A Simple DHCP Server Setup

Now that I’ve introduced my firewall box, I’d like to show you how I’m also distributing private IPs via DHCP (dynamic host configuration protocol). This way, my techs can plug in customers’ systems without having to figure out which IP addresses are unused on our office subnet and spend time configuring the system.

Setting up DHCP on Linux is, like many things, a simple matter of editing a text file. You just have to know the options and syntax. man dhcpd contains everything you need to know and then some, but I’ll use my own as an example to get you started.

The text file in question is /etc/dhcpd.conf. I’ll get right into the example:

subnet netmask {
option subnet-mask;
option routers;
option domain-name-servers xxx.xxx.xxx.7, xxx.xxx.xxx.15;
option domain-name "office.example.com";

Note the “options” lines can be global by putting them at the beginning of the file, but I chose to place them within the subnet entry. The subnet entry (contained within the curly braces) is specific to the subnet in question, and I figure it’s just as easy to restrict it as we’ll (probably) never add another subnet to the box. Also, while’s subnet mask is technically, I limited the network size here with the subnet above. I went with 10.0.0.x because we use 192.168.x.x in other places and this cuts down on confusion and potential conflict.

If you’ve ever configured a system, most of this will be familiar to you. The range is the size of the pool (min/max address), in this case 91 addresses, and we assign the subnet mask. The router is the gateway assigned to the hosts. The DNS server addresses (concealed here to protect the innocent) can be listed by the actual domain name (i.e., ns1.example.com), but it’s a better idea to use IP addresses to prevent lookup issues. Finally, we assign a default domain name, in this case with the office subdomain.

It’s also possible to specify individual host assignments and address settings, as well as BOOTP server addresses for terminals, but that’s all beyond the scope of this article. You can also assign lease time limits within the subnet or global settings, but I haven’t bothered with that.

You can test your config by executing the dhcpd command with the -t argument: on Slackware, it’s /usr/sbin/dhcpd -t. Any errors will be kicked out. For some reason dhcpd told me I needed the line ddns-update-style ad-hoc; in my configuration, so I made it a global option above the subnet area. I say “for some reason” because you’ll see in the man page that while ddns-update-style is for handling dynamic DNS updates, this option is actually deprecated.

Once you (and dhcpd) are happy with your config file, it’s just a matter of starting the dhcpd server at boot. I did so by adding the following line to my rc.local startup script:

/usr/sbin/dhcpd -q eth1

The -q option suppresses the copyright notices produced when the server starts, and the eth1 argument says to only answer DHCP requests on the interface connected to my internal network. This way there are no problems when hooking up another dynamic host on the Internet side of this box. As with the firewall portion of rc.local, I put the line echo "Intializing DHCP server" before the dhcpd line above so I know it’s happening during boot.

A tiny bit of customization and this could easily be doing the same for your network. As with the firewall, it’s a piece of cake once you know the general commands and options.