IPv4/DHCP/Server: Unterschied zwischen den Versionen
Keine Bearbeitungszusammenfassung |
Keine Bearbeitungszusammenfassung |
||
Zeile 89: | Zeile 89: | ||
# Sample configuration file for ISC dhcpd | # Sample configuration file for ISC dhcpd | ||
# | # | ||
# option definitions common to all supported networks... | # option definitions common to all supported networks... | ||
option domain-name "example.org"; | |||
option domain-name-servers ns1.example.org, ns2.example.org; | |||
default-lease-time 600; | |||
max-lease-time 7200; | |||
# The ddns-updates-style parameter controls whether or not the server will | # The ddns-updates-style parameter controls whether or not the server will | ||
Zeile 95: | Zeile 101: | ||
# behavior of the version 2 packages ('none', since DHCP v2 didn't | # behavior of the version 2 packages ('none', since DHCP v2 didn't | ||
# have support for DDNS.) | # have support for DDNS.) | ||
ddns-update-style none; | |||
# If this DHCP server is the official DHCP server for the local | # If this DHCP server is the official DHCP server for the local | ||
# network, the authoritative directive should be uncommented. | # network, the authoritative directive should be uncommented. | ||
authoritative; | #authoritative; | ||
# Use this to send dhcp log messages to a different log file (you also | # Use this to send dhcp log messages to a different log file (you also | ||
# have to hack syslog.conf to complete the redirection). | # have to hack syslog.conf to complete the redirection). | ||
log-facility local7; | #log-facility local7; | ||
# No service will be given on this subnet, but declaring it helps the | # No service will be given on this subnet, but declaring it helps the | ||
Zeile 112: | Zeile 118: | ||
# This is a very basic subnet declaration. | # This is a very basic subnet declaration. | ||
# | #subnet 10.254.239.0 netmask 255.255.255.224 { | ||
subnet 10. | # range 10.254.239.10 10.254.239.20; | ||
{ | # option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org; | ||
range 10. | #} | ||
option routers 10. | |||
option domain-name | # This declaration allows BOOTP clients to get dynamic addresses, | ||
option domain-name- | # which we don't really recommend. | ||
default-lease-time 600; | |||
max-lease-time 7200; | #subnet 10.254.239.32 netmask 255.255.255.224 { | ||
# range dynamic-bootp 10.254.239.40 10.254.239.60; | |||
} | # option broadcast-address 10.254.239.31; | ||
# option routers rtr-239-32-1.example.org; | |||
#} | |||
# A slightly different configuration for an internal subnet. | |||
#subnet 10.5.5.0 netmask 255.255.255.224 { | |||
# range 10.5.5.26 10.5.5.30; | |||
# option domain-name-servers ns1.internal.example.org; | |||
# option domain-name "internal.example.org"; | |||
# option routers 10.5.5.1; | |||
# option broadcast-address 10.5.5.31; | |||
# default-lease-time 600; | |||
# max-lease-time 7200; | |||
#} | |||
# Hosts which require special configuration options can be listed in | |||
# host statements. If no address is specified, the address will be | |||
# allocated dynamically (if possible), but the host-specific information | |||
# will still come from the host declaration. | |||
#host passacaglia { | |||
# hardware ethernet 0:0:c0:5d:bd:95; | |||
# filename "vmunix.passacaglia"; | |||
# server-name "toccata.example.com"; | |||
#} | |||
# Fixed IP addresses can also be specified for hosts. These addresses | |||
# should not also be listed as being available for dynamic assignment. | |||
# Hosts for which fixed IP addresses have been specified can boot using | |||
# BOOTP or DHCP. Hosts for which no fixed address is specified can only | |||
# be booted with DHCP, unless there is an address range on the subnet | |||
# to which a BOOTP client is connected which has the dynamic-bootp flag | |||
# set. | |||
#host fantasia { | |||
# hardware ethernet 08:00:07:26:c0:a5; | |||
# fixed-address fantasia.example.com; | |||
#} | |||
# | # You can declare a class of clients and then do address allocation | ||
# based on that. The example below shows a case where all clients | |||
# in a certain class get addresses on the 10.17.224/24 subnet, and all | |||
# other clients get addresses on the 10.0.29/24 subnet. | |||
= | #class "foo" { | ||
# match if substring (option vendor-class-identifier, 0, 4) = "SUNW"; | |||
#} | |||
#shared-network 224-29 { | |||
# subnet 10.17.224.0 netmask 255.255.255.0 { | |||
# option routers rtr-224.example.org; | |||
# } | |||
# subnet 10.0.29.0 netmask 255.255.255.0 { | |||
# option routers rtr-29.example.org; | |||
# } | |||
# pool { | |||
# allow members of "foo"; | |||
# range 10.17.224.10 10.17.224.250; | |||
# } | |||
# pool { | |||
# deny members of "foo"; | |||
# range 10.0.29.10 10.0.29.230; | |||
# } | |||
#}</pre> |
Version vom 25. September 2019, 12:06 Uhr
DHCP (Dynamic Host Configuration Protocol)
Allgemein
- ist Erweiterung des Bootstrap-Protokolls (BOOTP)
- ist ein Hintergrundprozess (Dienst/Daemon)
- definiert in RFC 2131
- Transport durch UDP
- Standard-Ports:
- IPv4: 67 (Server od. Relay-Agent) 68 (Client)
- IPv6: 547 (Server od. Relay-Agent) 546 (Client)
Aufgabe
- angeschlossene Clients ohne manuelle Konfiguration der Schnittstelle in ein bestehendes Netz einbinden,
- das heißt die Konfigurationsparameter...
- IP-Adresse, die Adresse eines Gerätes im Netzwerk,
- Netzmaske, Adressierung des Netz- und Hostteils einer IP-Adresse,
- Gateway, die Brücke von einem ins andere Netz,
- Rechnername,
- Broadcast-Adresse,
- Boot-Image für plattenlose Workstations,
- NetBIOS Nameserver und Name Server (DNS)
- Time- und NTP-Server, die für die Synchronisierung der Uhrzeit zuständig sind,
- ...können automatisch vergeben werden
Betriebsmodi
- manuelle Zuordnung (statisches DHCP):
- IP-Adressen werden bestimmte MAC-Adressen fest zugeordnet; z.B. wichtig bei Port-Weiterleitungen oder wenn DHCP-Client Server-Dienste zur Verfügung stellt
- Nachteil: kein „einfaches“ Einbinden von neuen Clients
- automatische Zuordnung:
- am DHCP-Server wird ein Bereich (range) von IP-Adressen definiert IP-Adressen werden automatisch an die MAC-Adressen von neuen DHCP-Clients zugewiesen und keinem anderen Host mehr zugewiesen
- Zuweisungen sind permanent, werden nicht entfernt und in einer Tabelle eingetragen (/var/lib/dhcpd.leases)
- Nachteil: neue Clients erhalten keine IP-Adresse, wenn der gesamte Adressbereich vergeben ist, auch wenn die bereits vergebenen IP-Adressen nicht aktiv genutzt werden
- dynamische Zuordnung:
- automatische Zuordnung mit Lease-Time
- in Konfigurationdatei (/etc/dhcp/dhcpd.conf) wird festgelegt, wie lange eine IP-Adresse an Client „verliehen“ wird, bevor Client beim Server eine „Verlängerung“ beantragen muss
- Vorteil: bei „Nicht-Verlängerung“ durch Client wird IP-Adresse frei und neu vergeben
Ablauf
- DHCP-DISCOVER: Client sucht per Broadcast nach DHCP-Server
- DHCP-OFFER: DHCP-Server bietet Client per Unicast Konfigurationsparameter der Schnittstelle an
- DHCP-REQUEST: Client fordert angebotene Konfigurationsparameter bei DHCP-Server an (z.B. Mietanfrage)
- DHCP-ACK: DHCP-Server sendet Konfigurationsparameter an Client
Einrichtung unter Linux/Debian am Beispiel "isc-dhcp-server"
Installation
root@pc10:~# apt install isc-dhcp-server
Konfiguration
wichtige Dateien:
- "/etc/default/isc-dhcp-server"
- "/etc/dhcp/dhcpd.conf"
/etc/default/isc-dhcp-server
Hier muss festgelegt werden, an welches Netzwerkgerät der DHCP-Server gebunden werden soll. Hier soll das Netzwerkgerät "enp5s1" an den DHCP-Server gebunden werden.
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests? # Separate multiple interfaces with spaces, e.g. "eth0 eth1". INTERFACESv4="enp5s1" INTERFACESv6=""
/etc/dhcp/dhcpd.conf
Festlegung von ...
- Authoritative-Statement
- Lease-Time
- Subnet-Blöcke
- Range
- Options - z.B. Router, Domain-Name-Server
# dhcpd.conf # # Sample configuration file for ISC dhcpd # # option definitions common to all supported networks... option domain-name "example.org"; option domain-name-servers ns1.example.org, ns2.example.org; default-lease-time 600; max-lease-time 7200; # The ddns-updates-style parameter controls whether or not the server will # attempt to do a DNS update when a lease is confirmed. We default to the # behavior of the version 2 packages ('none', since DHCP v2 didn't # have support for DDNS.) ddns-update-style none; # If this DHCP server is the official DHCP server for the local # network, the authoritative directive should be uncommented. #authoritative; # Use this to send dhcp log messages to a different log file (you also # have to hack syslog.conf to complete the redirection). #log-facility local7; # No service will be given on this subnet, but declaring it helps the # DHCP server to understand the network topology. #subnet 10.152.187.0 netmask 255.255.255.0 { #} # This is a very basic subnet declaration. #subnet 10.254.239.0 netmask 255.255.255.224 { # range 10.254.239.10 10.254.239.20; # option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org; #} # This declaration allows BOOTP clients to get dynamic addresses, # which we don't really recommend. #subnet 10.254.239.32 netmask 255.255.255.224 { # range dynamic-bootp 10.254.239.40 10.254.239.60; # option broadcast-address 10.254.239.31; # option routers rtr-239-32-1.example.org; #} # A slightly different configuration for an internal subnet. #subnet 10.5.5.0 netmask 255.255.255.224 { # range 10.5.5.26 10.5.5.30; # option domain-name-servers ns1.internal.example.org; # option domain-name "internal.example.org"; # option routers 10.5.5.1; # option broadcast-address 10.5.5.31; # default-lease-time 600; # max-lease-time 7200; #} # Hosts which require special configuration options can be listed in # host statements. If no address is specified, the address will be # allocated dynamically (if possible), but the host-specific information # will still come from the host declaration. #host passacaglia { # hardware ethernet 0:0:c0:5d:bd:95; # filename "vmunix.passacaglia"; # server-name "toccata.example.com"; #} # Fixed IP addresses can also be specified for hosts. These addresses # should not also be listed as being available for dynamic assignment. # Hosts for which fixed IP addresses have been specified can boot using # BOOTP or DHCP. Hosts for which no fixed address is specified can only # be booted with DHCP, unless there is an address range on the subnet # to which a BOOTP client is connected which has the dynamic-bootp flag # set. #host fantasia { # hardware ethernet 08:00:07:26:c0:a5; # fixed-address fantasia.example.com; #} # You can declare a class of clients and then do address allocation # based on that. The example below shows a case where all clients # in a certain class get addresses on the 10.17.224/24 subnet, and all # other clients get addresses on the 10.0.29/24 subnet. #class "foo" { # match if substring (option vendor-class-identifier, 0, 4) = "SUNW"; #} #shared-network 224-29 { # subnet 10.17.224.0 netmask 255.255.255.0 { # option routers rtr-224.example.org; # } # subnet 10.0.29.0 netmask 255.255.255.0 { # option routers rtr-29.example.org; # } # pool { # allow members of "foo"; # range 10.17.224.10 10.17.224.250; # } # pool { # deny members of "foo"; # range 10.0.29.10 10.0.29.230; # } #}