🖧 Как настроить базовый DHCP-сервер

Настроим базовый DHCP-сервер с помощью DHCP-сервера Internet Software Consortium.

Обновим индекс пакетов.

$ apt update

Обновление пакетов.

$ apt upgrade

📦 Команды Apt Update и Upgrade – в чем разница? – IT is good

Убедитесь, что сервер будет использовать статический IP.

$ cat /etc/dhcpcd.conf

[...]

interface eth0
static ip_address=172.16.151.254/21
static routers=172.16.144.1
static domain_name_servers=1.1.1.1

[...]

Для применения изменений перезапустите службу DHCP-клиента.

$ sudo systemctl restart dhcpcd.service

Определите имя хоста и обновите статическую таблицу поиска.

$ sudo hostnamectl set-hostname --static scylla.octocat.cloud

$ echo "172.16.151.254 scylla scylla.octocat.cloud" | tee -a /etc/hosts

Проверка IP-адреса.

$ ip -br a   

lo               UNKNOWN        127.0.0.1/8 
eth0             UP             172.16.151.254/21

Установим firewalld

$ sudo apt install firewalld

Проверим начальные настройки для public зоны.

$ sudo firewall-cmd --list-all --zone public

public
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: dhcpv6-client ssh
  ports: 
  protocols: 
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules:

Добавьте интерфейс ethernet в зону public.

$ sudo firewall-cmd --add-interface eth0 --zone public

Удалим службу DHCP-клиента и откройте порт сервера.

$ sudo firewall-cmd --remove-service=dhcpv6-client --zone public

success

$ sudo firewall-cmd --add-service dhcp --zone public

success

Проверим

$ sudo firewall-cmd --list-all --zone public

public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources: 
  services: dhcp ssh
  ports: 
  protocols: 
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules:

Убедитесь, что изменения носят постоянный характер.

$ sudo firewall-cmd --runtime-to-permanent

success

Получим сведения о пакете DHCP-сервера ISC.

$ apt info isc-dhcp-server

Package: isc-dhcp-server
Version: 4.4.1-2.3
Priority: optional
Section: net
Source: isc-dhcp
Maintainer: Debian ISC DHCP Maintainers <isc-dhcp@packages.debian.org>
Installed-Size: 1482 kB
Depends: debconf (>= 0.5) | debconf-2.0, libc6 (>= 2.17), libdns-export1110, libirs-export161, libisc-export1105, debianutils (>= 2.8.2), lsb-base
Recommends: isc-dhcp-common, policycoreutils
Suggests: policykit-1, isc-dhcp-server-ldap
Breaks: isc-dhcp-common (<= 4.3.3-1), logcheck-database (<= 1.3.17~)
Replaces: isc-dhcp-common (<= 4.3.3-1)
Homepage: http://www.isc.org
Tag: interface::daemon, network::configuration, network::server,
 protocol::dhcp, protocol::ip, protocol::ipv6, role::program
Download-Size: 524 kB
APT-Sources: http://deb.debian.org/debian bullseye/main arm64 Packages
Description: ISC DHCP server for automatic IP address assignment
 This is the Internet Software Consortium's DHCP server.
 .
 Dynamic Host Configuration Protocol (DHCP) is a protocol like BOOTP
 (actually dhcpd includes much of the functionality of bootpd). It
 gives client machines "leases" for IP addresses and can
 automatically set their network configuration.
 .
 This server can handle multiple ethernet interfaces.

Установим пакет ISC DHCP-сервера.

$ sudo apt install isc-dhcp-server

Проверим настройки DHCP-сервера по умолчанию.

$ cat /etc/default/isc-dhcp-server 

# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)

# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf

# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
#DHCPDv4_PID=/var/run/dhcpd.pid
#DHCPDv6_PID=/var/run/dhcpd6.pid

# Additional options to start dhcpd with.
#	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
#OPTIONS=""

# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACESv4=""
INTERFACESv6=""

Убедитесь, что интерфейс ethernet определен.

$ sudo tee /etc/default/isc-dhcp-server << EOF
# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)

# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf

# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
#DHCPDv4_PID=/var/run/dhcpd.pid
#DHCPDv6_PID=/var/run/dhcpd6.pid

# Additional options to start dhcpd with.
#	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
#OPTIONS=""

# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACESv4="eth0"
INTERFACESv6=""
EOF

# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)

# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf

# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
#DHCPDv4_PID=/var/run/dhcpd.pid
#DHCPDv6_PID=/var/run/dhcpd6.pid

# Additional options to start dhcpd with.
#	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
#OPTIONS=""

# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACESv4="eth0"
INTERFACESv6=""

Просмотрим файл конфигурации по умолчанию.

# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#

# option definitions common to all supported networks...
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;

default-lease-time 600;
max-lease-time 7200;

# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
#log-facility local7;

# No service will be given on this subnet, but declaring it helps the 
# DHCP server to understand the network topology.

#subnet 10.152.187.0 netmask 255.255.255.0 {
#}

# This is a very basic subnet declaration.

#subnet 10.254.239.0 netmask 255.255.255.224 {
#  range 10.254.239.10 10.254.239.20;
#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
#}

# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.

#subnet 10.254.239.32 netmask 255.255.255.224 {
#  range dynamic-bootp 10.254.239.40 10.254.239.60;
#  option broadcast-address 10.254.239.31;
#  option routers rtr-239-32-1.example.org;
#}

# A slightly different configuration for an internal subnet.
#subnet 10.5.5.0 netmask 255.255.255.224 {
#  range 10.5.5.26 10.5.5.30;
#  option domain-name-servers ns1.internal.example.org;
#  option domain-name "internal.example.org";
#  option routers 10.5.5.1;
#  option broadcast-address 10.5.5.31;
#  default-lease-time 600;
#  max-lease-time 7200;
#}

# Hosts which require special configuration options can be listed in
# host statements.   If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.

#host passacaglia {
#  hardware ethernet 0:0:c0:5d:bd:95;
#  filename "vmunix.passacaglia";
#  server-name "toccata.example.com";
#}

# Fixed IP addresses can also be specified for hosts.   These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
#host fantasia {
#  hardware ethernet 08:00:07:26:c0:a5;
#  fixed-address fantasia.example.com;
#}

# You can declare a class of clients and then do address allocation
# based on that.   The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.

#class "foo" {
#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
#}

#shared-network 224-29 {
#  subnet 10.17.224.0 netmask 255.255.255.0 {
#    option routers rtr-224.example.org;
#  }
#  subnet 10.0.29.0 netmask 255.255.255.0 {
#    option routers rtr-29.example.org;
#  }
#  pool {
#    allow members of "foo";
#    range 10.17.224.10 10.17.224.250;
#  }
#  pool {
#    deny members of "foo";
#    range 10.0.29.10 10.0.29.230;
#  }
#}

Создание базовой конфигурации DHCP-сервера.

$ sudo tee /etc/dhcp/dhcpd.conf << EOF
# dhcpd.conf
#
# Local network configuration file for ISC dhcpd
#

# This DHCP server is the official DHCP server for the local network
authoritative;

# Common network settings
option routers 172.16.144.1;
option domain-name-servers 1.1.1.1;
option domain-name "octocat.cloud";
default-lease-time 86400;
max-lease-time 604800;


# Configuration for an internal subnet
subnet 172.16.144.0 netmask 255.255.248.0 {
  range 172.16.151.110 172.16.151.120;
}

# Hosts configuration options
host desktop {
  hardware ethernet 1c:69:7a:b7:e5:2c;
  fixed-address 172.16.151.200;
}
EOF

$ sudo tee /etc/dhcp/dhcpd.conf << EOF
# dhcpd.conf
#
# Local network configuration file for ISC dhcpd
#

# This DHCP server is the official DHCP server for the local network
authoritative;

# Common network settings
option routers 172.16.144.1;
option domain-name-servers 1.1.1.1;
option domain-name "octocat.cloud";
default-lease-time 86400;
max-lease-time 604800;


# Configuration for an internal subnet
subnet 172.16.144.0 netmask 255.255.248.0 {
  range 172.16.151.110 172.16.151.120;
}

# Hosts configuration options
host desktop {
  hardware ethernet 1c:69:7a:b7:e5:2c;
  fixed-address 172.16.151.200;
}
EOF

Файл тестовой конфигурации.

$ dhcpd -t -4 -cf /etc/dhcp/dhcpd.conf 

Internet Systems Consortium DHCP Server 4.4.1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Config file: /etc/dhcp/dhcpd.conf
Database file: /var/lib/dhcp/dhcpd.leases
PID file: /var/run/dhcpd.pid

Перезапустим DHCP-сервер

$ sudo systemctl restart isc-dhcp-server.service

Проверим, включен ли сервис.

$ sudo systemctl is-enabled isc-dhcp-server.service 

isc-dhcp-server.service is not a native service, redirecting to systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install is-enabled isc-dhcp-server
enabled

Проверим статус сервиса

$ sudo systemctl status isc-dhcp-server.service 

* isc-dhcp-server.service - LSB: DHCP server
     Loaded: loaded (/etc/init.d/isc-dhcp-server; generated)
     Active: active (running) since Sun 2022-05-08 12:38:57 CEST; 46s ago
       Docs: man:systemd-sysv-generator(8)
    Process: 3424 ExecStart=/etc/init.d/isc-dhcp-server start (code=exited, status=0/SUCCESS)
      Tasks: 4 (limit: 780)
        CPU: 154ms
     CGroup: /system.slice/isc-dhcp-server.service
             `-3439 /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth0

May 08 12:38:54 scylla.octocat.cloud systemd[1]: Starting LSB: DHCP server...
May 08 12:38:54 scylla.octocat.cloud isc-dhcp-server[3424]: Launching IPv4 server only.
May 08 12:38:55 scylla.octocat.cloud dhcpd[3439]: Wrote 0 deleted host decls to leases file.
May 08 12:38:55 scylla.octocat.cloud dhcpd[3439]: Wrote 0 new dynamic host decls to leases file.
May 08 12:38:55 scylla.octocat.cloud dhcpd[3439]: Wrote 0 leases to leases file.
May 08 12:38:55 scylla.octocat.cloud dhcpd[3439]: Server starting service.
May 08 12:38:57 scylla.octocat.cloud isc-dhcp-server[3424]: Starting ISC DHCPv4 server: dhcpd.
May 08 12:38:57 scylla.octocat.cloud systemd[1]: Started LSB: DHCP server.

Обновим конфигурацию rsyslog для использования выделенного файла журнала.

$ cat << 'EOF' | sudo tee /etc/rsyslog.d/dhcpd.conf
# Log messages generated by dhcpd application 
if $programname == 'dhcpd' then /var/log/dhcpd.log
# stop processing it further
& stop
EOF

# Log messages generated by dhcpd application 
if $programname == 'dhcpd' then /var/log/dhcpd.log
# stop processing it further
& stop

Перезапустим службу rsyslog.

$ sudo systemctl restart rsyslog

Просмотрим файл журнала DHCP-сервера.

$ sudo tail -f /var/log/dhcpd.log

May  8 12:29:52 raspberrypi dhcpd[3065]: DHCPREQUEST for 172.16.151.200 from 1c:69:7a:b7:e5:2c via eth0
May  8 12:29:52 raspberrypi dhcpd[3065]: DHCPACK on 172.16.151.200 to 1c:69:7a:b7:e5:2c via eth0
May  8 12:34:52 raspberrypi dhcpd[3065]: DHCPREQUEST for 172.16.151.200 from 1c:69:7a:b7:e5:2c via eth0
May  8 12:34:52 raspberrypi dhcpd[3065]: DHCPACK on 172.16.151.200 to 1c:69:7a:b7:e5:2c via eth0
May  8 12:38:55 raspberrypi dhcpd[3439]: Wrote 0 deleted host decls to leases file.
May  8 12:38:55 raspberrypi dhcpd[3439]: Wrote 0 new dynamic host decls to leases file.
May  8 12:38:55 raspberrypi dhcpd[3439]: Wrote 0 leases to leases file.
May  8 12:38:55 raspberrypi dhcpd[3439]: Server starting service.
May  8 12:39:52 raspberrypi dhcpd[3439]: DHCPREQUEST for 172.16.151.200 from 1c:69:7a:b7:e5:2c via eth0
May  8 12:39:52 raspberrypi dhcpd[3439]: DHCPACK on 172.16.151.200 to 1c:69:7a:b7:e5:2c via eth0

Обеспечим ротацию этих журналов.

$ tee /etc/logrotate.d/dhcpd << EOF
/var/log/dhcpd.log {
  daily
  rotate 7
  missingok
  create 0640 root adm
  postrotate
    /usr/lib/rsyslog/rsyslog-rotate
  endscript
}
EOF

/var/log/dhcpd.log {
  hourly
  rotate 7
  missingok
  create 0640 root adm
  postrotate
    /usr/lib/rsyslog/rsyslog-rotate
  endscript
}

см. также:

• Как настроить разрешение конфликтов DHCP?
• Как установить и настроить DHCP на Ubuntu 18.04
• 🖧 Как узнать шлюз по умолчанию
• 🖧 Как изменить IP-адрес на Linux
• 🌐 Как настроить постоянный DNS-резолвер
• 🌐 Как сделать постоянными изменения DNS в resolv.conf на Linux
• 🖧 Как сделать так, чтобы каждая виртуальная машина Ubuntu получила свой собственный IP-адрес