Setting up local networking

IP addressing

Our internal network should use a network address from one of the ranges that have been set aside for private networks in RFC1918.

The addresses suitable are:

For this document we're using 192.168.33.0/24 as our local network.

It's traditional to put routers, gateways, etc in a block at the top or bottom of the network address range. For this server we're using 192.168.33.1. To achieve this /etc/hostname.if has a single entry:

inet 192.168.33.1 255.255.255.0 NONE

DHCP

Clients on the internal network need an appropriate IP address. We provide this, along with other information on the network configuration. DHCP provides a way of centrally configuring the information and getting it to the clients on the network. The DHCP daemon must be enabled by editing /etc/rc.conf as described in the comments in rc.conf.

The DHCP daemon has it's configuration in /etc/dhcpd.conf. For a basic configuration something like this will do:

subnet 192.168.33.0 netmask 255.255.255.0 {
        default-lease-time 86400;
        max-lease-time 604800;
        option domain-name "home.net";
        option domain-name-servers 192.168.33.1;
        option routers 192.168.33.1;
        range 192.168.33.65 192.168.33.126;
}

The lease time is set to a minimum of one day (86400 seconds) and a maximum of one week (604800 seconds). On a small network with little activity in the way of hosts coming and going there is no need to have short lease lengths.

The domain name options point to the nameserver that will be set up next.

The router option is only needed if access to the Internet is going to be enabled with NAT. It doesn't hurt to have it even if it is not being used.

The range is is set to 192.168.33.64/26 to allow it to be easily specified in case we want to apply firewall rules just to the DHCP clients.

DNS

We will need basic DNS services for the local network. DNS configuration files are in /var/named. We will need to add some lines to /var/named/etc/named.conf, and create two zone files in /var/named/master.

Add to the section of /var/named/etc/named.conf that describes the options:

        forward only;
        forwarders { 202.37.66.18; 202.37.66.19; 202.14.102.2; };

Substitute the nameserver(s) that your ISP supplies for these examples in your named.conf. If there is more than one nameserver, a semicolon seperated list is required.

Towards the end of named.conf is the section describing the master zones. Add two master zones, one for name to number and one for number to name.

zone "home.net" {
        type master;
        file "master/home";
};
zone "33.168.192.in-addr.arpa" {
        type master;
        file "master/home.rev";
};

In /var/named/master create two files, home.rev and home. These will be the zone files for the internal network.

In /var/named/namedb/home.rev:

$ORIGIN 33.168.192.in-addr.arpa.
$TTL 6h
@       IN      SOA     gateway.home.net. admin.gateway.home.net.  (
                                1       ; Serial
                                3600    ; Refresh
                                900     ; Retry
                                3600000 ; Expire
                                3600 )  ; Minimum
        IN      NS      gateway.home.net.
1       IN      PTR     gateway.home.net.
65      IN      PTR     dhcp65.home.net.
66      IN      PTR     dhcp66.home.net.
67      IN      PTR     dhcp67.home.net.

In /var/named/namedb/home:

$ORIGIN home.net.
$TTL 6h
@ IN SOA gateway.home.net. admin.gateway.home.net. (
                1          ; serial
                3600       ; refresh
                900        ; retry
                3600000    ; expire
                3600 )     ; minimum
        IN      NS      gateway
localhost IN	 A       127.0.0.1
gateway  IN      A       192.168.33.1
proxy    IN      CNAME   gateway
dhcp65   IN      A       192.168.33.65
dhcp66   IN      A       192.168.33.66
dhcp67   IN      A       192.168.33.67

Make sure named is enabled in /etc/rc.conf.

The DNS client configuration file, /etc/resolv.conf, should look like this:

search home.net
nameserver 127.0.0.1

What you should end up with is a nameserver that will service all local hosts with local information. If it gets a query about a remote host it will forward the request to the ISPs nameserver(s). When the ppp link is down, the request will time out and the query will fail with "host or domain doesn't exist". When the link is up the request will should succeed in the normal manner.

When a host is added to the network, it's good practise to make appropriate entries in both zone files. If you want a host to have several names, add a CNAME entry to the 'home' zone file. Each time a change is made to a zone file, change the serial number and use

rndc reload

to get the name server to load up the changes.

Philip Plane <philip@xinqu.net>