Request Help Moving DHCP from Router to eBox

[Saturn2888]

But the box itself should be able to access the Internet. I'm really curious how this setup looks. I'd love a visual.

For me it's:
Internet > ISP > Modem > Switch > eBox WAN (redundant links) > eBox LAN > Switch > Home Network which includes a BUNCH of stuff.

[Sam Graf]

Except that we're complicating things unnecessarily, I think, by trying to get a single NIC eBox to route external traffic via DHCP. It's a little confusing to me exactly what we're trying to accomplish. I misread the effort to move DHCP to the eBox as an attempt to replace the router (which would be my purpose), and that hasn't helped.

I'd do the ISP > Modem > Switch > thing only in cases where I had multiple LAN segments using a common Internet connection, or maybe in the case of multiple static public IPs. In all my eBox configurations I'm doing ISP > Modem > eBox > LAN. I've got the modem passing its public address to eBox, to avoid multiple NATs between the LAN and the world. At work that's not critical to my eBox trial, but at home it matters because of Xbox Live .

[Saturn2888]

The reason I do that w/ the switch is because I can pull multiple IPs so if a NIC goes down I don't lose connection bc I have another pullin' another public IP. It's exactly the same as what you have.

[SamK]

But the box itself should be able to access the Internet. I'm really curious how this setup looks. I'd love a visual.

For me it's:
Internet > ISP > Modem > Switch > eBox WAN (redundant links) > eBox LAN > Switch > Home Network which includes a BUNCH of stuff.

Representative diagram attached.  This is a working LAN and while I am willing to experiment it must be capable of quickly being returned to a working condition.

@Sam Graf
My original idea was to leave the combined router/switch in situ and use the inbuilt firewall to protect the LAN.  The router/switch feeds multiple LAN devices, switches, printers, pcs and servers.  I was looking to place eBoxes inside the router/switch-firewall to conduct DHCP, PDC Authentication, Shares, LAN DNS etc.  If possible this is the model I would like eBox to work within.

I've been caught by cross-posting and need to catch up with recent posts.

[Sam Graf]

Wherever it sits, if eBox is going to serve as a gateway for a LAN, I think it will have to have two NICs, an "external" interface (which need not be hooked directly to the modem) and an "internal" interface, which will serve the LAN "below" it. The external interface handles all traffic between the Internet and eBox itself and the LAN. All local, LAN traffic will be handled on the internal interface, including DHCP address management.

[Saturn2888]

I know you can't change it right now, but ideally, this is what you want:

If you want eBox to connect to the Internet as you have it right now (not in my image), set the gateway address as the address of that gigabit switch. See what happens.

[SamK]

I know you can't change it right now, but ideally, this is what you want:

If you want eBox to connect to the Internet as you have it right now (not in my image), set the gateway address as the address of that gigabit switch. See what happens.

This is what I have been attempting to do earlier today (see most recent DHCP setup screenshot) using the LAN address of the router/switch 192.168.2.1.  This is not yet successful but seems an attractive course at this stage.  

It was never one of my aims to use eBox as a gateway for the LAN, although I can see the benefits of doing so.  It seems to have assumed an increasing priority as our discussions have progressed.  If a working setup can be established which does not use eBox as a gateway (as per your diagram) I will be quite happy with that.

[Saturn2888]

Yeah? Well I'm sure we can make that work. What's the eBox IP and what's the router's IP?

[Sam Graf]

I'm confused.

Any device that attempts to use an eBox-assigned address to connect with the Internet is going to try to use eBox as a gateway. That's what a gateway is and does, connecting an internal address with the public address so the device can reach the outside world without an outside address statically assigned. If we don't first set up the eBox as a gateway, I don't see in the diagram what device we're expecting to provide NAT between eBox-assigned addresses and the public IP.

Consider the typical router, where there are at least two interfaces, a WAN interface (where a modem is often plugged in) and a LAN interface (where all the stuff in the building gets plugged in). NATs and firewalls use the physical distinction between these interfaces to do their work. I'm suggesting (among other things) that until an eBox is set up like a router, it can't function as a gateway -- that is, no devices managed by eBox DHCP will be able to reach the outside world, since there is no way for the "real" gateway to know that a device at address x.x.x.x even exists, let alone that it's requesting access to the outside world, and there is no way for eBox (including its firewall) to distinguish between the inside and the outside world on a single interface.

So that's the gist of my confusion. I'm going to just watch for a bit and maybe I'll learn something.

[Saturn2888]

All that has to be done is set the router, not the eBox, as the gateway in the DHCP server, done. Some places just have a DHCP server as a separate box. This is how things work.

[SamK]

Off Topic
The router/switch is a multi-function device which provides many of the functions offered by eBox (DHCP, NTP, QoS, NAT, Access Control, URL Blocking, DoS, DDNS, Port Forwarding, DMZ, etc.) It is the intention at this stage to use some of these functions via the router/switch and some via eBox. 

At the present time eBox is not to be the central control mechanism for the network, rather it is to be part of it, using whatever portions of its functionality are required. 

The appeal to me is the opportunity to standardize the build of server boxes that eBox presents, its integration, unified management, and the ability to switch on/off the functionality which is installed, as standard, in all deployed eBoxes.  This may change in the future as demands on the system change; eBox may grow to become the central mechanism through which the network is managed and controlled. 

The enjoyment of exploring how eBox might be used towards this end may have allowed wanderering from the shortest path to the objective, and thereby led to some confusion. Is exploration meant to be an exercise in finding the shortest path?


On Topic
#1
The initial experiment showed that resolution of WAN names/addresses can remain a function of the router/switch while eBox conducts resolution of LAN based names/addresses.  It was not the intention to set up an externally registered domain name. 

#2
The second experiment was to explore transferring DHCP from the router/switch to an eBox.  This initially proved problematical and as part of the trouble shooting a lightweight GUI and a web browser were installed on the test eBox machine.  When it was determined how DHCP could be transferred successfully (i.e the experiment successfully concluded) it left an interesting, unanswered question which was not one of the original goals of the experiment.  It is this non-essential element that is now being explored (experiment three)

#3
Establish why the GUI/web browser installed on a test eBox (created in #2) is unable to browse the web successfully when DHCP is enabled on the eBox machine.  How is this rectified?  When the LAN workstations are allocated an ip address via DHCP on the router/switch browsing the web from the eBox is successful.

[SamK]

#3
Establish why the GUI/web browser installed on a test eBox (created in #2) is unable to browse the web successfully when DHCP is enabled on the eBox machine.  How is this rectified?  When the LAN workstations are allocated an ip address via DHCP on the router/switch browsing the web from the eBox is successful.

All that has to be done is set the router, not the eBox, as the gateway in the DHCP server, done. Some places just have a DHCP server as a separate box. This is how things work.

This is why I have been attempting to set the eBox DHCP default gateway as the ip address of the router/switch.
eBox DHCP provides provides various configuration options:

• eBox
• Custom (together with a field to specify the address)
• None
• Configured Ones

Each was tried in turn without success.

• None as a choice was obviously incorrect
• Configured Ones seemed unlikely as none had been set up in eBox
• eBox seemed a possibility
• Custom was exactly the option required

It was and is unclear what the difference is between 'Custom' and 'Configured Ones' but I decided to configure one which pointed to the router/switch and try the 'Configured Ones' option as the 'Custom' option was unsuccessful.

Having set up the gateway, and before selecting the 'Configured Ones' option, (i.e. the 'Custom' option is selected) browsing started to work as expected and ping beyond the LAN address of the router is also successful.

Can anyone explain why eBox provides the 'Custom' option in DHCP which allows an existing address to be specified but does not use it until a gateway is created in Network-->Gateways by specifying exactly the same information again?  

Having created the gateway would it not also be used if the 'Configured Ones' option is selected in eBox DHCP?  Tests reveal the answer is yes.

Am I missing something which is obvious to others?  It does appear odd to my eyes.

[sixstone]

Can anyone explain why eBox provides the 'Custom' option in DHCP which allows an existing address to be specified but does not use it until a gateway is created in Network-->Gateways by specifying exactly the same information again? 

Having created the gateway would it not also be used if the 'Configured Ones' option is selected in eBox DHCP?  Tests reveal the answer is yes.

Am I missing something which is obvious to others?  It does appear odd to my eyes.

Hi SamK,

I'll try to give you a simple answer that may help you. eBox DHCP server may be put in several places within your local network.

• A separate box: in that case eBox is not set as gateway, so you must configure the gateway which DHCP clients must connect to browse Internet. You may set it as Configured one (if you have already set that gateway for other user, trafficshaping or multigateway rules) or a custom one (in that case you just want eBox to be a simple box for DHCP server). Normally, that box where eBox is installed would have a single NIC (Ethernet cable).
• Your gateway: in that case eBox has, at least, two NICs. One set as internal (to your LAN) and one set as external (to your WAN). As eBox is the gateway, you will set in your DHCP server eBox as gateway where LAN DHCP clients connect to. Furthermore, eBox must have firewall module enabled in order to do NAT and packet forwarding likewise a router does.

I hope I have clarified a little the options you have.

[SamK]

Thanks for the information sixstone.  Two points arise from this.

• A separate box: in that case eBox is not set as gateway, so you must configure the gateway which DHCP clients must connect to browse Internet...
  

eBox DHCP was set up on the test server.  This used a Default Gateway='Custom' and specified the ip address of the router.  At this point, a gateway had not been created in Network-->Gateways.  A test LAN Workstation successfully received an ip address from the eBox DHCP and was able to access the internet in the usual manner. 

QUESTION 1
How is it that the LAN workstations (with dynamically allocated IP addresses from eBox DHCP) were able to web browse successfully but the eBox itself (with a static address) could not?  No gateway had been defined at this stage.




For a Default Gateway='Custom' (together with a specified the ip address) to function eBox requires the ip address to again be specified and saved in Network-->Gateways.

QUESTION 2
Is it not possible for eBox to to create the 'Custom' gateway using the information provided when setting up eBox DHCP?  It would be more user friendly done in this way.

[sixstone]

QUESTION 1
How is it that the LAN workstations (with dynamically allocated IP addresses from eBox DHCP) were able to web browse successfully but the eBox itself (with a static address) could not?  No gateway had been defined at this stage.

Because you haven't configured your default gateway for eBox. You must set one at Network -> Gateways, ticking Default setting. If it is the same one that your DHCP clients then you may choose Configured one option in DHCP server.

For a Default Gateway='Custom' (together with a specified the ip address) to function eBox requires the ip address to again be specified and saved in Network-->Gateways.

QUESTION 2
Is it not possible for eBox to to create the 'Custom' gateway using the information provided when setting up eBox DHCP?  It would be more user friendly done in this way.

I think the other around is more user friendly since your host always has a default gateway to route its packets and there is not always a configured DHCP server in eBox. For me, it is confusing to do so.

Best regards,