Fullscreen HTML5Med Res (??MB)HTML4

COMPUTERS: Linux Name & DHCP Servers Using Linux to Share an Optus Cable Modem Internet Con­nection Pt.2: installing DNS & DHCP servers Once you have your cable modem working with Linux, the next step is to set up DNS and DHCP servers. Both can be automatically started during the Linux boot-up and they will make life much easier when it comes to setting up the networking options on your Windows PCs. By JOHN BAGSTER It’s always a good idea to install both DNS and DHCP servers when using a Linux gateway to the Internet and that applies whether you are using a cable modem or a dial-up connection. Both servers are easy to get going under Linux and they make setting up your Windows boxes a snack. So what exactly are the functions of these two server utilities and how do they make life easier? We’ll start by explaining the role of the Domain Name server (DNS). DNS servers play a vital role when it come to navigating the Internet. Basically, their job is to translate domain names into their corresponding IP addresses. This means, for example, that you can go to the SILICON CHIP website by typing in www.siliconchip.com.au instead of typing the IP address into your web browser: ie, 203.43.52.165. Typically, you make use of the DNS servers (also known simply as “name” servers) provided by your ISP. This means that, during setup, you have to enter the IP addresses for these servers at the DNS Configuration tab in the TCP/ IP Properties dialog box on each of your Windows machines – see Fig.5 last month. Note that there will usually be at least two name servers – a primary DNS server and a backup DNS server. One potential problem with this is that the two nameserver lines in /etc/resolv.conf (on the Linux box) may change – eg, if your ISP changes the IP address of one or more of their name servers. This means that you would then have to manually change them on all your 60  Silicon Chip Windows PCs or in the DHCP configuration setup that follows. The standard lease time for the Optus modem is 12 hours, meaning that the information in /etc/resolv. conf could change every 12 hours (although this is very unlikely). Setting up named The way around this is to install a name server (or DNS) on your Linux box. That done, you then simply tell your Windows PCs or the DHCP configuration that the name server address is 192.168.0.2 (or whatever IP address you assigned to the Linux PC). Besides, why type in two nameserver IP addresses when you can get away with one? The name server is a utility called “named”. If it is in­stalled, it will be in /usr/sbin but it probably won’t be invoked on start-up by default. There will also be a startup script called named in /etc/rc.d/init.d. To see if named is installed, type: ls /usr/sbin/named You should get a response like that shown in Fig.6. Now type: ls /etc/rc.d/init.d/named Both these files should be there. If not you will have to install the bind RPM file. www.siliconchip.com.au then automatically supply all the necessary information. This includes doling out a unique IP address, plus the gateway and DNS server addresses and the domain name. Basically, the Linux DHCP server automatically assigns each Windows PC a unique IP address at boot time, along with all the other necessary information. This not only simplifies network setup but also means that you don’t have to keep track of IP addresses – something that can become messy if you have more than a few PCs on your network. It also means that you don’t need to maintain an lmhosts file on Fig.6: you can use the “ls” (list) command to check that both named each PC. and dhcpd have been installed. You should get responses similar to What’s more, if the information does change, those shown here in green. you can simply run “winipcfg” from the Start, Run dialog box on each Windows PC to release To see if named is invoked on start-up, type: and renew the lease. This refreshes all the necessary information and also means that you don’t have to chkconfig --list named manually alter and reboot each Windows PC on the network. If you are currently using Internet Connection Sharing You should see something like this: (ICS), then its likely that your client machines (ie, those not connected to the cable modem) are already set to “Obtain named 0:off 1:off 2:off 3:on 4:off 5:off 6:off an IP address automatically”. That’s because ICS includes a basic DHCP server. If you see 3:off instead of 3:on, then type: In that case, you don’t need to alter any of your Windows client machines when you switch over to the Linux chkconfig --level 3 named on gateway – provided, of course, that the Linux box is running dhcpd. If you are booting to run level 5 – ie, to the GUI (which, by the way, you don’t really need for a gateway Getting dhcpd going and firewall), then use 35 instead of 3 in the above line; Like named, dhcpd is installed in /usr/sbin and has a ie: start-up file in /etc/rc.d/init.d. Once again, it’s probably not configured to start automatically. To check its status, chkconfig --level 35 named on type: Once that’s done, running chkconfig --list named chkconfig --list dhcpd should give: named 0:off 1:off 2:off 3:on 4:off 5:on 6:off All you have to do now is type: /etc/rc.d/init.d/named start That’s it – your name server is up and running. What’s more, named will automatically start each time the Linux box is reboot­ed. DHCP If you don’t want to go to the trouble of manually setting up the networking parameters (fixed IP addresses, gateways, DNS addresses, etc) on your Windows PCs, then you will also want to set up “dhcpd”. This is the Linux DHCP server and it simplifies network setup and administration in several ways. First, you don’t have to type any information into the Network Neighbourhood properties on each of your Windows PCs. Instead, you can simply set each PC to “Obtain an IP address automatically” (see Fig.10) and dhcpd will www.siliconchip.com.au You should see this: dhcpd 0:off 1:off 2:off 3:on 4:off 5:off 6:off If you see 3:off, then type chkconfig --level 3 dhcpd on Alternatively, if you are booting to run level 5 (ie, to the GUI), substitute “35” for the “3” in the above line. One more thing you must do, is modify the /etc/rc.d/ init.d/dhcpd start-up file to make sure it only uses eth0 (or eth1 if that connects to your internal network). By default, dhcpd attempts to use all network cards and so will refuse to start because there is no configuration for the eth1 network. Note also that you specifically don’t want dhcpd to use eth1 – your ISP would not be amused if you started supplying IP addresses in competition with them! Edit the /etc/rc.d/init.d/dhcpd file and look for a line that contains “daemon /usr/sbin/dhcpd” – it’s just after the December 2002  61 COMPUTERS: Linux Name & DHCP Servers “start() {“ line. Append <space>eth0 to it so that it looks like this (see also Fig.7): daemon /usr/sbin/dhcpd eth0 That will force dhcpd to use eth0 only. Don’t forget to change eth0 to eth1 if eth1 connects to your internal network and eth0 goes to the cable modem. Creating dhcpd.conf You now need to create a /etc/dhcpd.conf file, which will not exist. You can either type this in yourself or download it from the SILICON CHIP website and modify it to suit. If you do type it in, be careful as the curly brackets and semi-colons are important. The spacing can either be multiple spaces or tabs to make it neat. The file should look like this: subnet 192.168.0.0 netmask 255.255.255.0 { range 192.168.0.1; range 192.168.0.3 192.168.0.99; option subnet-mask 255.255.255.0; option broadcast-address 192.168.0.255; option routers 192.168.0.2; option domain-name-servers 192.168.0.2; option domain-name “qld.optushome.com.au”; option netbios-node-type 8; # ddns-update-style ad-hoc; # 86400 is one day, 2592000 is 30 days max-lease-time 86400; default-lease-time 86400; } The subnet statement tells dhcpd what network to set up. Usually, your network mask will be 255.255.255.0, in which case the fourth number in the subnet will always be 0. The line here is correct for a 192.168.0.x network. If yours is 192.168.1.x, for example, then change the 192.168.0.0 to 192.168.1.0 and the option broadcast-address line to 192.168.1.255. If you have several subnets on your PC, you must have a subnet statement for each one or dhcpd will not start. You can have absolutely nothing between the { }’s if you don’t want IP addresses doled out but the subnets must exist. This is a problem with network cards configured with dhcpcd. In this case, you must specify what interfaces you want dhcpd to use on its command line (it defaults to all). The range lines tell dhcpd what IP addresses it can assign to your Windows PCs. In the configuration here, it can assign 192.168.0.1 and IP addresses ranging from 192.168.0.3 to 192.168.0.99. Note that 192.169.0.2 has been excluded here, as this is the fixed IP assigned to the Linux gateway. Of course, you can change the address range to suit your own needs and you can have as many range statements as you re­quire. The ddns-update-style ad-hoc line is only necessary for the very latest versions of dhcpd. It's commented out here. Remove the comment (ie, the “#” symbol) if it’s required. Option lines The option lines determine other networking parameters that are to be assigned to your Windows PCs. Note that most of this information would otherwise have to be manually entered into every PC on the network if you weren’t using dhcpd. Let’s take a closer look at some of the various option lines and, where applicable, their corresponding entries in Network Neigh­bourhood: (1) option routers is the gateway address. (2) option domain-name-servers is the DNS IP address. Note that if you are not using named, then you will need to enter both IP addresses in the /etc/resolv.conf file here (separated by commas); eg, option domain-name-servers 203.2.75.132, 198.142.0.51 ; (3) option domain-name is the information that you would other­wise have to manually assign to the Domain field at the DNS tab in TCP/IP Properties. It’s the same as the domain line in /etc/resolv.conf and is usually your ISP’s domain name unless, of course, you have a private domain name. This is the one thing you will have to change in /etc/dhcpd.conf if it ever changes but it is highly unlikely that it will change. (4) option netbios-node-type is for Windows Netbios and is simply left at 8. (5) max-lease-time and default-leasetime are usually left at the values shown. The numbers are both in seconds and set the time that the Windows boxes will wait before requesting updated infor­ mation from the DHCP server. Note: Windows, unlike Linux, will not update the information on restart – it only updates when the lease period expires. I made mine one day (86400 seconds) Fig.7: use a text editor to modify the /etc/rc.d/init.d/dhcpd file as shown here in case the Optus information ever does – ie, append “eth0” after “daemon /usr/sbin/dhcpd” (no quote marks). 62  Silicon Chip www.siliconchip.com.au as the other Windows PCs (ie, the “clients”) on the network. Don’t forget to uninstall ICS from the retired Windows gateway box, otherwise you will end up with competing DHCP serv­ers. You can also remove the network card that was connected to the cable modem from this box (leaving just the local area network card), although that’s not really necessary. However, it’s probably best to remove the surplus card to avoid confusion. The procedure is to first remove the card’s driver from Device Manager before powering the machine down and removing the card itself Fig.8: once the DHCP server is operating, typing cat /var/lib/dhcp/dhcpd. from the motherboard. leases lets you see which IP addresses have been assigned to the various If you only had one Windows machine Windows PCs on the network. The lease periods are also shown. (ie, just one machine connected to the cable change but you could make it longer. It doesn’t really modem), then it will already be set up to matter how long or short you make it. obtain its IP address (and other information) automatically. Once you have created your /etc/dhcpd.conf file there Alternatively, if you were running ICS, then the machine is one last thing you need to do. You must create a file connect­ed to the cable modem will have a fixed local called /var/lib/dhcp/dhcpd.leases. This initially doesn’t network address. This must be altered so that the machine contain any­thing but it must exist or dhcpd will not start! obtains its IP address automatically. The command To to that, just follow this procedure: (1) right-click the Network Neighbourhood icon on the touch /var/lib/dhcp/dhcpd.leases PC’s desk­top, then left-click Properties in the drop-down list to bring up the Network properties dialog box. is the easiest way to create it. Note, however, that some (2) Select the TCP/IP entry for the network card and click Linux distributions require this file to be in a different the Properties button to bring up the TCP/IP Properties location (eg, in the /var/state/dhcp folder). If you get an box – see Fig.10. error message concerning this file when you attempt to (3) In the IP Address tab, select “Obtain an IP address start DHCP, simply create the file in the location indiautomati­cally”. cated. That’s it – provided you have both dhcpd and named That done, you need to start the DHCP server by running on the Linux box, that’s all you have to do here. typing: Note that there should be no entries under the Gateway and DNS Configuration tabs. Clear any entries if they are there and select “Disable DNS” under the DNS Configu/usr/sbin/dhcpd eth0 ration tab. Alternatively, if you don’t have named installed, then Alternatively, simply rebooting the Linux box will you will have to select “Enable DNS” and manually enter automat­ically start the DHCP server (and named) but, the IP ad­dresses of your ISP’s DNS servers under the DNS hey, this is Linux – you generally don’t need to reboot to Configuration tab. get things going. Check that your other Windows PCs are set up the same Once dhcpd has started and assigned IP addresses to way. the Windows boxes, you can examine the contents of the dhcpd.leases file (ie, type cat /var/lib/dhcp/dhcpd. Renewing leases leases). This lets you see which IP addresses, etc have been assigned to the various PCs (Fig.8). Note that you It will also be necessary to renew the IP address leases may also see the same PC in the file more than once. on any of the Windows boxes that were previously set up This is normal, as dhcpd keeps appending to it and every to obtain an IP address automatically (eg, in an Internet so often clears it out. The one thing you NEVER do is Connection Sharing set-up). To do this, first make sure that modify this file! all machines (including the Linux gateway) are connected to the network. That done, go to each Windows machine, Setting up the Windows PCs click Start, Run, type in winipcfg and click OK to bring up the dialog box shown in Fig.9. At this stage, you will have a Linux PC that functions as an Internet gateway (via a cable modem), as a DHCP Now select the network card, then click the Release server and as a name server. This means that it can be button followed by the Renew button (the system used to replace an existing Windows PC with Internet might hang if you don’t click release first). That’s all Connection Sharing (if you have one set up). This Winyou have to do – click OK and you won’t even have to dows machine is then reconfigured in the same manner reboot! www.siliconchip.com.au December 2002  63 COMPUTERS: Linux Name & DHCP Servers Corrections To Previous Stuff In the panel on page 43 last month, the gateway address (ie, for the Linux box) is incorrectly listed in several places as 192.168.0.1. This gateway address should be 192.168.0.2. This means that Fig.3 should show an IP address of 192.168.0.3 and subsequent PCs on the network should be assigned IP addresses of 192.168.0.4, 192.168.0.5, etc (assuming that fixed IP addresses are to be assigned). Similarly, Fig.4 should show the installed gateway address as 192.168.0.2. Finally, the IP addresses shown for the “DNS Server Search Order” in Fig.5 should be the same as listed in /etc/resolv.conf on the Linux box. For the example given, the correct entries would be 203.2.75.132 and 198.142.0.51 (not 192.168.54 and 192.168.54.37). Of course, you don’t have to worry about any of this if you set up both named and dhcpd on the Linux box as described in this article. That’s because all the necessary networking information is dynamically assigned to the Windows PCs. Manual network setup If you don’t have dhcpd installed on the Linux gateway, then you will have to configure the TCP/IP set-up on each of the Windows PCs yourself. Here’s the step-by-step procedure: (1) Take a quick look at the /etc/resolv.conf file on the Linux gateway with the cable modem connected to it (and obviously with the modem connected to the Internet) and note down the contents of this file. Disconnect the cable modem from the Internet as soon as you have this information (you don’t have a firewall yet). (2) Go to the TCP/IP Properties dialog box on each Windows PC in turn, click the “Specify an IP address button” and enter a unique IP address (eg, 192.168.0.3, 192.168.0.4, etc) and a Subnet Mask of 255.255.255.0 – see Fig.9: running winipcfg tells you the IP address that has been doled out to that machine by the DHCP server. This utility can also be used to release and renew IP leases. Fig.11. Don’t use 192.160.0.2 – that’s already been assigned to the Linux gateway. (3) Click the Gateway tab and enter the IP address of the Linux gateway PC (192.168.0.2), then click the Add button. (4) Click the DNS tab, click Enable DNS and enter the name of the individual Windows PC as the Host name (you can get this name by clicking the Identification tab in the Network properties dialog box). Similarly, enter the domain name in the Domain field (this is the name that appears after the word “domain” in the /etc/resolv.conf file on the Linux box). If you installed named on the Linux gateway, just enter the IP address of the Linux gateway (192.168.0.2) in the DNS Server Search Order field and click the Add button. Alternatively, if you did not install named, then you must enter the IP addresses listed after the nameserver lines in /etc/resolv.conf (note: these are the IP addresses of your ISPs domain name servers). Don’t forget to click the Add button after each one is entered. That’s it – your Windows boxes are all set up! Click the OK buttons to close the TCP/IP Properties and Network dialog boxes, then reboot the machines when prompted to do so. Now, your Wind­ows PCs should be able to browse the Internet and send and re­ceive email but don’t stay connected for more than a minute or so if you don’t have a firewall. Troubleshooting The most likely problem you will encounter is that your Windows PCs have trouble obtaining an IP address or there are IP address conflicts. This can easily occur if any or all of your Windows PCs have fixed IP addresses and you have installed dhcpd on the Linux gateway. In that case, you must take either of two steps: (1) Either change the Windows PCs so that they obtain their IP addresses automatically (the easiest solution); or (2) Ensure that the range of IP addresses in the /etc/dhcpd.conf file on the Linux box excludes the fixed addresses assigned to the Windows PCs. If you have a second Linux PC on the network, then presum­ably it will have a fixed IP address. In this case, copy the /etc/resolv.conf from the Linux gateway PC to overwrite the one on this second Linux PC. Provided you’ve installed named on the Linux gateway PC, you can now replace the nameserver lines in /etc/resolv.conf on the second Linux PC with one nameserver line that contains the IP address of the Linux gateway. The other thing you must do on the second Linux PC is edit the /etc/sysconfig/network file and either change the existing GATEWAY line or add one to point to the Linux gateway PC as follows: GATEWAY=192.168.0.2 Note that you do not need to enable IP forwarding in /etc/sysctl.conf on this second machine. After these changes, you will have to restart the 64  Silicon Chip www.siliconchip.com.au How To Set Up Your Windows PCs . . . (1) Named & DHCP Both Running Fig.10: this is the easiest of the lot – you just set the system to “Obtain an IP address automatically” and leave the Gateway and DNS Configuration entries blank. (2) Named Running But No DHCP Fig.11: in this case, you have to assign each Windows PC a unique fixed IP address and a subnet mask of 255.255.255.0. In addition, the Linux gateway address (192.168.0.2) must be entered into both the Gateway and DNS Configuration dialog boxes and you have to enter the name of the computer (ie the host name) and the domain name (qld.optushome.com.au). The setup is almost the same if neither named nor DHCP are running. The difference is that you have to enter the IP addresses of the two nameservers (found in /etc/resolv.conf) into the DNS Configuration instead of just the gateway IP. network­ing on the second Linux PC (or reboot it). Alternatively, if you have installed dhcpd on the Linux gateway PC, you could configure the network card in the second Linux box to use dhcpcd (instead of assigning it a fixed IP address). If you do this, you don’t need to bother changing /etc/sysconfig/network or /etc/resolv.conf at all. Basically, the network card in the second Linux box is www.siliconchip.com.au configured the same way as the modem network card in the Linux gateway PC. In this case, however, the DEVICE line should point to eth0 and the PCs own name should be used for the DHCP_HOSTNAME. However, before you rush in, you need to set up a firewall on the Linux gateway PC. If you don’t, someone “out there” could take over your fancy new network. We’ll take SC a look at firewalls in Pt.3 next month. December 2002  65