Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Should I limit DHCP addresses?
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
grant123
Veteran
Veteran


Joined: 23 Mar 2005
Posts: 1099
PostPosted: Mon Sep 23, 2024 8:32 pm    Post subject: Should I limit DHCP addresses? Reply with quote
I use a Gentoo router and there are a certain number of devices in my network that use DHCP to get an IP address so I only make enough DHCP IPs available for each of them to have one. Sometimes one of the devices can't get an IP and I can see on the router that another one of the devices grabbed/reserved several of them. I'm not sure yet if it grabs a new IP each time it reboots or maybe each time it updates and then reboots. I thought about looking into fixing the device that grabs more than one but is that the right solution? Should my DHCP server be resilient against this sort of behavior by being willing to provide some greater number of IPs? Am I gaining anything security-wise by only making enough IPs available for each of the devices?
Back to top
View user's profile Send private message
Ralphred
Guru
Guru


Joined: 31 Dec 2013
Posts: 574
PostPosted: Mon Sep 23, 2024 9:42 pm    Post subject: Reply with quote
From a security perspective, only having "just enough addresses" isn't as good as adding
Code:
pool {
    range [start ip] [end ip];
    deny unknown-clients; #<<this
    host [hostname1] { hardware ethernet [mac address1]; } #<<and these to identify allowed clients
    host [hostname2] { hardware ethernet [mac address2]; }
  }#endpool
into your pool definition, but I'm pretty strict about what gets an IP and what doesn't - normally if you aren't a "know host" you don't get one.
I have a #'d out pool in the middle of the subnet that does allow unknown hosts for when I have guests, add new hardware or am feeling lazy etc.

You should find that if you increase the lease time of the pool (for at least as long as you have things "switched off" normally) you'll end up with a "semi-fixed ip address assignment", as something rebooting will just get it's old address rebound. But if you have a specific device that's giving you grief just use
Code:
    host hostname {
      hardware ethernet xx:xx:xx:xx:xx:xx;
      fixed-address aaa.bbb.ccc.ddd;
    }
and make it pre-assigned so it doesn't pollute the "free" section of the pool.

I actually use my dhcpd.conf as the "authoritative source" of what is on my network, so it's full of comments and descriptions, and I'm pretty obsessive about updating it for that reason.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy