26.1 Configuring a DHCP Server with YaST

To install a DHCP server, start YaST and select Software > Software Management. Choose Filter > Patterns and select DHCP and DNS Server. Confirm the installation of the dependent packages to finish the installation process.

IMPORTANT: LDAP Support

The YaST DHCP module can be set up to store the server configuration locally (on the host that runs the DHCP server) or to have its configuration data managed by an LDAP server. If you want to use LDAP, set up your LDAP environment before configuring the DHCP server.

For more information about LDAP, see Section 4.0, LDAP—A Directory Service, (↑Security Guide).

The YaST DHCP module (yast2-dhcp-server) allows you to set up your own DHCP server for the local network. The module can run in wizard mode or expert configuration mode.

26.1.1 Initial Configuration (Wizard)

When the module is started for the first time, a wizard starts, prompting you to make a few basic decisions concerning server administration. Completing this initial setup produces a very basic server configuration that should function in its essential aspects. The expert mode can be used to deal with more advanced configuration tasks. Proceed as follows:

  1. Select the interface from the list to which the DHCP server should listen and click Select. After this, select Open Firewall for Selected Interfaces to open the firewall for this interface, and click Next. See Figure 26-1.

    Figure 26-1 DHCP Server: Card Selection

  2. Use the check box to determine whether your DHCP settings should be automatically stored by an LDAP server. In the entry fields, provide the network specifics for all clients the DHCP server should manage. These specifics are the domain name, address of a time server, addresses of the primary and secondary name server, addresses of a print and a WINS server (for a mixed network with both Windows and Linux clients), gateway address, and lease time. See Figure 26-2.

    Figure 26-2 DHCP Server: Global Settings

  3. Configure how dynamic IP addresses should be assigned to clients. To do so, specify an IP range from which the server can assign addresses to DHCP clients. All these addresses must be covered by the same netmask. Also specify the lease time during which a client may keep its IP address without needing to request an extension of the lease. Optionally, specify the maximum lease time—the period during which the server reserves an IP address for a particular client. See Figure 26-3.

    Figure 26-3 DHCP Server: Dynamic DHCP

  4. Define how the DHCP server should be started. Specify whether to start the DHCP server automatically when the system is booted or manually when needed (for example, for testing purposes). Click Finish to complete the configuration of the server. See Figure 26-4.

    Figure 26-4 DHCP Server: Start-Up

  5. Instead of using dynamic DHCP in the way described in the preceding steps, you can also configure the server to assign addresses in quasi-static fashion. Use the entry fields provided in the lower part to specify a list of the clients to manage in this way. Specifically, provide the Name and the IP Address to give to such a client, the Hardware Address, and the Network Type (token ring or Ethernet). Modify the list of clients, which is shown in the upper part with Add, Edit, and Delete from List. See Figure 26-5.

    Figure 26-5 DHCP Server: Host Management

26.1.2 DHCP Server Configuration (Expert)

In addition to the configuration method discussed earlier, there is also an expert configuration mode that allows you to change the DHCP server setup in every detail. Start the expert configuration by clicking DHCP Server Expert Configuration in the Start-Up dialog (see Figure 26-4).

Chroot Environment and Declarations

In this first dialog, make the existing configuration editable by selecting Start DHCP Server. An important feature of the behavior of the DHCP server is its ability to run in a chroot environment or chroot jail, to secure the server host. If the DHCP server should ever be compromised by an outside attack, the attacker will still be behind bars in the chroot jail, which prevents him from touching the rest of the system. The lower part of the dialog displays a tree view with the declarations that have already been defined. Modify these with Add, Delete, and Edit. Selecting Advanced takes you to additional expert dialogs. See Figure 26-6. After selecting Add, define the type of declaration to add. With Advanced, view the log file of the server, configure TSIG key management, and adjust the configuration of the firewall according to the setup of the DHCP server.

Figure 26-6 DHCP Server: Chroot Jail and Declarations

Selecting the Declaration Type

The Global Options of the DHCP server are made up of a number of declarations. This dialog lets you set the declaration types Subnet, Host, Shared Network, Group, Pool of Addresses, and Class. This example shows the selection of a new subnetwork (see Figure 26-7).

Figure 26-7 DHCP Server: Selecting a Declaration Type

Subnet Configuration

This dialog allows you specify a new subnet with its IP address and netmask. In the middle part of the dialog, modify the DHCP server start options for the selected subnet using Add, Edit, and Delete. To set up dynamic DNS for the subnet, select Dynamic DNS.

Figure 26-8 DHCP Server: Configuring Subnets

TSIG Key Management

If you chose to configure dynamic DNS in the previous dialog, you can now configure the key management for a secure zone transfer. Selecting OK takes you to another dialog in which to configure the interface for dynamic DNS (see Figure 26-10).

Figure 26-9 DHCP Server: TSIG Configuration

Dynamic DNS: Interface Configuration

You can now activate dynamic DNS for the subnet by selecting Enable Dynamic DNS for This Subnet. After doing so, use the drop-down list to choose the TSIG keys for forward and reverse zones, making sure that the keys are the same for the DNS and the DHCP server. With Update Global Dynamic DNS Settings, enable the automatic update and adjustment of the global DHCP server settings according to the dynamic DNS environment. Finally, define which forward and reverse zones should be updated per dynamic DNS, specifying the name of the primary name server for each of the two zones. Selecting OK returns to the subnet configuration dialog (see Figure 26-8). Selecting OK again returns to the original expert configuration dialog.

Figure 26-10 DHCP Server: Interface Configuration for Dynamic DNS

Network Interface Configuration

To define the interfaces the DHCP server should listen to and to adjust the firewall configuration, select Advanced > Interface Configuration from the expert configuration dialog. From the list of interfaces displayed, select one or more that should be attended by the the DHCP server. If clients in all subnets need to be able to communicate with the server and the server host also runs a firewall, adjust the firewall accordingly. To do so, select Adapt Firewall Settings. YaST then adjusts the rules of SuSEfirewall2 to the new conditions (see Figure 26-11), after which you can return to the original dialog by selecting OK.

Figure 26-11 DHCP Server: Network Interface and Firewall

After completing all configuration steps, close the dialog with OK. The server is now started with its new configuration.