If your ISP assigns the IP address via a DHCP server, configure a DHCP interface on the port the ISP is plugged into. The Barracuda CloudGen Firewall supports up to twelve DHCP connections. You can operate a DHCP connection in active or standby mode. In active mode, the link is automatically brought up during the network activation process. In standby mode, the link is dormant until it is activated by a command line script. For each link, you can configure separate connection details, and routing and monitoring settings.
Before You Begin
Before creating the Internet connection, verify which port you are using to connect to your ISP. This port is subsequently used exclusively for the DHCP connection. No other IP addresses or routes may use it. The port is renamed to dhcp.
Step 1. Create a DHCP Connection
- Go to CONFIGURATION > Configuration Tree > Box > Network.
- In the left menu, select xDSL/DHCP.
- Click Lock.
- Set DHCPv4 Enabled to Yes.
- In the DHCPv4 Links table, click + to add an entry.
- Enter a Name for the link and click OK. The DHCPv4 Links window opens.
- Select the interface the ISP is connected to in the DHCP Interface list. E.g., eth2
- If you want to use the DNS servers provided by your ISP, set Use Provider DNS to Yes.
- Click OK.
- Click Send Changes and Activate.
Step 2. (optional) Configure Dynamic DNS for the DHCP Link
- Go to CONFIGURATION > Configuration Tree > Box > Network.
- In the left menu, select xDSL/DHCP.
- Click Lock.
- In the DHCPv4 Links table, edit the entry.
- (optional) Enable Use Dynamic DNS if you are using a dyndns.org account for dynamic DNS:
- Click Set. The Dynamic DNS Params window opens.
- Select a dynamic DNS Service Type. For information about available DynDNS service types, see http://dyn.com/dns/.
- Enter the Dyn DNS Name that was registered at dyndns.org.
Enter User Access ID and Access Password for accessing the server as defined during registration at dyndns.org.
- Click OK.
- Click OK.
- Click Send Changes and Activate.
Step 3. (optional) Configure Routing Settings
Configure the routes and routing tables for the DHCP link. Enable Advanced View to change these settings.
- Go to CONFIGURATION > Configuration Tree > Box > Network.
- In the left menu, select xDSL/DHCP.
- In the left Configuration menu, select Switch to Advanced.
- Click Lock.
- In the DHCPv4 Links table, edit the entry.
- In the Routing section,
- Disable Own Routing Table to route all traffic to the target networks through this DHCP interface, or
- Enable Own Routing Table to specify which networks should be routed through the interface.
- Add the Source Networks (IP/mask notation; for a single host, enter
32
as netmask, e.g.192.168.0.55/32
). - Enable Clone Routes to clone the dynamic routes to the main or default table. This setting is useful for setups where application-based selection (explicit binding in a firewall rule) of a traffic path is supposed to coexist with link failover (proxy dynamic).
- Add the Source Networks (IP/mask notation; for a single host, enter
- Enable Create Default Route to automatically introduce the default route if it is assigned by the provider.
- When disabling Create Default Route, specify the Target Networks that will be reachable through the interface. If your route should be set dynamically when the DHCP connection is established, add
0.0.0.0/0
to the Target Networks table.
- When disabling Create Default Route, specify the Target Networks that will be reachable through the interface. If your route should be set dynamically when the DHCP connection is established, add
- Select Advertise Route when using dynamic routing protocols such as OSPF/RIP/BGP.
- Select Untrusted as the Trust Level.
- Specify the route preference number in the Route Metric field if multiple ISP connections are available.
- Click OK.
- Click Send Changes and Activate.
Step 4. Configure Connection Monitoring
The connection is monitored by pinging a remote IP address every 20 seconds. When none of the configured remote reachable IPs answer to two ICMP probes, the connection is either terminated or the routing metric is increased, depending on which Unreachable Action is set. If the connection is terminated, the Barracuda CloudGen Firewall will attempt to connect until the connection is re-established successfully.
- Go to CONFIGURATION > Configuration Tree > Box > Network.
- In the left menu, select xDSL/DHCP.
- In the left Configuration menu, select Switch to Advanced.
- Click Lock.
- In the DHCPv4 Links table, edit the entry.
- In the Reachable IPs table, add at least one target IP address that will be regularly pinged to monitor the availability of the connection. Target IP addresses must be accessible only via the DHCP connection.
- Select the Unreachable Action to be taken if the connection cannot be established. The following options are available:
- Restart – Restarts the DHCP connection.
- Increase-Metric – Changes the preference for DHCP routes until the probe succeeds.
- Increase-Metric+Command – Changes the preference and executes an unreachable / re-reachable command if the target IP address remains unreachable.
- Enter the commands in the fields below.
- Ignore – No action is taken if the target IP address becomes unreachable.
If desired, customize the following settings:
No. of ICMP Probes – The number of ICMP echo packages that are sent via the VPN tunnel (default: 2).
Waiting Period [s/probe] – The number of seconds per probe to wait for an answer (e.g. probes=3 and waiting period=2 results in 3x2 s waiting time; default: 1).
Run Probe Every [s] – The interval in seconds that ICMP probes are run (default: 15).
Failure Standoff [s] – If no connection is possible, time in seconds to wait before a retry (default: 45).
- Click OK.
- Click Send Changes and Activate.
The DHCP link is now listed in DHCPv4 Links table.
Step 5. Activate the Network Changes
You must activate the network changes to bring up the ISP connection with a dynamic IP address.
- Go to CONTROL > Box.
- In the left menu, expand the Network section and click Activate new network configuration.
- Click Failsafe.
Your DHCP connection is now established and the IP address assigned by your ISP is visible on the CONTROL > Network page. All status icons next to the DHCP link are green, indicating an active connection. If the DHCP connection is your primary uplink, the default route uses the connection information from your DHCP interface. If more than one default route is present, the connection with the lowest route metric is used.
Operating a DHCP Link in Standby Mode
In standby mode, activation and subsequent monitoring of the link must be triggered externally. Standby mode also combines HA setups for HA DHCP connections. In standby mode,
- The involved routes are set to pending state, and it is not checked whether they are established.
- The configuration is completely run through, but the connection is not established.
Connections are handled from the command-line interface via a server-side script:
- Start all DHCP connections –
/etc/phion/bin/openxdhcp start &
- Stop all DHCP connections –
/etc/phion/bin/openxdhcp stop &
- Start an explicit DHCP connection –
/etc/phion/bin/openxdhcp start *linkname* &
- Stop an explicit DHCP connection –
/etc/phion/bin/openxdhcp stop *linkname* &