Re: dhcpd gateway settings

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tim:
>> It doesn't *have* to be the gateway to do that.  It can merely be a
>> server on the LAN.
>         
Aaron Gray:
> It needs to be a DHCP server to serve the BOOTP protocol. Also I need
> to access HTTP to do netboot.

Yes, but it doesn't actually have to be the gateway.  The DHCP server
only needs to be accessible, somehow, on the network.  The IPs it gives
out, either with DHCP or BOOTP can be for any machine on the network
that can be a gateway.

But anyway, I think that's probably digressing from the problem.  I was
just pointing out that the DHCP/BOOTP server only has to be the source
of configuration information.
>         
>> If the computers on the 192.168.0 and 192.168.1 subnets are actually
>> sharing a switch/router where they can directly talk to each other,
>> then they don't need something acting as a gateway.  And you could
>> change the netmask to 255.255.0.0.

> Yes but it would not be separately serving DHCP on 192.168.1.x.

A single server can still do that...  You configure a server to give a
certain response to machines from one place, and another response to the
rest.  Or, you have specific configurations for each machine configured
in the server.


>> It all depends on whether you're trying to enforce a segregation, or
>> just get two different IP address ranges communicating together.

> Just to allow 192.168.1.x to have access to the internet. 

Well, it seems like you're going about it the hard way, then.  If you're
just trying to give access to everything, then I'd have one gateway that
they're all networked to.

My own home LAN consists of various machines, with everything connected
to network switches.  The gateway to the WWW is the ADSL modem/router,
but that's all it does.  A PC on my LAN is a DHCP server, doling out IPs
to other PCs and devices, informing them of the gateway address (the
modem/router), and the DNS server address (the same PC as the DHCP
server, though it doesn't have to be).



>> I have to wonder why do you want 192.168.XXX. subnetting, then?
>> If it's not actually separated by hardware, you can't *enforce*
>> separate networks just by putting in different IPs.

> I am not too worried about that its a temporary thing just to allow
> PXE booting. 

Again, this sounds like you're going about it the hard way.  I see no
reason to need to have split subnets just to play with pixies.  They can
all be on the one subnet.

The only needs for subnetting are when you want to enforce segregation,
so you deliberately isolate parts of the network; or you already have
two isolated networks with one junction between them, and you need to
make them talk through each other.
 

>> Likewise, everything on the 192.168.1 subnet has to go through the
>> 192.168.1 gateway, and *that* gateway has to have access to whatever
>> it needs (e.g. the WWW, if necessary).

> This is what I need to know how to set up.

Well, it sounds like you need to:

      * Test whether the gateway, itself, can access what it needs to
        (the WWW, and both sides of the subnet).
      * Test whether the clients can access the gateway (for testing
        purposes, it's handy to have a webserver on the gateway, so it
        can be "looked at").  For this test, I'd be hand-configuring the
        clients (telling them their own IPs, the gateway IP, the DNS
        server IPs).
      * Test what they can access through the gateway.

The gateway has to pass *everything* through, it has to connect the
traffic from one side to another (e.g. DNS queries have to go through to
a DNS server, HTTP connections have to be made through).  Usually, it
does this with NAT.  Ping is only one test tool you'd use, you'd use dig
to test DNS queries.

You should probably post DHCP/BOOTP configuration files, firewall rule
sets (of gateway and clients), for more eyes to have a look at them.


P.S.  Please do not post HTML emails to this list (including dual plain
text and HTML emails), it's not wanted for a plethora of reasons (which
will start a whole new debate, and possible flamefest, if you ask about
it on the list).  Just one of which is that it makes it a lot harder to
quote text when replying.


-- 
[tim@localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.



-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux