DHCP, Port Forwarding, and DMZ Hosts
[edit section] DHCP, Port Forwarding, and DMZ Hosts
You will, as a Network administrator, probably deal with DHCP, port forwarding, and the DMZ more often than you may like. These technologies are classically associated with NAT technology; so, many modern networks utilize them to provide various network services and greater security.
[edit section] DHCP
Dynamic Host Configuration Protocol, or DHCP, is the service that allows for the dynamic (often called auto-magical) IP configuration of client nodes on a given network. Typically (in most home or small-office networks), DHCP is employed over manual configuration. In larger networks, DHCP can be very advantageous because it allows network administrators to "kick back and relax" while addresses are auto-magically assigned through a DHCP server. However sometimes a manual configuration may be more desirable so that administrators know which computers correspond to which IP address – that is, so that the assignments are permanent.
DHCP works on a “release/renew” system. When an address is requested and assigned, it is actually “leased” to the requesting node for a given period of time. After half of the lease time has expired, the requesting node will automatically request a “renewal” of the IP to the original DHCP server. In most cases, the server will help the client renew the assigned IP address. If the server that the IP was originally assigned from (the DHCP server that assigned the IP) is unavailable after around 87.5% of the lease time has expired, the client will send a broadcast to all network nodes asking for an IP address. When the lease expires, however, the node will lose the IP address. Note that DHCP operates in a client/server rationale, so a DHCP client requests an IP address from a willing DHCP server. DHCP assigns the:
- IP address
- Subnet mask
- Default gateway
Microsoft Windows, Linux, and Macintosh all offer built-in DHCP server functionality.
[edit section] Port Forwarding
Most routers today offer a feature called port forwarding that works in conjunction with NAT (Network Address Translation) to provide openings for incoming traffic to “internal network” nodes. A typical application of port forwarding is network configuration for a file sharing program. The file sharing program on node 192.168.1.4 may need a specific port open to accept incoming traffic – for example, let’s say TCP 4444. Because of NAT, requests on TCP 4444 will not be handled because the traffic is being directed to the router, which does not have any service operating on TCP 4444. However, the router can be configured to forward requests on port TCP 4444 to 192.168.1.4, which can handle the requests on TCP 4444, thus allowing for the incoming traffic to be handled on that port. The general formulation for port forwarding is:
Port Request on (TCP/UDP) (Port Number) Forwards to (Internal IP Address)
[edit section] DMZ Host
A DMZ (Demilitarized Zone) host is a special (security) feature in many modern routers. A DMZ host is basically a “catch-all” host for requests on non-configured ports. For example, in the previous example, let’s say port forwarding is not configured, but a DMZ host on 192.168.1.33 is. Then, the request to the router on TCP 4444 (because it is not forwarded) will be automatically sent to 192.168.1.33:4444. There are two main benefits associated with DMZ hosts.
1. Port forwarding doesn’t have to be configured for each individual service (though it is generally a BAD idea to setup an ordinary PC as a DMZ host)
2. As a security feature (quite the opposite of number 1), so that all of the suspicious (non-port-forwarded) traffic can be directed to a single sanitized host
[edit section] Applying the Knowledge
1. Which of the following technologies allows a PC to forward incoming requests on certain ports to specific computers?
d. Port Forwarding
2. A user complains that he cannot connect to the network. You ask him for his IP information and he says that his IP is manually assigned. Which of the following could be eliminated as cause of the problem?
a. The media may be faulty, severed, or incorrectly connected
b. His IP address, subnet mask, or default gateway may be wrong
c. His network card may not be functioning correctly
d. The DHCP server is down
e. The default gateway is down
[edit section] Answers
1. Port forwarding allows for the forwarding of specific port requests to specific computers. The answer is D.
2. Because the IP address is manually assigned, the DHCP server could not be an issue because it is not being utilized. All of the other choices, however unlikely, are possibilities. The answer is D.