Firewalls as a
DHCP Client and Server
In this SOHO scenario, it’s likely that the perimeter
firewall would be a DHCP client on the outside interface, using PAT to allow
internal users to travel out through the router to either the Internet or a
corporate network. At the same time, it’s entirely possible that the firewall
could be providing IP addresses to users on the inside of the network if no
resident server exists to provide the feature.
This is, in fact, what happens with virtually all the small
perimeter routers manufactured by many vendors, which people are inserting
between their home computer systems and their cable or DSL connection. It could
be argued that, with a single LAN, the perimeter router is acting only as a
firewall and DHCP server/client because no actual routing is occurring. Because
most of these small routers rely on another device, such as a cable modem, to
prove a LAN (Ethernet) connection to the outside interface, there’s every reason
to think a true firewall device could be substituted and provide greater
protection.
The dhcpd auto_config Command
Use the dhcpd auto_config command to
enable PIX Firewall to automatically assign DNS, WINS, and domain name values
learned by the DHCP client (outside) to the DHCP server (inside). Any of these
auto_config parameters can be overridden by configuring
specific dns, wins, and domain parameters.
pix(config)#dhcpd auto_config [client_intf_name]pix(config)#no dhcpd
auto_config
This partial configuration shows an example of how to configure
the auto_config command to assign the DNS, WINS, and DOMAIN
parameters learned from the DHCP client interface (outside). Note that the
netmask of the inside interface is 255.255.254.0.
pix(config)#ip address outside dhcp setroute retry 10
pix(config)#ip address inside 192.168.1.1 255.255.255.0
pix(config)#dhcpd address 192.168.1.2-192.168.1.254
pix(config)#dhcpd auto_config
pix(config)#dhcpd enable
18 c r
Sections
Comments (0 posted)
Syndication
