|
|
|
|
35.1 Configuring a DHCP Server with YaST
IMPORTANT: LDAP Support
In this version of SUSE® Linux Enterprise, the YaST DHCP module can
be set up to store the server configuration locally (on the host that runs
the DHCP server) or to have its configuration data managed
by an LDAP server.
The YaST DHCP module allows you to set up your own DHCP server
for the local network. The module can run in simple mode or expert mode.
35.1.1 Initial Configuration (Wizard)
When the module is started for the first time, a wizard starts, prompting
you to make a few basic decision concerning server
administration. Completing this initial setup produces a very basic
server configuration that should function in essential
aspects. The expert mode can be used to deal with more advanced
configuration tasks.
- Card Selection
-
In the first step, YaST looks for the network interfaces available on
your system then displays them in a list. From the list, select the
interface on which the DHCP server should listen
and click . After this, select
to open the firewall for this interface. See
Figure 35-1.
- Global Settings
-
Use the check box to determine whether your DHCP settings
should be automatically stored by an
LDAP server. In the entry fields, provide the network
specifics for all
clients the DHCP server should manage. These specifics are the
domain name, address of a time server, addresses of the primary
and secondary name server, addresses of a print and a WINS
server (for a mixed network with both Windows and Linux
clients), gateway address, and lease time. See
Figure 35-2.
- Dynamic DHCP
-
In this step, configure how dynamic IP addresses should be
assigned to clients. To do so, specify an IP range from
which the server can assign addresses to DHCP clients. All these
addresses must be covered by the same netmask. Also specify
the lease time during which a client may keep its IP address without
needing to request an extension of the lease. Optionally, specify
the maximum lease time—the period during which the
server reserves an IP address for a particular client. See
Figure 35-3.
- Finishing the Configuration and Setting the Start Mode
-
After the third part of the configuration wizard, a last dialog is
shown in which you can define how the DHCP server should be started.
Here, specify whether to start the DHCP server
automatically when the system is booted or
manually when needed (for example, for test purposes).
Click
to complete the configuration of the
server. See Figure 35-4.
Alternatively, you can select
from the tree structure
to the left to configure special
host management features in addition to the basic configuration
(see Figure 35-5).
- Host Management
-
Instead of using dynamic DHCP in the way described in the preceding
sections, you can also
configure the server to assign addresses in quasi-static fashion. To do
so, use the entry fields provided in the lower part to specify a list
of the clients to manage in this way. Specifically,
provide the and the to give to such a client, the , and the (token ring
or ethernet). Modify the list of clients, which is shown in the
upper part, with ,
, and . See
Figure 35-5.
35.1.2 Expert Configuration
In addition to the configuration method discussed earlier, there is also
an expert configuration mode that allows you to tweak the DHCP server
setup in every detail. Start the expert configuration by selecting
in the tree view in the left part of the
dialog.
- Chroot Environment and Declarations
-
In this first dialog, make the existing configuration
editable by selecting . An important
feature of the behavior of the DHCP server is its ability to run in a
chroot environment, or chroot jail, to secure the server host.
If the DHCP server should ever be compromised by an outside attack, the
attacker will still be behind bars in the chroot jail, which
prevents him from touching the rest of the system. The lower part of the
dialog displays a tree view with the declarations that have already been
defined. Modify these with ,
, and . Selecting
takes you to additional expert dialogs. See
Figure 35-6. After selecting
, define the type of declaration
to add. With , view
the log file of the server, configure TSIG key management, and
adjust the configuration of the firewall according to the setup of the
DHCP server.
- Selecting the Declaration Type
-
The of the DHCP server are made up of
a number of declarations. This dialog lets you set the
declaration types , ,
, ,
, and . This
example shows the selection of a new subnetwork (see
Figure 35-7).
- Subnet Configuration
-
This dialog allows you specify a new subnet with its IP address and
netmask. In the middle part of the dialog, modify the DHCP server
start options for the selected subnet using
, , and
. To set up dynamic DNS for the
subnet, select .
- TSIG Key Management
-
If you chose to configure dynamic DNS in the previous dialog, you can
now configure the key management for a secure zone transfer. Selecting
takes you to another dialog in which to configure
the interface for dynamic DNS (see Figure 35-10).
- Dynamic DNS: Interface Configuration
-
You can now activate dynamic DNS for the subnet by selecting
. After doing so,
use the drop-down list to choose the TSIG keys for forward and reverse
zones, making sure that keys are the same for the DNS and the DHCP
server. With , enable the automatic update and adjustment
of the global DHCP server settings according to the dynamic DNS
environment. Finally, define which forward and reverse zones
should be updated per dynamic DNS, specifying the name of the
primary
name server for each of the two zones. If the name server runs on the
same host as the DHCP server, you can leave these fields blank.
Selecting returns to the subnet
configuration dialog (see Figure 35-8). Selecting
again returns to the original expert
configuration dialog.
- Network Interface Configuration
-
To define the interfaces where the DHCP server should listen and
adjust the firewall configuration, select
from the expert configuration dialog. From the list of
interfaces displayed, select one or more that should be attended by the
the DHCP server. If clients in all of the subnets should be able to
communicate with the server and the server host also runs a firewall,
adjust the firewall accordingly. To do so, select . YaST then adjusts the rules of
SuSEfirewall2 to the new conditions (see
Figure 35-11), after
which you can return to the original dialog by selecting
.
After completing all the configuration steps, close the dialog
with . The server is now started with its new
configuration.
|
|
|