dhcp "dhcpd_ifaces" question.

Gary Kline kline at thought.org
Sun May 23 15:31:01 PDT 2004 

On Mon, May 24, 2004 at 06:34:58AM +0900, Rob wrote:
> Gary Kline wrote:
> >	To any network wizards on-list,
> >
> >	I'm just tidying up dhcp and namedb files and would like
> >	to know what strings to put after this:
> >
> >	dhcpd_ifaces=                           # ethernet interface(s)
> >
> >	I'm assuming it should be "dc0 dc1" but would like to make
> >	sure.  If it would be just as well to leave it blank and
> >	let dhcpd figure it out, please advise.  (In my old config
> >	file $IFACES wasn't defined.)
> 
> I have dhcpd configured; I'm not using named, so I don't know about that.

	The reason I broughtup named is that whenever I tried to
	"start|restart" dhcp there were a slew of errs from 
	named[`pid`] that showed named failing.  By itself, starting
	or restarting named was *fine*.  This is obviously one of
	those csmic mysteries...

> 
> As far as I know, you can use dhcpd_ifaces to limit the DHCP service to only
> one interface (provided you have more than one interface on your system).
> 
> I have rl0 and rl1, where rl0 is on the out-side internet, and rl1 on the
> internal network (with IP 10.0.0.1). I only want DHCP server for internal
> network: I therefore have in /etc/rc.conf:
> 
>   dhcpd_ifaces="rl1"
> 
> However, when you look at netstat output, dhcpd is still listening to all
> interfaces, which may have some security risks. To further limit this, you
> probably need a extra global line in /usr/local/etc/dhcpd.conf :
> 
>   local-address 10.0.0.1;
> 
> Then you get a netstat output like this:
> 
>   udp4       0      0  10.0.0.1.bootps        *.*
> 

	I understandmost of wshat you're saying.  I have the same
	10.0.0.N private net as you so I can (thankfully:) just
	cut&paste.  Can you tell me what might happen in I added
	"dc0" to my dhcp_interfaces??  I have no clue how this 
	could pose a security risks but I'm more than ready to
	take your word for it.  --There really are a few sleazeballs
	out there.--

	thank you much,


	gary



-- 
   Gary Kline     kline at thought.org   www.thought.org     Public service Unix

More information about the freebsd-questions mailing list