DHCP El Capitan OS X Server

Murus
Post Reply
kc0mmy
Posts: 9
Joined: Tue Dec 22, 2015 1:13 am

DHCP El Capitan OS X Server

Post by kc0mmy » Tue Dec 22, 2015 1:36 am

Greetings!

I downloaded and activated Murus Pro and am new to the program. I've tried to search the forum and either I'm not searching hard enough or am not understanding what needs to happen. So please, forgive me if I'm beating a dead horse.

I'm running Murus on a Late-2012 Mac Mini, 16GB RAM, OS X El Capitan 10.11.2 and OS X Server. The "server" is running DNS, DHCP, and RADIUS. My main issue is DHCP. In Managed Inbound Services, If I enable basic services for "everyone" and enable the PF, it doesn't work. If I disable the PF, it works. If I create a separate DHCP rule and set it to "Everyone" it works fine when the PF is enabled. However, if I set the group to 192.168-net and enable the PF, it doesn't work.

So, a few questions: What do I need to do to get this to work, or is it save to allow "Everyone" in the "Managed Inbound Services?"

What about Murus Services app? Would that work in tandem with the OS X Server App, or is that completely separate? I've put everything I want (so far) in the server and don't really want to rebuild it, though I do have a reliable backup before even installing Murus.

Thanks in advance for your help.

-Andre
Last edited by kc0mmy on Tue Dec 22, 2015 5:18 pm, edited 1 time in total.

hany
Posts: 485
Joined: Wed Dec 10, 2014 5:20 pm

Re: DNS El Capitan OS X Server

Post by hany » Tue Dec 22, 2015 10:48 am

Hello,

You should simply add the already existing Murus DHCP service to your inbound services, and let it open to everyone.
Using BASIC SERVICES alone is not enough, as it contains definitions to allow a dhcp CLIENT to work on your Mac.
What you want is to run a dhcp SERVER, so for this purpose you must allow the Murus DHCP service.

Restricting access to DHCP server at network level should work too but it is somehow tricky as dhcp already needs your clients to be on your network, so there should be no need to further restrict it. And, by the way, it is hard for a dhcp server to block access at IP level from remote clients that are requesting an IP address if these clients still does not have an IP address, right? :D
I think you can leave "Everyone" assigned to DHCP service, and restrict access at application level, not network level. This is done in dhcpd configuration.

Murus Services app is an alternative to Apple Server.app for some specific services, and is complementary for some others.
They can work together as long as you run a single instance of a service. For example you must choose where to run dhcp, you can't run it on both apps. Then, you must account for some more limitations: for example you can't configure Murus Services' dhcp for radius auth.

I hope it helped.

kc0mmy
Posts: 9
Joined: Tue Dec 22, 2015 1:13 am

Re: DHCP El Capitan OS X Server

Post by kc0mmy » Tue Dec 22, 2015 5:22 pm

Hany,

Yes, your post helped IMMENSELY! Thank you!

I changed the subject line since I meant to say DHCP instead of DNS.

So if it's not a "security concern" then I will just leave it to "everyone"

I have RADIUS working just fine with the settings that I have, so that's a good thing.

I may use the web proxy on the Murus Services app. I wast sure if the Server.app and the Murus Services App had their own "DHCP" servers. I thought both were just "front-ends", so to speak. But it's definitely an app I'll use.

Thanks again for your help

-Andre

Post Reply