 192.168.75.0 as my internal network address.  My external is just a cablemodem connection directly to my linux/firewall box.  My linux firewall box (not lmce) is running my DHCP server for dynamic clients.  My lmce box is NOT running DHCP with only a single network interface.  I allow the lmce's single network interface to get an ip from my firewall DHCP server.  The virtual interface lmce creates called eth0:0 has a static address that is in the same 192.168.75.0 subnet/network address as everything else.  Now, what this does exactly is turn off the automatic detection of devices such as those cisco ip based phones that can be used as orbiters, and whatever other ip based device that is not a storage device.  Now, network shares are still automatically detected as it relies on a combination of a pinging for loop using your network address for range, and netbios name broadcasting.  If all you plan on doing is the basic, watching tv and viewing movies on computers around the house, then disabling DHCP will not affect you a single bit.

As for the diskless media directors, those can work too, but with a little extra modification.  You would have to configure your other DHCP server to point to the right location for serving filesystems.  Mine works great, just use lmce's current dhcp configuration file as an example, it's really easy to setup from another DHCP server.

I was interested in writing a comprehensive guide regarding all this for these situations, but after being ridiculed and contradicted I refuse.  I had also written a MUCH better interface for firewalling for lmce for a buddy of mines lmce box (since he's using it as a gateway and dhcp server) I was eventually going to have some of these other people take a look at and consider including or building upon it in the next releases.  Since the networking ability of lmce is EXTREMELY bland and not versatile at all.  I HIGHLY RECOMMEND NOT USING THIS AS YOUR GATEWAY!!!  These lmce boxes are extremely insecure by nature, it is best to keep it behind a firewall of some sort and not using it as a firewall.

I mean int he firewall interface, you can specify a range of ports for accepting cnonections, and a range of ports for incoming forwarding.  But the destination field does not allow for the specification of ranges.  For example, torrentflux using bittornado needs a port for each torrent/download in progress.  Therefore a range of about 10 or so ports is required.  In lmce one would have to create each individual rule.  On the command line using iptables you simply specify the range in this syntax "49160:49300".  So rewrote the php templating, and iptable interfacing it was using for my own custom needs.  My needs ended up including these abilities.

Specify ranges for destination ports.
Packet Marking - \
Packet Logging - - Both are dependencies of an intrusion detection program I developed.
Packet Priority/Quality of Service
Full DMZ support.
Ability to specify "both" for protocol instead of tcp/udp
Automatically opening the ports you forward instead of having to specify twice.  (this also can be turned off for the rare need to redirect traffic internally and an open port is not needed)
Ability to specify deny rules based on IP, port, or protocol.



oh snap, i'm rambling... well there are some more features, but whatever I know this wasn't the subject... just a little worked up still over a previous thread I read today.

Yeah that is so much easier and simpeler, what on earth was I thinking?  :P
"Change is inevitable. Progress is optional."
-- Anonymous