Extract the dcp folder
# tar xzvf dhcp-3.0pl2.tar.gz
then cd into dhcp-3.0pl2 directory that is created. Type in ./configure then make then make install you now need to get out of the dhcp-3.0pl2 directory by typing this
# cd ..
Dhcpd
now you should be in a prompt with
root@localhost root#
Now you need to make a few files. You do this by the touch command in your terminal.
# touch /etc/dhcpd.conf
you then need to make a directory. You do this by using the mkdir command in your terminal
# mkdir /var/state/dhcp
you then make a text file in this directory while still in root
# touch /var/state/dhcp/dhcpd.leases
Now you must configure your /etc/dhcpd.conf file. Using nano:
# nano /etc/dhcpd.conf
(here nano is used as an editor but any other available editor like vi, emacs will do equally well). An example of a /etc/dhcpd.conf file would be this (class A network):
ddns-update-style interim;
subnet 10.0.0.0 netmask 255.255.0.0 {
default-lease-time 63000;
max-lease-time 72000;
option routers 10.0.0.1;
option subnet-mask 255.255.0.0;
option [domain-name-servers]
range 10.0.0.2 10.0.0.253;
}
domain-name-servers are provider-dependant, use ip-address of router; if there are more than one dns server separate by a comma;
iptables
You now need to make the file /etc/sysconfig/iptables. You again use the touch command to do this.
# touch /etc/sysconfig/iptables
Once you have created this file you need to go into it and place your iptables rules. Again edit the file and enter the following data (using nano):
# nano /etc/sysconfig/iptables
An example of /etc/sysconfig/iptables is:
#iptables - configuration files for iptables in Red Hat Linux 8.0
#This is appropriate for protecting a single workstation.
#The script could be a lot more rigorous, e.g., only allow
#selected outbound ports, rather than allowing all outbound
#traffic, use REJECT rather than DROP, etc. However, the
#goal of this script was to provide some protection for ports
#while minimizing the number of checks made on each packet.
#This file should be owned by user root, group root.
#The permissions on this file should be set to 600.
#Edit lines as necessary, then uncomment (remove hash mark) the
#lines you wish to use.
#Although every precaution has been taken in the preparation of this
#file, the author assumes no responsibility for errors or omissions.
#Neither is any liability assumed for damages resulting from the use of
#the information contained herein.
#m-woo@uiuc.edu 9 Jan 2003
filter
INPUT DROP [0:0]
FORWARD DROP [0:0]
OUTPUT DROP [0:0]
#Drop all incoming fragments
-A INPUT -i eth0 -f -j DROP
#Drop outside packets with localhost address - anti-spoofing measure
-A INPUT -s 10.0.0.1/255.0.0.0 -i ! lo -j DROP
#Pass all locally-originating packets
-A INPUT -i lo -j ACCEPT -A OUTPUT -o lo -j ACCEPT
#Accept ICMP ping echo request packets
#(this allows other people to ping your machine, among other things),
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT
#Accept all traffic from a specific machine with IP x.x.x.x
#replace x.x.x.x with the desired IP, then uncomment the line.
-A INPUT -p tcp -m tcp --syn -s 10.0.0.0 -j ACCEPT
#Accept traffic on port p from a specific machine with IP x.x.x.x
#replace p with the desired port number, and replace x.x.x.x with
#the desired IP, then uncomment the line.
-A INPUT -p tcp -m tcp --syn -s 10.0.0.1 --dport 80 -j ACCEPT
#Accept all inbound ssh traffic
-A INPUT -p tcp -m tcp --syn --dport 22 -j ACCEPT
#Accept all inbound identd
-A INPUT -p tcp -m tcp --syn --dport 113 -j ACCEPT
#or you can reject and send back a TCP RST packet instead
-A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with tcp-reset
#Allow all sendmail SMTP traffic
-A INPUT -p tcp -m tcp --syn --dport 25 -j ACCEPT
#Allow all sendmail MSA traffic
-A INPUT -p tcp -m tcp --syn --dport 587 -j ACCEPT
#Allow all web server access (port 80)
-A INPUT -p tcp -m tcp --syn --dport 80 -j ACCEPT
#Allow all secure web server access (port 443)
-A INPUT -p tcp -m tcp --syn --dport 443 -j ACCEPT
#Allow inbound established and related outside communication
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#Drop outside initiated connections
-A INPUT -m state --state NEW -j REJECT
#Allow all outbound tcp, udp, icmp traffic with state
-A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p udp -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p icmp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
COMMIT
You also need to add the line
echo 1 > /proc/sys/net/ipv4/ip_forward
to your /etc/rc.d/rc.local file
also hit enter twice after the above line and put
dhcpd
This will automatically start your dhcpd server for you on startup of your machine.
Firestarter firewall
Now you need to install firestarter. You do this using the rpm command
# rpm –i firestarter-0.9.2-3.i386.rpm
