]>
Commit | Line | Data |
---|---|---|
a7c1f8d0 SZ |
1 | ## $Id$ |
2 | ||
3 | ## This file contains a sample configuration for the network shown | |
4 | ## below: | |
5 | ## | |
6 | ## -------------- ---------- ------------- | |
7 | ## | DHCP Server | | | | | | |
8 | ## | 192.168.8.66 |------<eth1>| dhcp-fwd |<eth2>------| Clients | | |
9 | ## | | | | | | | |
10 | ## -------------- ---------- ------------- | |
11 | ## | |
12 | ## By default, the dhcp-fwd agent looks at $(sysconfdir)/dhcp-fwd.cfg | |
13 | ## for this file. By using the '-c' option when calling dhcp-fwd, this | |
14 | ## path can be changed. | |
15 | ||
16 | ||
17 | ######### ENVIRONMENT SETTINGS ######### | |
18 | #### | |
19 | ### | |
20 | ## The server will drop its privileges and goes into a chroot-jail | |
21 | ## after doing its initialization. The following parameters are | |
22 | ## defining the needed parameters: | |
23 | ||
24 | ## User and group names/ids. It can be a numeric id or a resolvable | |
25 | ## alphanumeric-name. | |
26 | ## | |
27 | ## WARNING: when compiled with dietlibc the user-/group-names must be | |
28 | ## resolvable by files-NSS. LDAP or NIS NSS will not work so | |
29 | ## the numeric ids must be used | |
30 | user nobody | |
31 | group nobody | |
32 | ||
33 | ## chroot() path | |
34 | chroot /var/lib/dhcp-fwd | |
35 | ||
36 | ## Logfile and loglevel. The logfile-location is relatively to the | |
37 | ## directory where dhcp-fwd was started and not to the chroot-directory. | |
38 | ## | |
39 | ## The loglevel option is not supported yet. | |
40 | logfile /var/log/dhcp-fwd.log | |
41 | loglevel 1 | |
42 | ||
43 | ## SysV pidfile; contains the PID of the daemon-process and will be | |
44 | ## written with root-privileges | |
45 | pidfile /var/run/dhcp-fwd.pid | |
46 | ||
47 | ||
48 | ## Set limit for resources. When using much interfaces or servers | |
49 | ## below you will need to increase some values. Same holds when not | |
50 | ## using dietlibc. Use '-1' as the value to disable the upper limit | |
51 | ## for the given resource. | |
52 | ## | |
53 | ## Look into /proc/<pid>/status to find out the real usage of the | |
54 | ## resources. | |
55 | ulimit core 0 | |
56 | ulimit stack 64K | |
57 | ulimit data 32K | |
58 | ulimit rss 200K | |
59 | ulimit nproc 0 | |
60 | ulimit nofile 0 | |
61 | ulimit as 0 | |
62 | ||
63 | ||
64 | ######### INTERFACE SETTINGS ######### | |
65 | #### | |
66 | ### | |
67 | ## The interface where the forwarder listens for messages. There must | |
68 | ## be specified BOTH the server-side and client-side interfaces! | |
69 | ## | |
70 | ## Each interface will be identified by its system-wide name | |
71 | ## (e.g. eth0). After this it must be told whether there are | |
72 | ## clients and servers, and if it is allowed to send broadcast | |
73 | ## messages to clients. The bcast flags will be IGNORED when | |
74 | ## forwarding messages to servers. | |
75 | ||
76 | # IFNAME clients servers bcast | |
77 | if eth2 true false true | |
78 | if eth1 false true true | |
79 | ||
80 | ||
81 | ## Each interface can be given an RFC 3046 agent ID. The 'name' config | |
82 | ## option sets this value; if an interface is not specified here, the | |
83 | ## IFNAME will be assumed. | |
84 | ||
85 | # IFNAME agent-id | |
86 | name eth2 ws-c | |
87 | ||
88 | ||
89 | ## Each interface can be given an specific IP to be filled into the | |
90 | ## 'giaddr' field. | |
91 | ## | |
92 | ## BEWARE: because the outgoing DHCP message will contain the "normal" IP | |
93 | ## address of the outgoing-interface in its IP-header, some additional | |
94 | ## work in the system must be done. You can e.g. add an iptables rule to | |
95 | ## the 'nat' table similarly to this: | |
96 | ## | |
97 | ## | Chain POSTROUTING (policy ACCEPT) | |
98 | ## | target prot opt source destination | |
99 | ## | SNAT udp -- 192.168.0.6 192.168.8.66 udp spt:68 dpt:67 to:192.168.2.255 | |
100 | ||
101 | # ip eth0 192.168.2.255 | |
102 | ||
103 | ||
104 | ######### SERVER SETTINGS ######### | |
105 | #### | |
106 | ### | |
107 | ## Definitions of the servers. There must be told the type ('ip' or | |
108 | ## 'bcast') and the address. When using 'ip', the address is a non-bcast | |
109 | ## IPv4 address (dotted, DNS-names are NOT supported); and when using | |
110 | ## 'bcast' servers, the address is an IFNAME. | |
111 | ||
112 | # TYPE address | |
113 | server ip 192.168.8.66 | |
114 | #server bcast eth1 |