|NO.Z.00010|——————————|^^ 部署 ^^|——|Linux&DHCP服務.V02|---------------------------------------------------|4臺server|DHCP服務|
阿新 • • 發佈:2022-03-25
[LinuxNetworkEnd:Linux&DHCP服務.V02] [Applications.LinuxNetworkEnd] [|DHCP服務|DHCP租約四部曲|DHCP固定地址|DHCP超級作用域|DHCP中繼|4臺server|]
一、DHCP服務搭建
二、DHCP配置### --- 準備實驗環境 ~~~ 兩臺機器;網路連線模式設為自定義VMnet+模式 ~~~ 關閉VMware虛擬網路編輯器的DHCP功能,切記。在vmware:預設租約是30分鐘,最長租約是2小時。 ### --- 防護的關閉: iptables —L // 防火牆 gerenforce // selinux
### --- 實驗環境:
centos6.x-server1:server:20.20.20.21 192.168.1.21
centos6.x-server2:client:20.20.20.22 192.168.1.22 隨便dhcp分配IP地址
centos6.x-server3:client:20.20.20.23 192.168.1.23 固定dhcp分配IP地址### --- 檢查環境 [root@server21 ~]# getenforce Disabled [root@server21 ~]# service iptables status iptables: Firewall is not running. [root@server21 ~]# iptables -L // 預設清空是未啟動的 Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
### --- 檢查dhcp和dhcp-common是否安裝
### --- yum源設定
[root@server21 ~]# rpm -q dhcp
package dhcp is not installed
[root@server21 ~]# rpm -q dhcp-common
dhcp-common-4.1.1-51.P1.el6.centos.x86_64四、DHCP配置檔案詳解### --- 安裝dhcp [root@server21 ~]# yum install -y dhcp // dhcp是向外租賃資源的服務,dhcp需要把資源寫入配置檔案後才可以啟動,沒有寫入配置檔案資源,是啟動不成功的。 [root@server21 ~]# cat /etc/dhcp/dhcpd.conf // dhcp的配置檔案 # DHCP Server Configuration file. # see /usr/share/doc/dhcp*/dhcpd.conf.sample // 去看/usr/share/doc/dhcp下的某一個目錄下有一個檔案是dhcpd.conf.sample .sample是模板檔案,預設是不生效的。作為備用的檔案。 # see 'man 5 dhcpd.conf' // 檢視幫助的命令。man 5的級別,就是幫你來解釋說明配置你檔案的說明 [root@server21 ~]# cp -a /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample /etc/dhcp/dhcpd.conf //將母版配置檔案複製到dhcp的配置檔案出,覆蓋 [root@server21 ~]# ll /etc/sysconfig/dhcrelay // 中繼配置檔案
### --- DHCP的分為兩種:全域性配置和區域性配置
[root@server21 ~]# vim /etc/dhcp/dhcpd.conf
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200; // 以上四條是全部重複的,
log-facility local7; // 日誌儲存的裝置;日誌儲存到/var/log/masage這個檔案
subnet 10.152.187.0 netmask 255.255.255.0 { // subnet是一個一個資源池
}
host passacaglia { // 給某一臺指定的主機設定一個固定的IP地址
hardware ethernet 0:0:c0:5d:bd:95;
filename "vmunix.passacaglia";
server-name "toccata.fugue.com";
}
class "foo" { // 超級作用域的配置
match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
}### --- subnet配置說明
subnet 192.168.88.0 netmask 255.255.255.0 { // 宣告要分配的網段和子網掩碼;dhcp配置檔案中subnet下至少有一個宣告是當前主機所使用的網段。
range 192.168.88.3 192.168.88.254; // 什麼可用IP地址池;range是宣告可對外分配的IP地址範圍,我們說明是IP地址池。
option domain-name :atguigu.com"; // 設定DNS域
option domain-name-server 8.8.8.8; // 設定DNS伺服器地址;若是不分配DNS地址只能在區域網內使用,若是給了DNS地址,就可以進行域名解析,就可以在網際網路上通訊
option routers 192.168.88.2; // 預設閘道器地址;設定正確的閘道器。最好跟NAT地址(橋接地址)匹配一直,
option broadcast-address 192.168.88.255; // 廣播地址(可不寫)
default-lease-time 600; // 預設租約(S)
max-lease-time 7200; // 最大租約(s)
}一、DHCP實驗部署:DHCP基本功能實驗
### --- 生成配置檔案
[root@server21 ~]# cp -a /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample /etc/dhcp/dhcpd.conf### --- 修改配置檔案
~~~ 將配置檔案的前幾個subnet什麼註釋掉,修改最後一個subner宣告
~~~ 注:注意配置檔案中每行結尾的分號和結束大括號,謝謝!
[root@server21 ~]# vim /etc/dhcp/dhcpd.conf
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.200;
# option domain-name-servers ns1.internal.example.org;
# option domain-name "internal.example.org";
# option routers 10.5.5.1;
# option broadcast-address 10.5.5.31;
default-lease-time 600;
max-lease-time 7200;
}### --- 重啟服務
service dhcpd start
[root@server21 ~]# netstat -tlun
udp 0 0 0.0.0.0:67 0.0.0.0:* ### --- 驗證
[root@server22 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0 // 登出網絡卡設定
ONBOOT=yes
BOOTPROTO=dhcp
[root@server22 ~]# ifdown eth0;ifup eth0 // 重啟指定網絡卡,生產環境中不建議使用service,全域性使用
[root@server22 ~]# ip addr
eth0: inet 192.168.1.103/24 // 獲取有效的IP地址
[root@server22 ~]# tail -10 /var/log/messages // 檢視日誌租約四部曲
Feb 2 02:50:47 localhost dhclient[6424]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4 (xid=0x108757ee //DHCPDISCOVER發起一個請求,來自於哪裡)
Feb 2 02:50:47 localhost dhclient[6424]: DHCPOFFER from 192.168.1.1 //DHCPOFFER
Feb 2 02:50:47 localhost dhclient[6424]: DHCPREQUEST on eth0 to 255.255.255.255 port 67 (xid=0x108757ee) //DHCPREQUEST
Feb 2 02:50:47 localhost dhclient[6424]: DHCPACK from 192.168.1.1 (xid=0x108757ee) //DHCPACK
Feb 2 02:50:49 localhost NET[6475]: /sbin/dhclient-script : updated /etc/resolv.conf
Feb 2 02:50:50 localhost dhclient[6424]: bound to 192.168.188 -- renewal in 2731 seconds.### --- 獲取客戶端的Mac地址
[root@server22 ~]# arp -a // 檢視客戶機的Mac地址
? (192.168.1.1) at 50:3a:a0:4b:78:ec [ether] on eth0### --- 修改/etc/dhcp/dhcpd.conf檔案
[root@server21 ~]# vim /etc/dhcp/dhcpd.conf
host fantasia {
hardware ethernet 50:3a:a0:4b:78:ec; // 客戶機的Mac地址
fixed-address 192.168.1.88; // 配置地址池以外的IP地址;//固定分配給客戶機的IP地址(可以使用地址池以外的IP)
}### --- 重啟DHCP服務
[root@server21 ~]# service dhcpd restart ### --- 重啟客戶機網絡卡驗證IP獲取是否成功
~~~ 修改客戶端網絡卡配置
[root@server23 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=dhcp
ifdown eth0; ifup eth0
[root@server23 ~]# ifdown eth0;ifup eth0### --- 驗證
[root@server23 ~]# ifdown eth0;ifup eth0
[root@server23 ~]# ip addr
2: eth0:inet 192.168.1.88/24
[root@server23 ~]# tail -6 /var/log/messages
Feb 2 01:46:38 localhost kernel: e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
Feb 2 01:46:38 localhost kernel: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
Feb 2 01:46:40 localhost dhclient[3324]: DHCPREQUEST on eth0 to 255.255.255.255 port 67 (xid=0x22ec641b)
Feb 2 01:46:40 localhost dhclient[3324]: DHCPACK from 192.168.1.1 (xid=0x22ec641b)
Feb 2 01:46:42 localhost NET[3375]: /sbin/dhclient-script : updated /etc/resolv.conf
Feb 2 01:46:42 localhost dhclient[3324]: bound to 192.168.1.88 -- renewal in 3331 seconds.
[root@server23 ~]# vim /var/log/messages // 驗證發生了續租
Feb 2 03:15:24 localhost dhcpd: DHCPACK on 192.168.1.104 to 08:00:27:e1:56:1a (localhost) via eth0
Feb 2 03:18:59 localhost dhcpd: DHCPREQUEST for 192.168.1.88 from 54:35:30:62:8c:71 (DESKTOP-MTTRBER) via eth0### --- 超級作用域介紹
~~~ DHCP伺服器可為#單個物理網路上的客戶端提供多個作用域租約地址
### --- 實驗環境準備
~~~ 三臺虛擬機器同一網路模式,一個DHCP伺服器,兩個客戶機### --- 客戶端設定為DHCP網絡卡
[root@server22 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
ONBOOT=yes
BOOTPROTO=dhcp
[root@server22 ~]# ifdown eth0
[root@server23 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=dhcp
[root@server23 ~]# ifdown eth0
[root@server21 ~]# yum install -y dhcp### --- 設定DHCP伺服器的單臂路由所需子網絡卡
[root@server21 ~]# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:0
[root@server21 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0:0
DEVICE=eth0:0
IPADDR=192.168.2.21
[root@server21 ~]# ifup eth0:0
[root@server21 ~]# ip addr
2: eth0:
inet 192.168.1.21/24 brd 192.168.1.255 scope global eth0
inet 192.168.2.21/24 brd 192.168.2.255 scope global eth0:0### --- 開啟路由轉發
[root@server21 ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@server21 ~]# sysctl -p // 重新整理核心引數配置檔案
net.ipv4.ip_forward = 1 ### --- 修改/etc/dhcp/dhcpd.conf檔案 // 之前的網段宣告和主機宣告全部註釋掉!
[root@server21 ~]# cp -a /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample /etc/dhcp/dhcpd.conf
[root@server21 ~]# vim /etc/dhcp/dhcpd.conf
class "foo" {
match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
}
shared-network 1-2 { // 所使用網段的地址192.168.1.21 192.168.2.21
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.21;
range 192.168.1.100 192.168.1.100; // 因為我們需要驗證第一個網段不夠用的時候,再去分配下一個地址,設定一個來獲取驗證。
}
subnet 192.168.2.0 netmask 255.255.255.0 { // 攝於內容註釋掉或者刪除掉,切記別拉下括號
option routers 192.168.2.21;
range 192.168.2.100 192.168.2.200;
}
} ### --- 重啟DHCP服務
[root@server21 ~]# service dhcpd restart### --- 分別重啟兩臺機器的網絡卡,檢視獲取的地址
[root@server22 ~]# ifup eth0
[root@server22 ~]# ip addr
2: eth0:inet 192.168.1.100/24 // 獲取到的地址是192.168.1.103
[root@server23 ~]# ifup eth0
[root@server23 ~]# ip addr
2: eth0: 192.168.2.100/24
[root@server22 ~]# ping 192.168.2.100 // 這兩個客戶機之間ping是可以正常通訊的, 一、DHCP中繼
### --- DHCP中繼
~~~ DHCP中繼介紹:DHCP Relay(DHCPR)DHCP中繼是一個小程式,
~~~ 可以實現在不同和物理網段之間處理和轉發DHCP資訊的功能。### --- DHCP伺服器
eth0 (192.168.1.21) VMnet10
### --- DHCP中繼
eth0 (192.168.1.21)VMnet10
eth1 (20.20.20.21)VMnet11### --- 外網客戶機:
### --- 注:關閉所有防護:iptables Selinux
eth0 (IP地址自動獲取) VMnet11### --- 配置DHCP伺服器
### --- 客戶端網絡卡eth0設定為dhcp ifdown eht0
[root@server22 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
ONBOOT=yes
BOOTPROTO=dhcp
[root@server22 ~]# ifdown eth0
[root@server23 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
ONBOOT=yes
BOOTPROTO=dhcp
[root@server23 ~]# ifdown eth0### --- 軟體安裝
[root@server21 ~]# yum install -y dhcp
[root@server21 ~]# cp -a /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample /etc/dhcp/dhcpd.conf### --- 修改/etc/dhcp/dhcpd.conf檔案
~~~ 宣告兩個subnet,其他無關可以不做操作或刪除
[root@server21 ~]# vim /etc/dhcp/dhcpd.conf
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.200;
option routers 192.168.1.21;
default-lease-time 600;
max-lease-time 7200;
}
subnet 10.10.10.0 netmask 255.255.255.0 {
range 10.10.10.10 10.10.10.200;
option routers 10.10.10.21;
default-lease-time 600;
max-lease-time 7200;
}### --- 重啟dhcpd服務:
[root@server21 ~]# service dhcpd start### --- 指定閘道器:只能中繼器的內網IP為閘道器地址
### --- 配置DHCP中繼伺服器
### --- 網絡卡配置
~~~ 一塊網絡卡:ip=192.168.10.20
~~~ 一塊網絡卡:ip=100.100.100.20### --- 軟體安裝
[root@server22 ~]# yum install -y dhcp
### --- 修改中繼配置檔案
[root@server22 ~]# vim /etc/sysconfig/dhcrelay
INTERFACES="eth0 eth1"
DHCPSERVERS="192.168.1.21"### --- 開啟路由轉發
[root@server22 ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@server22 ~]# sysctl -p
net.ipv4.ip_forward = 1
### --- 重啟中繼服務
[root@server22 ~]# service dhcrelay start### --- 測試外網主機
[root@server21 ~]# tail -f /var/log/messages // 實時檢視dhcp伺服器的日誌
[root@server22 ~]# tail -f /var/log/messages // 實時檢視中繼下的日誌有什麼區別
[root@server23 ~]# ifup eth0 // 重啟客戶端網絡卡
[root@server23 ~]# ip addr
2: eth0: inet 192.168.1.104/24 ===============================END===============================
Walter Savage Landor:strove with none,for none was worth my strife.Nature I loved and, next to Nature, Art:I warm'd both hands before the fire of life.It sinks, and I am ready to depart ——W.S.Landor
來自為知筆記(Wiz)