如何配置CentOS的DHCP服务?

RHEL-Like

1 基础知识

1.1 DHCP的概念

DHCP是一种可以通过自动或动态分配的方式管理入网设备的IP地址(UDP/IP设置)的协议

1.2 DHCP的作用

– 可配置客户端的默认网关
– 可配置客户端的域名
– 可配置客户端的名称服务器
– 可配置客户端的其他选项(不能一一列举)

1.3 DHCP协议的架构

client-server,即客户端-服务器模型

1.4 DHCP的工作原理

– 设备连接到网络中(入网)
– 设备的DHCP客户端通过发送DHCP广播查询请求DHCP服务
– 网络中的任何DHCP服务器均可回应请求
以上工作过程被分为四个阶段,

– 发现,即服务器发现
– 提供,即IP租约提供
– 请求,即IP租用请求
– 确认,即IP租约确认

1.4.1 DHCP的发现

– DHCP客户端在网络上广播DHCPDISCOVER消息(数据包)
– 广播方式有,包含目标地址的255.255.255.255(有限广播)或特定子网广播地址(定向广播)
另外,如果你需要了解详细的DHCPDISCOVER数据包格式,请参阅下表,

Example DHCPDISCOVER message

Ethernet: source=sender’s MAC; destination=FF:FF:FF:FF:FF:FF

IP: source=0.0.0.0; destination=255.255.255.255
UDP: source port=68; destination port=67

Octet 0 Octet 1 Octet 2 Octet 3
OP HTYPE HLEN HOPS
0x01 0x01 0x06 0x00
XID
0x3903F326
SECS FLAGS
0x0000 0x0000
CIADDR (Client IP address)
0x00000000
YIADDR (Your IP address)
0x00000000
SIADDR (Server IP address)
0x00000000
GIADDR (Gateway IP address)
0x00000000
CHADDR (Client hardware address)
0x00053C04
0x8D590000
0x00000000
0x00000000
192 octets of 0s, or overflow space for additional options; BOOTP legacy.
Magic cookie
0x63825363
DHCP options
0x350101 53: 1 (DHCP Discover)
0x3204c0a80164 50: 192.168.1.100 requested
0x370401030f06 55 (Parameter Request List):

  • 1 (Request Subnet Mask),
  • 3 (Router),
  • 15 (Domain Name),
  • 6 (Domain Name Server)
0xff 255 (Endmark)

1.4.2 DHCP的提供

– DHCP服务器从客户端接收到DHCPDISCOVER消息(IP地址租约请求)
– DHCP服务器为客户端保留IP地址
– DHCP服务器通过向客户端发送DHCPOFFER消息提供租约
另外,此消息包含客户端的以下信息,
– 客户端ID(MAC地址)
– 服务器提供的IP地址
– 服务器提供的子网掩码
– 租约持续时间
– 提供DHCP服务的服务器IP地址
另外,如果你需要了解详细的DHCPOFFER数据包格式,请参阅下表,

DHCPOFFER message

Ethernet: source=sender’s MAC; destination=client mac address

IP: source=192.168.1.1; destination=255.255.255.255
UDP: source port=67; destination port=68

Octet 0 Octet 1 Octet 2 Octet 3
OP HTYPE HLEN HOPS
0x02 0x01 0x06 0x00
XID
0x3903F326
SECS FLAGS
0x0000 0x0000
CIADDR (Client IP address)
0x00000000
YIADDR (Your IP address)
0xC0A80164 (192.168.1.100)
SIADDR (Server IP address)
0xC0A80101 (192.168.1.1)
GIADDR (Gateway IP address)
0x00000000
CHADDR (Client hardware address)
0x00053C04
0x8D590000
0x00000000
0x00000000
192 octets of 0s; BOOTP legacy.
Magic cookie
0x63825363
DHCP options
53: 2 (DHCP Offer)
1 (subnet mask): 255.255.255.0
3 (Router): 192.168.1.1
51 (IP address lease time): 86400s (1 day)
54 (DHCP server): 192.168.1.1
6 (DNS servers):

  • 9.7.10.15,
  • 9.7.10.16,
  • 9.7.10.18

1.4.3 DHCP的请求

– DHCP客户端收到服务器的DHCPOFFER消息
– DHCP客户端回复DHCPREQUEST消息,向服务器广播、请求提供地址
注:DHCP客户端可从多个DHCP服务器接收DHCPOFFER,但只会接收其中一个DHCPOFFER
另外,如果你需要了解详细的DHCPREQUEST数据包格式,请参阅下表,

DHCPREQUEST message

Ethernet: source=sender’s MAC; destination=FF:FF:FF:FF:FF:FF

IP: source=0.0.0.0; destination=255.255.255.255;
UDP: source port=68; destination port=67

Octet 0 Octet 1 Octet 2 Octet 3
OP HTYPE HLEN HOPS
0x01 0x01 0x06 0x00
XID
0x3903F326
SECS FLAGS
0x0000 0x0000
CIADDR (Client IP address)
0x00000000
YIADDR (Your IP address)
0x00000000
SIADDR (Server IP address)
0xC0A80101 (192.168.1.1)
GIADDR (Gateway IP address)
0x00000000
CHADDR (Client hardware address)
0x00053C04
0x8D590000
0x00000000
0x00000000
192 octets of 0s; BOOTP legacy.
Magic cookie
0x63825363
DHCP options
53: 3 (DHCP Request)
50: 192.168.1.100 requested
54 (DHCP server): 192.168.1.1

1.4.4 DHCP确认

– DHCP服务器从DHCP客户端接收到DHCPREQUEST消息
– DHCP服务器向DHCP客户端发送DHCPACK消息
另外,此消息包含如下内容,
– 租约的期限
– 客户端请求的其他配置信息
另外,如果你需要了解详细的DHCPACK数据包格式,请参阅下表,

DHCPACK message

Ethernet: source=sender’s MAC; destination=client’s MAC

IP: source=192.168.1.1; destination=192.168.1.100
UDP: source port=67; destination port=68

Octet 0 Octet 1 Octet 2 Octet 3
OP HTYPE HLEN HOPS
0x02 0x01 0x06 0x00
XID
0x3903F326
SECS FLAGS
0x0000 0x0000
CIADDR (Client IP address)
0x00000000
YIADDR (Your IP address)
0xC0A80164 (192.168.1.100)
SIADDR (Server IP address)
0xC0A80101 (192.168.1.1)
GIADDR (Gateway IP address switched by relay)
0x00000000
CHADDR (Client hardware address)
0x00053C04
0x8D590000
0x00000000

0x00000000
192 octets of 0s. BOOTP legacy
Magic cookie
0x63825363
DHCP options
53: 5 (DHCP ACK) or 6 (DHCP NAK)
1 (subnet mask): 255.255.255.0
3 (Router): 192.168.1.1
51 (IP address lease time): 86400s (1 day)
54 (DHCP server): 192.168.1.1
6 (DNS servers):

  • 9.7.10.15,
  • 9.7.10.16,
  • 9.7.10.18

1.5 DHCP的地址分配的方法

– 动态分配,即将可分配范围内的IP地址动态地分配给客户端,续租的IP地址随机分配
– 自动分配,即将可分配范围内的IP地址自动地分配给客户端,续租的IP地址保持不变
– 手动分配,即手动指定某个客户机可以得到某个IP地址

1.6 DHCP的跨网络实现

– 跨网络指的是跨路由的网络
– 跨路由使用DHCP需要使用DHCP中继代理

1.7 DHCP的适用协议

– Internet Protocol version 4 (IPv4)
– Internet Protocol version 6 (IPv6)

1.8 DHCP的通讯端口

– 67/udp,服务器的目标端口
– 68/udp,客户端的通讯端口

2 最佳实践

2.1 系统环境配置

2.1.1 基本的配置信息

hostname = router.cmdschool.org
interface_1 = eth0(WLAN)
ipaddress_1 = 192.168.0.250
interface_2 = eth1(LAN)
ipaddress_2 = 10.168.0.1/24

2.1.2 防火墙配置

2.2 软件环境配置

2.2.1 安装DHCP软件包

yum install -y dhcp

2.2.2 安装常用的工具(可选)

yum install -y vim

2.3 DHCP服务配置

2.3.1 定义DHCP服务配置文件

cp /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.default
vim /etc/dhcp/dhcpd.conf

加入如下配置:

# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
option domain-name "cmdschool.org";
option domain-name-servers ns1.cmdschool.org, ns2.cmdschool.org;

default-lease-time 600;
max-lease-time 7200;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

# Configuration for an internal subnet.
subnet 10.168.0.0 netmask 255.255.255.0 {
  range 10.168.0.50 10.168.0.199;
  option domain-name-servers 202.96.128.86,202.96.128.166;
  option domain-name "cmdschool.org";
  option routers 10.168.0.1;
  option broadcast-address 10.168.0.255;
  default-lease-time 600;
  max-lease-time 7200;
}

另外,建议你使用如下命令检查配置的语法,

dhcpd -t

2.3.2 定义DHCP广播的网卡

vim /etc/sysconfig/dhcpd

修改如下配置:

DHCPDARGS=eth1

2.3.3 启动服务并配置自启动

/etc/init.d/dhcpd start
chkconfig dhcpd on

2.4 DHCP服务排错

2.4.1 查看倾听的服务端口

netstat -andp | grep dhcp

2.4.2 查看服务的日志

tail -f /var/log/messages

参考资料:
==================
https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol

没有评论

发表回复

RHEL-Like
如何配置rsyncd服务?

1 前言 一个问题,一篇文章,一出故事。 由于笔者想实现文件通过rsync自动传输,但是又不想使用o …

RHEL-Like
如何用pam_google_authenticator认证模块实现SSH 2FA?

1 前言 一个问题,一篇文章,一出故事。 笔者想开启2FA以便增强SSH服务的安全性,于是便整理此文 …

RHEL-Like
如何升级RHEL clamav杀毒?

1 前言 一个问题,一篇文章,一出故事。 笔者需要卸载旧的病毒软件,然后更新rpm包的病毒软件,于是 …