Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

[solved] dhcp and dns on firewall or in dmz?
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
glurps
Apprentice
Apprentice


Joined: 11 Mar 2004
Posts: 292
PostPosted: Sun Oct 01, 2006 9:59 am    Post subject: [solved] dhcp and dns on firewall or in dmz? Reply with quote
i am about to setup a proper local network at home. there will be a firewall with 5 interfaces and a server.

Code:

               /---dmz    10.0.0.0/24 (web, mail, gentoo rsync, local filesharing, more later)
               |---local1 10.0.1.0/24 (my machine)
net---firewall-|---local2 10.0.2.0/24 (other people living with me)
               \---local3 10.0.3.0/24 (other local network not administered by me)


my question is if i should put dhcp and dns server on the firewall or in the dmz. later improves security but it also makes configuration more complicated.

i am using shorewall as firewall. i can only find instructions how to install dhcp on the firewall or pass dhcp requests through incase the firewall functions as a bridge. however what i have in mind is a router.

can a dhcp server asign ip addresses in a address range that is different from the interface on which it receives the request? i do want to keep the different networks in different ip ranges so i believe arp proxying isnt really an alternative.

Last edited by glurps on Fri Oct 06, 2006 11:58 pm; edited 1 time in total
Back to top
View user's profile Send private message
think4urs11
Bodhisattva
Bodhisattva


Joined: 25 Jun 2003
Posts: 6659
Location: above the cloud
PostPosted: Sun Oct 01, 2006 10:31 am    Post subject: Re: dhcp and dns on firewall or in dmz? Reply with quote
glurps wrote:
can a dhcp server asign ip addresses in a address range that is different from the interface on which it receives the request? i do want to keep the different networks in different ip ranges so i believe arp proxying isnt really an alternative.
You need something like dhcrelay
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself
Back to top
View user's profile Send private message
glurps
Apprentice
Apprentice


Joined: 11 Mar 2004
Posts: 292
PostPosted: Sun Oct 01, 2006 11:20 am    Post subject: Re: dhcp and dns on firewall or in dmz? Reply with quote
thx

Think4UrS11 wrote:
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself


:wink:
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy