Difference between revisions of "DHCP server installation"
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
[[Category:Linux]]
 +
 
Dynamic Host Configuration Protocol.
 
Dynamic Host Configuration Protocol.
  
Line 54: Line 56:
 
=Security=
 
=Security=
  
You should edit your firewall to match the current rules:
+
See [[Firewall INPUT filters#DHCP|Firewall rules for DHCP server]]
 
 
<syntaxhighlight lang="bash">
 
    IPTABLES=`which iptables`
 
    LAN_ADDRESS="172.16.50.0/24"
 
  
    # Allow LAN communication
 
    # ... Required for NFS and the NetBoot ...
 
    $IPTABLES -A INPUT -s $LAN_ADDRESS -d $LAN_ADDRESS -m state ! --state INVALID -j ACCEPT
 
    $IPTABLES -A OUTPUT -s $LAN_ADDRESS -d $LAN_ADDRESS -m state ! --state INVALID -j ACCEPT
 
  
    ########################
 
    # INPUT filters
 
    ########################
 
  
    ##### DHCP client ######
 
    # Broadcast IP request
 
    $IPTABLES -A OUTPUT -p udp -d 255.255.255.255 --sport 68 --dport 67 -j ACCEPT
 
    # Send / reply to IPs requests
 
    $IPTABLES -A INPUT -p udp -s 255.255.255.255 --sport 67 --dport 68 -j ACCEPT
 
  
    ###### DHCP server ######
+
=Configuration=
    # UDP (can also run on TCP) >> received client's requests
 
    $IPTABLES -A INPUT -p udp --sport 68 --dport 67 -j ACCEPT
 
    $IPTABLES -A INPUT -p tcp --sport 68 --dport 67 -j ACCEPT
 
 
 
    # NetBoot - TFTP server
 
    $IPTABLES -A INPUT -p udp -s $LAN_ADDRESS --dport 69 -j ACCEPT
 
 
 
 
 
    ########################
 
    # OUTPUT filters
 
    ########################
 
    # DHCP [udp]
 
    $IPTABLES -A OUTPUT -p udp --dport 67 -j ACCEPT
 
    $IPTABLES -A OUTPUT -p udp --dport 68 -j ACCEPT
 
    # DHCP [tcp]
 
    $IPTABLES -A OUTPUT -p tcp --dport 67 -j ACCEPT
 
    $IPTABLES -A OUTPUT -p tcp --dport 68 -j ACCEPT
 
  
    # TFTP NetBoot
 
    $IPTABLES -A OUTPUT -p udp --dport 69 -j ACCEPT
 
 
</syntaxhighlight>
 
 
Don't forget to adjust your network number ''172.16.50.0/24''
 
 
 
 
=Configuration=
 
  
 +
==Configuration file==
  
 
The main configuration file is '''/etc/dhcp/dhcpd.conf'''
 
The main configuration file is '''/etc/dhcp/dhcpd.conf'''
Line 117: Line 77:
  
  
==Random IP assignation==
+
==Assign IP==
 
 
The following configuration will accept all clients and give them a random IP @.
 
 
 
<syntaxhighlight lang="bash">
 
# Sample /etc/dhcpd.conf
 
# (add your comments here)
 
default-lease-time 600;
 
max-lease-time 7200;
 
option subnet-mask 255.255.255.0;
 
option broadcast-address 172.16.50.255;
 
option routers 172.16.50.254;
 
# Put your own DNS server or your ISP | Google servers
 
option domain-name-servers 172.16.50.2, 8.8.8.8;
 
# Put your domain name - if you have one
 
option domain-name "mydomain.lan";
 
option ntp-servers 172.16.50.254;
 
 
 
subnet 172.16.50.0 netmask 255.255.255.0 {
 
  range 172.16.50.10 172.16.50.100;
 
  range 172.16.50.150 172.16.50.200;
 
}
 
</syntaxhighlight>
 
 
 
You have to adjust:
 
* Network parameters - instead of 172.16.50.*
 
* DHCP range(s). In the given example there are 2 ranges from 10-100 and 150-200
 
 
 
 
 
 
 
==Static IP @==
 
 
 
This new configuration will ONLY accept known clients and give them a static IP @.
 
 
 
<syntaxhighlight lang="bash">
 
# Sample /etc/dhcpd.conf
 
# (add your comments here)
 
default-lease-time 600;
 
max-lease-time 7200;
 
option subnet-mask 255.255.255.0;
 
option broadcast-address 172.16.50.255;
 
option routers 172.16.50.254;
 
option domain-name-servers 172.16.50.2, 8.8.8.8;
 
option domain-name "mydomain.lan";
 
option ntp-servers 172.16.50.254;
 
 
 
deny unknown-clients;
 
 
 
subnet 172.16.50.0 netmask 255.255.255.0 {
 
    host client1 {
 
        hardware ethernet DD:GH:DF:E5:F7:D7;
 
        fixed-address 172.16.50.20;
 
    }
 
    host client2 {
 
        hardware ethernet 00:JJ:YU:38:AC:45;
 
        fixed-address 172.16.50.21;
 
    }
 
}
 
 
 
</syntaxhighlight>
 
 
 
Note:
 
 
 
The ''deny unknown-clients;'' command is why only known clients are accepted.
 
 
 
 
 
For each client you have to adjust:
 
* MAC @
 
* Set a specific static IP @
 
 
 
 
 
==Advanced configuration (name + netboot)==
 
 
 
In the following scenario you will configure the server to accept only specific clients, use static IP @ and set names.
 
 
 
This configuration also allow NetBoot using PXE technology.
 
 
 
 
 
 
 
<syntaxhighlight lang="bash">
 
#### General options ####
 
 
 
## Domain settings
 
# domain name
 
option domain-name "myDomain.lan";
 
# DNS IP @ (replace it by your IP server, Google DNS or your ISP DNS)
 
option domain-name-servers XXX.XXX.XXX.XXX, YYY.YYY.YYY.YYY;
 
# DNS update system (disable)
 
ddns-update-style none;
 
 
 
## IP lease settings
 
default-lease-time 7200;
 
max-lease-time 86400;
 
 
 
## Network settings
 
# DHCP server name
 
server-name "dns.myDomain.lan";
 
# Authoritative server = this is the official DHCP server for the local network
 
authoritative;
 
# Subnet-mask
 
option subnet-mask 255.255.255.0;
 
 
 
 
 
## Security
 
# Do not allow unknown clients
 
deny unknown-clients;
 
# Do not forward DHCP request from this server to another one using a different Network Interface
 
option ip-forwarding off;
 
 
 
# Use this to send dhcp log messages to a different log file
 
# you also have to hack syslog.conf to complete the redirection
 
log-facility local7;
 
 
 
### NetBoot PXE
 
# Enable network boot using TFTP
 
allow bootp;
 
allow booting;
 
 
 
 
 
## Available networks
 
 
 
# Your server can manage many network. Just add new subnet{} instruction
 
 
 
# Main LAN
 
subnet 172.16.50.0 netmask 255.255.255.0 {
 
  #### Overall settings
 
  # You can override the default domain set earlier
 
  option domain-name "myDomain.lan";
 
  # Broadcast address
 
  option broadcast-address 172.16.50.255;
 
  # Default gateway
 
  option routers 172.16.50.1;
 
  # Set the NTP (time server) to use
 
  option ntp-servers 172.16.50.1;
 
 
 
 
 
  #### DHCP range
 
  # Hint: if the range has only 1 address, and this is a bail (fixed address), then the range won't be used!
 
  range 172.16.50.5 172.16.50.5;
 
 
 
  #### NETBOOT settings
 
  # PXE file to serve.
 
  #  >> elilo.efi  => for ia64 clients;
 
  #  >> pxelinux.0  => for x86
 
  # These files should be at the root of your TFTP server
 
  # Note: The file name can be add in the "host" section too. Then, the "host" will override the current setting
 
  filename "pxelinux.0";
 
  # set the server that serve this NETBOOT file
 
  next-server 172.16.50.2;
 
  # Ensure that the new client (the one boot) is not stealing someone else IP @
 
  ping-check = 1;
 
}
 
 
 
#### Managed host and fixed IP @
 
# FTP server
 
host ftp {
 
  hardware ethernet 00:0f:75:af:eb:44;
 
  fixed-address 172.16.50.2;
 
  option host-name "ftp";
 
 
 
  ### NetBoot PXE settings
 
  # dedicated file for the current machine:
 
  #filename "debian-installer/ia64/elilo.efi";
 
  # Set the TFTP server
 
  #next-server 172.16.50.2;
 
}
 
# WEB server
 
host web {
 
  hardware ethernet 00:02:0d:31:d1:cc;
 
  fixed-address 172.16.50.3;
 
  option host-name "web";
 
}
 
# EMAIL server
 
host mail {
 
  hardware ethernet 00:02:55:d2:d1:cc;
 
  fixed-address 172.16.50.4;
 
  option host-name "mail";
 
}
 
# LAPTOP workstation
 
host laptop {
 
  hardware ethernet 00:0e:af:31:d1:cc;
 
  fixed-address 172.16.50.5;
 
  option host-name "laptop";
 
}
 
</syntaxhighlight>
 
 
 
 
 
Be aware that the "option host-name ..." may be discard by most clients.
 
 
 
 
 
 
 
==Logs==
 
 
 
Logs are in '''/var/log/syslog'''
 
 
 
 
 
 
 
==Leases==
 
 
 
All DHCP leases are available in:
 
 
 
<syntaxhighlight lang="bash">
 
vim /var/lib/dhcp3/dhcpd.leases
 
</syntaxhighlight>
 
 
 
 
 
 
 
==Manage service==
 
 
 
 
 
You can start / restart service using:
 
 
 
<syntaxhighlight lang="bash">
 
service isc-dhcp-server start|restart|stop
 
</syntaxhighlight>
 
 
 
OR
 
 
 
<syntaxhighlight lang="bash">
 
/etc/init.d/isc-dhcp-server restart
 
</syntaxhighlight>
 
 
 
 
 
You can check the status using:
 
<syntaxhighlight lang="bash">
 
ps aux | grep dhcp
 
netstat -uap | grep dhcp
 
</syntaxhighlight>
 
 
 
 
 
 
 
 
 
=Add new host=
 
 
 
 
 
Every time you need to install you host you have to:
 
 
 
Edit the configuration file:
 
 
 
<syntaxhighlight lang="bash">
 
vim /etc/dhcp/dhcpd.conf
 
</syntaxhighlight>
 
 
 
 
 
Add new host at the end of the file :
 
 
 
<syntaxhighlight lang="bash">
 
host myNewHost {
 
  hardware ethernet 00:0e:af:31:d1:cc;
 
  fixed-address 172.16.50.60;
 
  option host-name "myNewHost";
 
}
 
</syntaxhighlight>
 
 
 
==> Don't forget to the given IP @ must match the DNS server declaration !
 
 
 
 
 
 
 
 
 
Restart the DHCP server :
 
 
 
<syntaxhighlight lang="bash">
 
/etc/init.d/isc-dhcp-server restart
 
</syntaxhighlight>
 
 
 
 
 
  
=NetBoot=
+
You can assign dynamic and / or static IP, you can also you NetBoot settings.
  
To setup the netboot, see [[NetBoot server]].
+
See:
 +
* [[DHCP dynamic IP assignation]]
 +
* [[DHCP static IP assignation]]
 +
* [[DHCP netboot configuration]]

Latest revision as of 21:40, 8 August 2014


Dynamic Host Configuration Protocol.


Note:

Since Ubuntu 11.10 the DHCP3-server is available in the "isc-dhcp-server" package.


Sources

You can find more information about that topic over here:


Requirement

A DHCP server can provided static or dynamic address.

However, the DHCP server's IP @ must always be static!!


If you want to use a DNS, then you can even setup the DNS server first. See DNS server



Installation

DHCP server 

apt-get install isc-dhcp-server


You will be asked a few questions:

  • On what network interfaces should the DHCP server listen? <-- eth0
  • Please configure the DHCP server as soon as the installation finishes. <-- Ok
  • The version 3 DHCP server is now non-authoritative by default <-- Ok


At the end of the installation you will see errors like these: * Generating /etc/default/dhcp3-server...

  • Starting DHCP server: dhcpd3 failed to start - check syslog for diagnostics.
  • invoke-rc.d: initscript dhcp3-server, action "start" failed.

That's OK because we did not have the chance yet to configure our DHCP server.


Security

See Firewall rules for DHCP server



Configuration

Configuration file

The main configuration file is /etc/dhcp/dhcpd.conf 

vim /etc/dhcp/dhcpd.conf


You can adjust the interface the server is listening on in /etc/dhcp/dhcp3-server INTERFACES="eth0 eth1"


Assign IP

You can assign dynamic and / or static IP, you can also you NetBoot settings.

See:

Retrieved from "http://www.daxiongmao.eu/wiki/index.php?title=DHCP_server_installation&oldid=1020"