Настроим базовый DHCP-сервер с помощью DHCP-сервера Internet Software Consortium.
Обновим индекс пакетов.
$ apt update
Обновление пакетов.
$ apt upgrade
📦 Команды Apt Update и Upgrade – в чем разница? – IT is good
Убедитесь, что сервер будет использовать статический IP.
$ cat /etc/dhcpcd.conf
[...] interface eth0 static ip_address=172.16.151.254/21 static routers=172.16.144.1 static domain_name_servers=1.1.1.1 [...]
Для применения изменений перезапустите службу DHCP-клиента.
$ sudo systemctl restart dhcpcd.service
Определите имя хоста и обновите статическую таблицу поиска.
$ sudo hostnamectl set-hostname --static scylla.octocat.cloud
$ echo "172.16.151.254 scylla scylla.octocat.cloud" | tee -a /etc/hosts
Проверка IP-адреса.
$ ip -br a
lo UNKNOWN 127.0.0.1/8 eth0 UP 172.16.151.254/21
Установим firewalld
$ sudo apt install firewalld
Проверим начальные настройки для public зоны.
$ sudo firewall-cmd --list-all --zone public
public target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh ports: protocols: forward: no masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
Добавьте интерфейс ethernet в зону public.
$ sudo firewall-cmd --add-interface eth0 --zone public
Удалим службу DHCP-клиента и откройте порт сервера.
$ sudo firewall-cmd --remove-service=dhcpv6-client --zone public
success
$ sudo firewall-cmd --add-service dhcp --zone public
success
Проверим
$ sudo firewall-cmd --list-all --zone public
public (active) target: default icmp-block-inversion: no interfaces: eth0 sources: services: dhcp ssh ports: protocols: forward: no masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
Убедитесь, что изменения носят постоянный характер.
$ sudo firewall-cmd --runtime-to-permanent
success
Получим сведения о пакете DHCP-сервера ISC.
$ apt info isc-dhcp-server
Package: isc-dhcp-server Version: 4.4.1-2.3 Priority: optional Section: net Source: isc-dhcp Maintainer: Debian ISC DHCP Maintainers <isc-dhcp@packages.debian.org> Installed-Size: 1482 kB Depends: debconf (>= 0.5) | debconf-2.0, libc6 (>= 2.17), libdns-export1110, libirs-export161, libisc-export1105, debianutils (>= 2.8.2), lsb-base Recommends: isc-dhcp-common, policycoreutils Suggests: policykit-1, isc-dhcp-server-ldap Breaks: isc-dhcp-common (<= 4.3.3-1), logcheck-database (<= 1.3.17~) Replaces: isc-dhcp-common (<= 4.3.3-1) Homepage: http://www.isc.org Tag: interface::daemon, network::configuration, network::server, protocol::dhcp, protocol::ip, protocol::ipv6, role::program Download-Size: 524 kB APT-Sources: http://deb.debian.org/debian bullseye/main arm64 Packages Description: ISC DHCP server for automatic IP address assignment This is the Internet Software Consortium's DHCP server. . Dynamic Host Configuration Protocol (DHCP) is a protocol like BOOTP (actually dhcpd includes much of the functionality of bootpd). It gives client machines "leases" for IP addresses and can automatically set their network configuration. . This server can handle multiple ethernet interfaces.
Установим пакет ISC DHCP-сервера.
$ sudo apt install isc-dhcp-server
Проверим настройки DHCP-сервера по умолчанию.
$ cat /etc/default/isc-dhcp-server
# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server) # Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf). #DHCPDv4_CONF=/etc/dhcp/dhcpd.conf #DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf # Path to dhcpd's PID file (default: /var/run/dhcpd.pid). #DHCPDv4_PID=/var/run/dhcpd.pid #DHCPDv6_PID=/var/run/dhcpd6.pid # Additional options to start dhcpd with. # Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead #OPTIONS="" # On what interfaces should the DHCP server (dhcpd) serve DHCP requests? # Separate multiple interfaces with spaces, e.g. "eth0 eth1". INTERFACESv4="" INTERFACESv6=""
Убедитесь, что интерфейс ethernet определен.
$ sudo tee /etc/default/isc-dhcp-server << EOF # Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server) # Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf). #DHCPDv4_CONF=/etc/dhcp/dhcpd.conf #DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf # Path to dhcpd's PID file (default: /var/run/dhcpd.pid). #DHCPDv4_PID=/var/run/dhcpd.pid #DHCPDv6_PID=/var/run/dhcpd6.pid # Additional options to start dhcpd with. # Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead #OPTIONS="" # On what interfaces should the DHCP server (dhcpd) serve DHCP requests? # Separate multiple interfaces with spaces, e.g. "eth0 eth1". INTERFACESv4="eth0" INTERFACESv6="" EOF
# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server) # Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf). #DHCPDv4_CONF=/etc/dhcp/dhcpd.conf #DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf # Path to dhcpd's PID file (default: /var/run/dhcpd.pid). #DHCPDv4_PID=/var/run/dhcpd.pid #DHCPDv6_PID=/var/run/dhcpd6.pid # Additional options to start dhcpd with. # Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead #OPTIONS="" # On what interfaces should the DHCP server (dhcpd) serve DHCP requests? # Separate multiple interfaces with spaces, e.g. "eth0 eth1". INTERFACESv4="eth0" INTERFACESv6=""
Просмотрим файл конфигурации по умолчанию.
# dhcpd.conf # # Sample configuration file for ISC dhcpd # # option definitions common to all supported networks... option domain-name "example.org"; option domain-name-servers ns1.example.org, ns2.example.org; default-lease-time 600; max-lease-time 7200; # The ddns-updates-style parameter controls whether or not the server will # attempt to do a DNS update when a lease is confirmed. We default to the # behavior of the version 2 packages ('none', since DHCP v2 didn't # have support for DDNS.) ddns-update-style none; # If this DHCP server is the official DHCP server for the local # network, the authoritative directive should be uncommented. #authoritative; # Use this to send dhcp log messages to a different log file (you also # have to hack syslog.conf to complete the redirection). #log-facility local7; # No service will be given on this subnet, but declaring it helps the # DHCP server to understand the network topology. #subnet 10.152.187.0 netmask 255.255.255.0 { #} # This is a very basic subnet declaration. #subnet 10.254.239.0 netmask 255.255.255.224 { # range 10.254.239.10 10.254.239.20; # option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org; #} # This declaration allows BOOTP clients to get dynamic addresses, # which we don't really recommend. #subnet 10.254.239.32 netmask 255.255.255.224 { # range dynamic-bootp 10.254.239.40 10.254.239.60; # option broadcast-address 10.254.239.31; # option routers rtr-239-32-1.example.org; #} # A slightly different configuration for an internal subnet. #subnet 10.5.5.0 netmask 255.255.255.224 { # range 10.5.5.26 10.5.5.30; # option domain-name-servers ns1.internal.example.org; # option domain-name "internal.example.org"; # option routers 10.5.5.1; # option broadcast-address 10.5.5.31; # default-lease-time 600; # max-lease-time 7200; #} # Hosts which require special configuration options can be listed in # host statements. If no address is specified, the address will be # allocated dynamically (if possible), but the host-specific information # will still come from the host declaration. #host passacaglia { # hardware ethernet 0:0:c0:5d:bd:95; # filename "vmunix.passacaglia"; # server-name "toccata.example.com"; #} # Fixed IP addresses can also be specified for hosts. These addresses # should not also be listed as being available for dynamic assignment. # Hosts for which fixed IP addresses have been specified can boot using # BOOTP or DHCP. Hosts for which no fixed address is specified can only # be booted with DHCP, unless there is an address range on the subnet # to which a BOOTP client is connected which has the dynamic-bootp flag # set. #host fantasia { # hardware ethernet 08:00:07:26:c0:a5; # fixed-address fantasia.example.com; #} # You can declare a class of clients and then do address allocation # based on that. The example below shows a case where all clients # in a certain class get addresses on the 10.17.224/24 subnet, and all # other clients get addresses on the 10.0.29/24 subnet. #class "foo" { # match if substring (option vendor-class-identifier, 0, 4) = "SUNW"; #} #shared-network 224-29 { # subnet 10.17.224.0 netmask 255.255.255.0 { # option routers rtr-224.example.org; # } # subnet 10.0.29.0 netmask 255.255.255.0 { # option routers rtr-29.example.org; # } # pool { # allow members of "foo"; # range 10.17.224.10 10.17.224.250; # } # pool { # deny members of "foo"; # range 10.0.29.10 10.0.29.230; # } #}
Создание базовой конфигурации DHCP-сервера.
$ sudo tee /etc/dhcp/dhcpd.conf << EOF # dhcpd.conf # # Local network configuration file for ISC dhcpd # # This DHCP server is the official DHCP server for the local network authoritative; # Common network settings option routers 172.16.144.1; option domain-name-servers 1.1.1.1; option domain-name "octocat.cloud"; default-lease-time 86400; max-lease-time 604800; # Configuration for an internal subnet subnet 172.16.144.0 netmask 255.255.248.0 { range 172.16.151.110 172.16.151.120; } # Hosts configuration options host desktop { hardware ethernet 1c:69:7a:b7:e5:2c; fixed-address 172.16.151.200; } EOF
$ sudo tee /etc/dhcp/dhcpd.conf << EOF # dhcpd.conf # # Local network configuration file for ISC dhcpd # # This DHCP server is the official DHCP server for the local network authoritative; # Common network settings option routers 172.16.144.1; option domain-name-servers 1.1.1.1; option domain-name "octocat.cloud"; default-lease-time 86400; max-lease-time 604800; # Configuration for an internal subnet subnet 172.16.144.0 netmask 255.255.248.0 { range 172.16.151.110 172.16.151.120; } # Hosts configuration options host desktop { hardware ethernet 1c:69:7a:b7:e5:2c; fixed-address 172.16.151.200; } EOF
Файл тестовой конфигурации.
$ dhcpd -t -4 -cf /etc/dhcp/dhcpd.conf
Internet Systems Consortium DHCP Server 4.4.1 Copyright 2004-2018 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Config file: /etc/dhcp/dhcpd.conf Database file: /var/lib/dhcp/dhcpd.leases PID file: /var/run/dhcpd.pid
Перезапустим DHCP-сервер
$ sudo systemctl restart isc-dhcp-server.service
Проверим, включен ли сервис.
$ sudo systemctl is-enabled isc-dhcp-server.service
isc-dhcp-server.service is not a native service, redirecting to systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install is-enabled isc-dhcp-server enabled
Проверим статус сервиса
$ sudo systemctl status isc-dhcp-server.service
* isc-dhcp-server.service - LSB: DHCP server Loaded: loaded (/etc/init.d/isc-dhcp-server; generated) Active: active (running) since Sun 2022-05-08 12:38:57 CEST; 46s ago Docs: man:systemd-sysv-generator(8) Process: 3424 ExecStart=/etc/init.d/isc-dhcp-server start (code=exited, status=0/SUCCESS) Tasks: 4 (limit: 780) CPU: 154ms CGroup: /system.slice/isc-dhcp-server.service `-3439 /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth0 May 08 12:38:54 scylla.octocat.cloud systemd[1]: Starting LSB: DHCP server... May 08 12:38:54 scylla.octocat.cloud isc-dhcp-server[3424]: Launching IPv4 server only. May 08 12:38:55 scylla.octocat.cloud dhcpd[3439]: Wrote 0 deleted host decls to leases file. May 08 12:38:55 scylla.octocat.cloud dhcpd[3439]: Wrote 0 new dynamic host decls to leases file. May 08 12:38:55 scylla.octocat.cloud dhcpd[3439]: Wrote 0 leases to leases file. May 08 12:38:55 scylla.octocat.cloud dhcpd[3439]: Server starting service. May 08 12:38:57 scylla.octocat.cloud isc-dhcp-server[3424]: Starting ISC DHCPv4 server: dhcpd. May 08 12:38:57 scylla.octocat.cloud systemd[1]: Started LSB: DHCP server.
Обновим конфигурацию rsyslog для использования выделенного файла журнала.
$ cat << 'EOF' | sudo tee /etc/rsyslog.d/dhcpd.conf # Log messages generated by dhcpd application if $programname == 'dhcpd' then /var/log/dhcpd.log # stop processing it further & stop EOF
# Log messages generated by dhcpd application if $programname == 'dhcpd' then /var/log/dhcpd.log # stop processing it further & stop
Перезапустим службу rsyslog.
$ sudo systemctl restart rsyslog
Просмотрим файл журнала DHCP-сервера.
$ sudo tail -f /var/log/dhcpd.log
May 8 12:29:52 raspberrypi dhcpd[3065]: DHCPREQUEST for 172.16.151.200 from 1c:69:7a:b7:e5:2c via eth0 May 8 12:29:52 raspberrypi dhcpd[3065]: DHCPACK on 172.16.151.200 to 1c:69:7a:b7:e5:2c via eth0 May 8 12:34:52 raspberrypi dhcpd[3065]: DHCPREQUEST for 172.16.151.200 from 1c:69:7a:b7:e5:2c via eth0 May 8 12:34:52 raspberrypi dhcpd[3065]: DHCPACK on 172.16.151.200 to 1c:69:7a:b7:e5:2c via eth0 May 8 12:38:55 raspberrypi dhcpd[3439]: Wrote 0 deleted host decls to leases file. May 8 12:38:55 raspberrypi dhcpd[3439]: Wrote 0 new dynamic host decls to leases file. May 8 12:38:55 raspberrypi dhcpd[3439]: Wrote 0 leases to leases file. May 8 12:38:55 raspberrypi dhcpd[3439]: Server starting service. May 8 12:39:52 raspberrypi dhcpd[3439]: DHCPREQUEST for 172.16.151.200 from 1c:69:7a:b7:e5:2c via eth0 May 8 12:39:52 raspberrypi dhcpd[3439]: DHCPACK on 172.16.151.200 to 1c:69:7a:b7:e5:2c via eth0
Обеспечим ротацию этих журналов.
$ tee /etc/logrotate.d/dhcpd << EOF /var/log/dhcpd.log { daily rotate 7 missingok create 0640 root adm postrotate /usr/lib/rsyslog/rsyslog-rotate endscript } EOF
/var/log/dhcpd.log { hourly rotate 7 missingok create 0640 root adm postrotate /usr/lib/rsyslog/rsyslog-rotate endscript }
см. также:
- Как настроить разрешение конфликтов DHCP?
- Как установить и настроить DHCP на Ubuntu 18.04
- 🖧 Как узнать шлюз по умолчанию
- 🖧 Как изменить IP-адрес на Linux
- 🌐 Как настроить постоянный DNS-резолвер
- 🌐 Как сделать постоянными изменения DNS в resolv.conf на Linux
- 🖧 Как сделать так, чтобы каждая виртуальная машина Ubuntu получила свой собственный IP-адрес