DHCP Server

A DHCP server provides IP addresses and other network configuration to computers and devices on your network.

When first connecting to the network, a client devices tries to discover a DHCP server. The assigned IP address can be taken from a defined range (a 'dynamic' pool) or can be statically assigned according to the client's unique MAC address.

Note: Make sure that any IP used for a static fixed lease does not come from the 'dynamic' pool of IP addresses.

DHCP usually provides much more configuration than just an IP address. It can include information such as a gateway IP, DNS and NTP servers.

Example configuration

In this example we will configure a standard IPFire installation to serve an internal network for the Green Interface.


Blue Interface Enabled

If the Blue Interface has been enabled ensure that the MAC Filtering has been configured on the Blue Access page.

Start Address / End Address

The first two fields are the start address and end address of the dynamic IP address range. With the current implementation this range must fit into a /16 net (netmask

In this example the DHCP server provides IP addresses to This means clients will be randomly assigned an IP in this range if they use DHCP.

Deny known clients:

Enable this if you want to prevent any defined and enabled fixed lease clients from getting a dynamic lease from the selected interface. When you enable this box you must have a defined dynamic range for that interface otherwise you will get an error message.

In this example this means that any fixed lease in Green or Blue will be denied a dynamic lease from the Green range.

If the Deny known clients box is checked on Blue then this means that any fixed lease in Green or Blue will be denied a dynamic lease from the Blue range.

If both are checked then any fixed lease in Green or Blue will be denied a dynamic lease from both the Green and Blue range.

Default lease time

Next the lease duration is set. The lease duration is the amount of time, in minutes, that IPFire waits before releasing a previously assigned IP address which is no longer in use. An active DHCP client will attempt to refresh its connection in half of this time.

Domain Name suffix

The Domain Name Suffix is simply the name of the network workgroup or domain.

Primary DNS / Secondary DNS

Primary DNS. Specifies what the DHCP server should tell its clients to use for their Primary DNS server. As ipfire runs a DNS proxy you will usually want the Primary DNS server set to IPFire's Green IP address. Otherwise, if you have your own DNS server then specify it here.

Secondary DNS (optional). You can optionally specify a second DNS server which will be used if the primary is unavailable. This could be another DNS server on your network or that of your ISP.
A list of free non-compromised DNS server can be found here.

Primary NTP server / Secondary NTP server

The DHCP server can optionally specify up to two NTP server addresses for time synchronization.

Primary NTP Server (optional). If you are using IPFire as an NTP Server, or want to pass the address of another NTP Server to devices on your network, you can put its IP address in this field. The DHCP server will pass this address to all clients when they get their network parameters.

Secondary NTP Server (optional). If you have a second NTP Server address, put it in this field. The DHCP server will pass this address to all clients when they get their network parameters.

Note - Did you see a WARNING DHCP on BLUE Local NTP server specified but not enabled error? Go to NTP Configuration WebGUI and enable Provide time to local network.

Primary WINS server address / Secondary WINS server address

WINS is a historic name resolution service for Microsoft's NetBIOS network protocol. If it is still in use in your network you can optionally configure up to two addresses for WINS servers.

next-server / filename

The fields next-server and filename are used to allow un-configured systems, or diskless workstations, to boot an Operating System from the network using bootp or PXE (see RFC2131).

DNS Update

This section can be used to configure DNS Update, a feature which allows DHCP clients to update their own DNS entries. If a DHCP client changes IP address, it can notify IPFire of that change so host name resolution will still work.

Additional DHCP options

This section allows additional options for DHCP to be configured.

  • DHCP can be set to listen on a specific interface, typically the Green interface or use a global scope.
  • The button "List options" shows a lot of additional options which can be set.

The Web Proxy Auto-Discovery Protocol can be configured here, if needed.

Current fixed leases

IPFire supports the configuration of fixed, or static, IP address leases for specific clients. When configured the unique MAC address of a network card is used to identify a particular client and offer them a specific IP address each time.

All clients not listed in this section will be given an address from the 'dynamic' range set above.

MAC Address

The unique hardware (MAC) address of a client's network card.

IP address

A unique IP address to reserve for a client.
Note: This IP address must not be in the 'dynamic' range set above.


The remark field is used to comment an entry in this configuration page.

Note! The IPFire's DNS server automatically adds the first word in the remark field as a host name entry for the IP address configured in this section.

Current dynamic leases

In this last section, dynamic leases are listed with the associated MAC addresses and expiration time. Clients that already have a "MAC assigned" address (fixed leases) and clients with a static IP address (manually set) will not be listed.

The "Add" button will add the client definition (MAC address) to the set of fixed leases. This definition should be edited to assign an IP address not in the dynamic address pool.

Specify settings

Changes on the WebUI DHCP settings will be save on /var/ipfire/dhcp/dhcpd.conf.

Default settings:

deny bootp; #default
ddns-update-style none;

include "/var/ipfire/dhcp/dhcpd.conf.local";

To add specific options (e.g. change router ip, create dhcp entry) edit the file /var/ipfire/dhcp/dhcpd.conf.local.


subnet netmask #GREEN
      option subnet-mask;
      option domain-name "int.company.com";
      option routers;
      option domain-name-servers;
      default-lease-time 600;
      max-lease-time 1200;

If you have additional interfaces the DHCP server should listen to, you will need to specify them in /etc/sysconfig/dhcpd file for the LISTEN_INTERFACES variable. Example for vlan10 and vlan20:

LISTEN_INTERFACES="vlan10 vlan20"
Edit Page ‐ Yes, you can edit!

Older Revisions • March 20 at 5:01 pm • Adolf Belka