I am running shorewall for routing/firewall on my home network. I also have a dhcp server set up for this too. I have an internal LAN with IP subnet of 10.10.10.0/255 and a DMz with an IP subnet of 10.10.11.0/255. I have the internal LAN on eth1 connected to a cisco 2912XL Router. I have the DMz on eth2 connected to an officeconcect 10/100 Hub.
What I want is when a request is sent for an IP address on the internal lan, one to be assigned in the 10.10.10.0 range and when one is requested on the DMz one assigned in the 10.10.11.0 range is assigned.
What I tried to do was edit my /etc/dhcpd.conf like this:
DHCPARGS=eth1;
ddns-update-style ad-hoc;
default-lease-time 7000;
subnet 10.10.10.0 netmask 255.255.255.0 {
range 10.10.10.10 10.10.10.100;
option subnet-mask 255.255.255.0;
option broadcast-address 10.10.10.255;
option routers 10.10.10.254;
option domain-name-servers 10.10.10.254;
option domain-name "computerxpress.d2g.com";
}
DHCPARGS=eth2;
ddns-update-style ad-hoc;
subnet 10.10.11.0 netmask 10.10.11.255 {
range 10.10.11.1 10.10.11.10;
option subnet-mask 255.255.255.0;
option broadcast-address 10.10.11.255;
option routers 10.10.11.254;
}

Anyone have any ideas why this isn't working or what I need to change to make this work? Thanks.

I'm not sure what other problems you may be in for but look at your subnet masks. The first one is ok and the second one is way off.

subnet 10.10.10.0 netmask 255.255.255.0

subnet 10.10.11.0 netmask 10.10.11.255

That should be 10.10.11.0 netmask 255.255.255.0

Also, just to be picky you are stating the following incorrectly....
subnet of 10.10.10.0/255 and a DMz with an IP subnet of 10.10.11.0/255.
It is stated like this.....10.10.11.0/24 The 24 indicates that the mask of 255.255.255.0 uses three sets of 8 bits to equal 24. :)

Oh sorry, the subnet mask 10.10.11.255 is a typo. It is correct in the dhcpd.conf file. Does everything look like it should work though? Is that how the dhcpd.conf file should look like? Thanks.

Are you getting any error messages when your starting dhcpd??

I don't think the "DHCPARGS=" should be in that file...
RedHat uses that type of variable in the /etc/sysconfig/dhcpd file to supply command line starting options to dhcpd, like which interface to listen on. I'm not sure if it will accept more that one entry, for the second interface. (I know it will work with just a single interface stated)

What distro are you using?

With shorewall, you have the dhcp option defined in the /shorewall/interfaces file for both eth1 and eth2?

Originally posted by jumpedintothefire
Are you getting any error messages when your starting dhcpd??

I don't think the "DHCPARGS=" should be in that file...
RedHat uses that type of variable in the /etc/sysconfig/dhcpd file to supply command line starting options to dhcpd, like which interface to listen on. I'm not sure if it will accept more that one entry, for the second interface. (I know it will work with just a single interface stated)

What distro are you using?

With shorewall, you have the dhcp option defined in the /shorewall/interfaces file for both eth1 and eth2?

Yeah, I saw that the file /etc/sysconfig/dhcpd had the DHCPARGS= statement, but I didn't put anything in there, just in the dhcpd.conf file. Can I add a second entry to the /etc/sysconfig/dhpcd file like:
DHPCDARGS=eth1
DHCPDARGS=eth2
and then take the DHCPDARGS out of the dhcpd.conf file?

In /etc/shorewall/interfaces, I have both loc and dmz with dhcp

I edited the file /etc/sysconfig/dhcpd to look like this:

DHCPARGS=eth1
DHCPARGS=eth2

Then, I edited my /etc/dhcpd.conf to look like this:

ddns-update-style ad-hoc;
default-lease-time 7000;
subnet 10.10.10.0 netmask 255.255.255.0 {
range 10.10.10.10 10.10.10.20;
option subnet-mask 255.255.255.0;
option broadcast-address 10.10.10.255;
option routers 10.10.10.254;
option domain-name-servers 10.10.10.254;
option domain-name "computerxpress.d2g.com";
}

ddns-update-style ad-hoc;
default-lease-time 700;
subnet 10.10.11.0 netmask 255.255.255.0 {
range 10.10.11.1 10.10.11.10;
option subnet-mask 255.255.255.0;
option broadcast-address 10.10.11.255;
option routers 10.10.11.254;
option domain-name-servers 10.10.10.254;
}

It appears that it is listening on only one interface:
Jul 11 12:02:24 computerxpress dhcpd: Internet Software Consortium DHCP Server V3.0pl1
Jul 11 12:02:24 computerxpress dhcpd: Copyright 1995-2001 Internet Software Consortium.
Jul 11 12:02:24 computerxpress dhcpd: All rights reserved.
Jul 11 12:02:24 computerxpress dhcpd: For info, please visit http://www.isc.org/products/DHCP
Jul 11 12:02:24 computerxpress dhcpd: Internet Software Consortium DHCP Server V3.0pl1
Jul 11 12:02:24 computerxpress dhcpd: Copyright 1995-2001 Internet Software Consortium.
Jul 11 12:02:24 computerxpress dhcpd: All rights reserved.
Jul 11 12:02:24 computerxpress dhcpd: For info, please visit http://www.isc.org/products/DHCP
Jul 11 12:02:24 computerxpress dhcpd: Wrote 2 leases to leases file.
Jul 11 12:02:24 computerxpress dhcpd: Listening on LPF/eth1/00:e0:81:03:1a:2a/10.10.10.0/24
Jul 11 12:02:24 computerxpress dhcpd: Sending on LPF/eth1/00:e0:81:03:1a:2a/10.10.10.0/24
Jul 11 12:02:24 computerxpress dhcpd: Sending on Socket/fallback/fallback-net
Jul 11 12:02:24 computerxpress dhcpd: Wrote 2 leases to leases file.
Jul 11 12:02:24 computerxpress dhcpd: Listening on LPF/eth1/00:e0:81:03:1a:2a/10.10.10.0/24
Jul 11 12:02:24 computerxpress dhcpd: Sending on LPF/eth1/00:e0:81:03:1a:2a/10.10.10.0/24
Jul 11 12:02:24 computerxpress dhcpd: Sending on Socket/fallback/fallback-net
Jul 11 12:02:24 computerxpress dhcpd: dhcpd startup succeeded

I'm not sure how to tell dhcp to listen to requests on both eth1 and eth2???? Anyone have a solution to this? Thanks.

try:

DHCPARGS=eth1 eth2

or maybe:

DHCPARGS=eth1,eth2

The alternative is not to state the interface at all. Shorewall will block the other interface anyway