FreeBSD  Release  11.0  Install  Guide



DHCP (Dynamic Host Configuration Protocol)

You have now completed the basic install of the FBSD Gateway/Firewall server with attached LAN. Everything up to this point has been accomplished using the built in facilities available in the standard FBSD production X.X-RELEASE.

In the previous section you manually configured your LAN PC's by hand with the information they needed to communicate with the FBSD gateway. DHCP is used to automate and control the automatic assignment of private IP addresses to your LAN environment.


What function does DHCP perform?

The Dynamic Host Configuration Protocol (DHCP) is most commonly used in the situation where a LAN (local area network) has too many PC workstations for the LAN administrator to manually configuration each workstation with the information it needs to use for access on the LAN. To automate this process, DHCP was developed. DHCP usually runs on the gateway/firewall machine in server mode. It broadcasts its presence through the LAN to all the workstations who have a DHCP client version of DHCP installed. At workstation boot up it asks the DHCP server for the information necessary to configure itself for access to LAN services.

All Microsoft Windows machines have a DHCP client built in that defaults to using DHCP services without any user configuration. FBSD also has a built in DHCP client, but it needs manual user input to activate it. Many ISP's use DHCP on dial up, DSL, and cable access to achieve the same results a LAN administrator wants for his private LAN.

One of DHCP's major strengths is its ability to manage the dynamic assignment of IP addresses from a pool and to reuse any IP address released when a workstation is removed from the LAN or moved to a different location on the LAN, such as what normally happens in a company work place environment.


DHCP Server

To add a DHCP server to FBSD you have to install the port. The best and most commonly used port for this purpose is the isc-dhcpd42-server port. For basic background information and locations of additional configuration information review the following.

The ISC-DHCP42 server supports three mechanisms for IP address allocation. In "automatic allocation", DHCP assigns a permanent IP address to a client. In "dynamic allocation", DHCP assigns an IP address to a client for a limited period of time (or until the client explicitly relinquishes the address). In "manual allocation", a client's IP address is assigned by the network administrator, and DHCP is used simply to convey the assigned address to the client. Dynamic allocation is the only one of the three mechanisms that allows automatic reuse of am address that is no longer needed by the client to which it was assigned. A particular network will use one or more of these mechanisms, depending on the policies of the network administrator.

For our purpose of a simple DHCP server that would fill the needs of the common FBSD user we are going to configure the DHCP server for "dynamic allocation" mode.


How DHCP Works

When the dhcpd daemon starts up at FBSD boot time, it broadcasts its presence through the LAN, then it sleeps and listens for broadcast requests for network configuration information from the LAN workstations. By default, it will listen on UDP port 67. When such a request is received, then the server will reply to the client machine on UDP port 68, providing the details required to connect to the network such as the IP address assigned to the workstation, subnet mask, default gateway and DNS servers names or IP addresses. Also included with this reply is a length of time for which this information can be used by that particular client. This is known as a DHCP "lease" and a new lease must be acquired by the client when it expires. The length of time for which a lease is valid is decided by the administrator of the DHCP server. The DHCP server keeps a database of leases it has issued in /var/db/dhcpd.leases File. This file is written as a log and can be edited. See man dhcpd.leases which gives a slightly longer description. DHCP clients can obtain a great deal of information from the server. An exhaustive list may be found in man dhcp-options & man dhcpd after DHCP is installed.


DHCP Configuration Instructions

To install the DHCP software, use the FBSD dhcp package using the following command

pkg_add -rv isc-dhcp42-server

To start the DHCPD server at boot time add the following statements in the /etc/rc.conf file.

ee /etc/rc.conf


The -q option will turn off the copyright banner that displays during the FBSD boot up and in the DHCP log every time a broadcast is issued by the DHCP daemon or when a request is received from a workstation DHCP client.

The dc0 is to be replaced with the interface name of the LAN NIC you want DHCP service on from your gateway/firewall FBSD system.

The dhcpd.conf file is delivered as a sample file so you have to make a copy of it without its sample suffix. It contains a lot of comments and commented out statement examples which you can comment out or delete. Edit the main DHCP configuration file and make it look like this.

cp dhcpd.conf.sample dhcpd.conf

ee dhcpd.conf

option domain-name "";
option domain-name-servers,;
# 600=10min, 7200=2 hours, 86400=1 day, 604800=1 week, 2592000=30 days
default-lease-time 86400;
max-lease-time 604800;
ddns-update-style none;
log-facility local1;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
subnet netmask { }

# This is the subnet declaration.
# Max of 6 pc on LAN -
# is the IP address of the Nic card in FBSD
# is the broadcast IP address
subnet netmask {
option routers;}

The option domain-name ""; is the user selected domain name from the hostname="" statement of /etc/rc.conf.

The option domain-name-servers contains the DSN server's IP addresses of your ISP from /etc/resolv.conf nameserver statements which get populated automatically when you connect to your ISP. If you have your own private LAN domain DSN server, make it the first one in the list, and in that case you can use full domain names instead of IP address (such as,

The default-lease-time and max-lease-time have values in seconds to set the elapse period for these function. The values I show are good to go with.

The authoritative; options tells the DHCP daemon server that it is the boss and is in control of issuing all the information to the LAN DHCP clients.

The ddns-update-style none; tells DHCP that there is no local LAN DSN server. If you have one, change this from none to interim. In the dhcpd.conf.sample you will see comments saying none and ad-hoc are the two options. This is no longer true for DHCP version 3.0. Ad-hoc has been deactivated and replaced with interim. See man dhcpd.conf for details.

The log-facility allows you to segregate the DHCP messages to a separate log for recording. You are going to use local1 for logging of DHCP server error messages;

subnet netmask {
option routers; }

The subnet netmask statement declares the maximum subnet IP address range. In this case the last three digits in the netmask, 248 determines the range. This means a total of 8 IP addresses, through are allocated as the subnet range. and are reserved for the broadcast process.

The range; is saying this range of IP addresses makes up the pool of addresses that are to be used for dynamic IP allocation to DHCP clients. It's a small home LAN with only two MS/Windows boxes and a single FBSD box on it now. That can grow to six machines without making any changes to this statement group.

The option routers statement is a bit miss-leading. What this is referring to is the NIC in the FBSD box the DHCP server runs on and the LAN being configured is cabled to. In our case the NIC has an IP address of which is specified in /etc/rc.conf by the ifconfig_dc0="inet netmask" statement.

The principle behind bitmasks and netmasks is simple, but often confusing to new users as it requires knowledge of binary numbers. For a quick reference, the following table illustrates what network ranges are indicated by the corresponding bitmasks/netmasks up to a default class C netmask.

Bitmask   Netmask          Total IP's /  Usable IP's
  32         1              1
  31         2              1
  30         4              2
  29         8              6
  28        16             14
  27        32             30
  26        64             62
  25       128            126
  24         256            254
  22       16320          16318
  20       32768          32766
  16         65536          65534
  12   8.388608+e6    8.388606+e6
   8           256^3      (256^3)-2
   0  (all IP's) 256^4       (256^4)-2

As you can see, there is a definite pattern. The number of total IP's always doubles, and the number of usable IP's is always total - 2. This is because for every IP network/subnet there are two IP's reserved for the network and broadcast addresses. The netmask's last octet starts at 255 and constantly decreases by multiples of 2, while the bitmask decreases by multiples of 1, because in binary, each shift over to the left halves the number, not divides by ten like in the decimal number system. This same pattern goes for all possible netmasks and bitmasks.

Go to to calculate the information about subnets. You can also download the script that does the calculations.


Since you told DHCPD to use local1 for logging in the dhcpd.conf configuration file above, you now have to complete the logging environment configuration by adding the following statement to /etc/syslog.conf.


ee /etc/syslog.conf

local1.notice         /var/log/dhcpd.log


This log file does not exist, so you must create it.

touch /var/log/dhcpd.log

To activate the changes to /etc/syslog.conf you can reboot or force the syslogd task into re-reading /etc/syslog.conf by issuing this console command
/etc/rc.d/syslogd reload


Now you must set up log rotation. Add this statement.

ee /etc/newsyslog.conf

/var/log/dhcp.log          600 3 100 * B

You can change the log rotation triggers to whatever you want.
See man newsyslog for info on what the trigger values mean.


The DHCPD daemon has a start up script located at /usr/local/etc/rc.d/

This directory location is where FBSD looks for files that end in .sh and executes them at the end of the boot process to start the applications.

You can administer the DHCPD server from the command line using

/usr/local/etc/rc.d/ start
Restart is used to reread dhcp.conf file after making changes.

Now manually start DHCP by entering this on the command.

/usr/local/etc/rc.d/ start

Issue 'ps ax' command to see the DHCP daemon running in the active task list.


Testing the DHCPD Daemon

To test the DHCPD server you need a PC on the LAN.

First let's check the LAN MS/Windows box network configuration. Click on the following buttons in this order. Start/settings/control panel/network/. Highlight TCP/IP and click on properties button. In the IP address tab the 'obtain IP address automatically' should be to only thing check marked. All the fields in the other tabs must be blank. If this is what you have use the cancel buttons to back yourself out. If you answer ok, you may have to have the windows install CDROM to update the network section.

Windows XP and newer have a program c:/windows/winipcfg.exe which will show you the DHCP info it's using. Start the winipcfg program by clicking on start, run, and type c:/windows/winipcfg.exe into the run window and then hit the OK button. Click on the more info button to see everything. You should be able to comprehend what you see back to the dhcpd.conf options as explained above. Click on the 'renew all' button to acquire a new DHCP lease.


FBSD as a DHCP Client

The isc-dhcp42 port comes with a client. I am not going to cover the isc-dhcp42 port client configuration process, because FBSD comes with a DHCP client built into the basic FBSD system.

To activate the built in dhcp client on a FBSD LAN PC, edit /etc/rc.conf and add the following statement to tell FBSD what interface the client DHCP should use:

ee /etc/rc.conf

ifconfig_dc0="DHCP"         # Where dc0 is the FBSD Nic card interface name.

That's it, configuration complete. Reboot to activate your changes.


Previous Page                                        Next Page         

This FreeBSD Install Guide is an public domain HOW-TO. This content may be reproduced, in any form or by any means, and used by all without permission in writing from the author.