This post continues from Part 1: Network Interfaces

Unless you hate yourself enough to assign static IPs to every device on your LAN, you're going to need DHCP. When a client connects to the LAN DHCP will automagically give them an IP address and configure their network settings for you.

DHCP is magic

Configuration

There are a few different DHCP packages out there. For this set up we're going to use isc-dhcp-server which seems to be the new norm for Ubuntu. Install it with:

$> sudo apt-get install isc-dhcp-server

Next, edit /etc/default/dhcpd.conf to configure which interface the DHCP server should listen on. My LAN interface is enx0050b617c34f so mine looks like this:

# /etc/default/dhcpd.conf
INTERFACES="enx0050b617c34f"

The last step is to edit the server's configuration file in /etc/dhcp/dhcpd.conf. Here's what my configuration looks like, I've commented on each line to explain what it does:

# /etc/dhcp/dhcpd.conf

# Disable DDNS updating. DDNS can associate a dynamic IP,
# like what your modem gives your router, with a domain
# name. I'll talk more about this later.
ddns-update-style-none;

# Domain name given to clients. Can be anything that makes
# you happy.
option domain-name "my.router";

# DNS server that will be advertised to clients. Clients
# will use this DNS server for resolving domain names. In
# this case its Google's public DNS.
option domain-name-servers 8.8.8.8, 8.8.4.4;

# How long clients are allowed to hold onto an IP address
# before checking in with the DHCP server again.
default-lease-time 600;
max-lease-time 7200;

# This DHCP server is the authoritative source for IP
# addresses. It runs shit, use the IP it gives you or else.
authoritative;

# Logging.
log-facility local7;

# IMPORTANT PART. This block tells the DHCP server which
# IP addresses it can allocate to clients. This subnet and
# netmask block says there are some addresses to allocate
# from in the 192.168.0.0/24 block.
subnet 192.168.0.0 netmask 255.255.255.0 {

    # Tells the DHCP server it can hand out IPs from the
    # range 192.168.0.100 to 192.168.0.250. If you do the
    # math, that means there are 150 (or maybe 151?, I don't
    # know if its inclusive) addresses available for clients.
    # You can make the range bigger if you have more than
    # that many clients on your LAN. Why not start at
    # 192.168.0.1? I'll get to that in the next section.
    range 192.168.0.100 192.168.0.250;

    # These two options should be the same as what your
    # configured in /etc/network/interfaces
    option subnet-mask 255.255.255.0;
    option broadcast-address 192.168.0.255;

    # The IP address of the router clients should send their
    # traffic to. This should be the same as the static IP
    # address your configured for the router in
    # /etc/network/interfaces.
    option routers 192.168.0.1;
}

Finally, restart the DHCP server so the new configuration will take effect and enable it so that it will start automatically on boot:

$> sudo systemctl restart isc-dhcp-server
$> sudo systemctl enable isc-dhcp-server

Now for the moment of truth, connect a client to the LAN port of the router. If everything is working properly it should ask for an IP address over DHCP, the router should give it one, and the client should be able to access the internets. If it doesn't work then you must have fucked something up. You can try

$> sudo systemctl status isc-dhcp-server

to make sure it's running and

$> sudo journalctl -u isc-dhcp-server

to check the logs. Check the configs again, reboot the router, break out tcpdump if needed, but don't continue until things are working properly.

(Optional) Reserved IPs

So DHCP is great because you don't have to configure each and every client on your LAN. Things "just work". But the downside is that there are no guarantees about which IP address will be given to which client. If you have a server on your network (HTTP, SSH, whatever) this becomes a royal pain in the ass. Every time you try and hit the server it has a different IP. This is where those unallocated IP addresses in the DHCP configuration come in handy. In the config above, anything from 192.168.0.2 to 192.168.0.99 are not used by the DHCP server. You could go into your server and configure it with a static IP address in that range, or you could just tell the DHCP server to always give out the same address to that client. Configuring a reserved IP means no configuring static IPs on the client, and keeps all the configuration centralized. To configure a reserved IP add a block like this to the bottom of /etc/dhcp/dhcpd.conf:

host myserver {
    hardware ethernet 00:11:22::33::44::55;
    fixed-address 192.168.0.10;
}

This says that whenever a client with MAC address 00:11:22:33:44:55 asks for an IP address, give it 192.168.0.10. To find the MAC you can either use $> ip link on the client like this:

$> ip link
...
3: eth0: ...
    link/ether 11:22:33:44:55:66 ...
...

Or if you know the client's current IP address, ping it and then check the output of $> ip neigh:

$> ping -c 1 192.168.0.42
...
$> ip neigh
...
192.168.0.42 dev lan0 lladdr 11:22:33:44:55:66 REACHABLE
...

Restart the DHCP server with

$> sudo systemctl restart isc-dhcp-server

for the new settings to take effect. Next time that client asks for an IP it will be assigned the reserved IP.

Now, even though your new router may be working I don't recommend using it just yet. By default it will accept traffic from anywhere and from anyone. That means anyone with internet access has an open door into your network. In the next post we'll look at how to lock it down with a secure firewall.

Other Posts in This Series