لطفا منتظر باشید ...
Setting Up a DHCP Server
Assuming you have already set up the physical connections between your DHCP server and the client computers on your network (presumably an Ethernet LAN), the minimum tools you need to get the DHCP server working are:
A firewall that allows DHCP access
A configured /etc/dhcpd.conf file
A running dhcpd server daemon (which can be started at boot time)
After the DHCP server is running, it broadcasts its availability as a DHCP server to the LAN. A client simply boots up (with an Ethernet network interface turned on and DHCP identified as its method of getting network addresses), and the information it needs to get up and running on the network is fed to it from the server.
| Note | The dhcpd.conf file allows an extraordinary amount of flexibility. To see the full set of options and parameters you can set in that file, refer to the dhcp-options and dhcpd.conf man pages (type man dhcp-options). |
Opening your firewall for DHCP
The firewall on your DHCP server must be configured to allow access to UDP ports 67 and 68. If you are using iptables (and you did not open ports 67 and 68 during installation), you can add a new rule to iptables and then save the changes permanently. Type the following as root:
# iptables -I INPUT -I eth0 -p udp --sport 67:68 --dport 67:68 -j ACCEPT
In this example, requests are allowed to and from ports 67 and 68 on the eth0 interface (which is your first Ethernet card). If your DHCP server is also a routing firewall for your network, you want to make sure that you are only offering DHCP services to your LAN and not to the Internet. (You need to figure out if eth0, eth1, or some other card is connected to your LAN.)If the rule was accepted (type iptables -L to make sure), you can save your entire firewall configuration so that the new rule is included permanently. To do that, type the following (as root user):
# iptables-save > /etc/sysconfig/iptables
This updates your /etc/sysconfig/iptables file so that all the current rules (including the one you just added) are included the next time iptables is restarted.
Configuring the dhcpd.conf file
Suppose you have a single pool of IP addresses that you want to distribute to a set of computers that are all on the same subnetwork. In other words, all the computers are connected to one hub (or a set of daisy-chained hubs). Here is an example of a simple dhcpd.conf file:
ddns-update-style interim;
ignore client-updates;
subnet 10.0.0.0 netmask 255.0.0.0 {
option routers 10.0.0.1;
option domain-name-servers 10.0.0.1;
option subnet-mask 255.0.0.0;
option domain-name "handsonhistory.com";
range dynamic-bootp 10.0.0.150 10.0.0.225;
default-lease-time 21600;
max-lease-time 43200;
# Set name server to appear at a fixed address
host ns {
next-server ns1.handsonhistory.com;
hardware ethernet 00:D0:B3:79:B5:35;
fixed-address 10.0.0.1;
}
}
In this example, this DHCP server is providing IP addresses for client computers on a small LAN. The first two lines tell the DHCP server not to update DNS records for the local domain based on the IP addresses it assigns.The DHCP server is serving a single LAN: 10.0.0.0 network with a 255.0.0.0 netmask. Other data in this file define what information the DHCP server will hand out to clients on this LAN.
A single server at address 10.0.0.1 is used as the router (or gateway) and DNS server for the LAN. To ensure that this server always gets the fixed address of 10.0.0.1, a host entry is set to the hardware address (00:D0:B3:79:B5:35) for the Ethernet card on the host named ns.The pool of addresses handed out by this DHCP server is 10.0.0.150 to 10.0.0.225, as set by the range dynamic-bootp line. (Using dynamic-bootp allows bootp and dhcp clients to get addresses.) Along with the IP address that each client is assigned, the client is also given the associated subnet-mask and domain name.The IP addresses that the DHCP server hands out are leased to each client for a particular time. The default-lease-time (set to 21,600 seconds here, or six hours) is the time assigned if the client doesn't request a particular lease period. The max-lease-time (43,200 seconds here, or 12 hours) is the highest amount of time the server will assign, if the client requests it. Clients can renew leases, so they don't have to lose the IP address while they are still using it.
Expanding the dhcpd.conf file
As I noted earlier, this is a very simple example that works well for a single network of client computers. Below are some examples of ways that you can expand your dhcpd.conf file.
If you have multiple ranges of addresses on the same subnetwork, you can add multiple range options to a subnet declaration. Here is an example:subnet 10.0.0.0 netmask 255.0.0.0 {
range 10.0.0.10 10.0.0.100;
range 10.0.0.200 10.0.0.250;
}
This example causes the DHCP server to assign IP addresses between the ranges of 0.0.10 and 0.0.100 and between 0.0.200 and 0.0.250 on network number 10.
You can set fixed addresses for particular host computers. In particular, you would want to do this for your server computers so that their addresses don't change. One way to do this is based on the Ethernet hardware address of the server's Ethernet card. All information for that computer can be contained in a host definition, such as the following:host pine {
hardware ethernet 00:04:5A:4F:8E:47;
fixed-address 10.0.0.254;
}
Here, when the DHCP server encounters the Ethernet address, the fixed-address (10.0.0.254) is assigned to it. Type ifconfig -a on the server computer to see the address of its Ethernet hardware (while the interface is up). Within this host definition, you can add other options as well. For example, you could set the location of different routes (routers option).
Many of the options let you define the locations of various server types. These options can be set globally or within particular host or subnet definitions. For example:option netbios-name-servers 10.0.0.252;
option time-servers 10.0.0.253;
In these examples, the netbios-name-servers option defines the location of the WINS server (if you are doing Windows file and print server sharing using Samba). The time-servers option sets the location of a time server on your network.
The DHCP server can be used to provide the information an X Terminal or diskless workstation could use to boot up on the network. The following is an example of a definition you could use to start such a computer on your network:host maple {
filename "/dwboot/maple.nb";
hardware ethernet 00:04:5A:4F:8E:47;
fixed-address 10.0.0.150;
}
In the previous example, the boot file used by the diskless workstation from the DHCP server is located at /dwboot/maple.nb. The hardware ethernet value identifies the address of the Ethernet card on the client. The client's IP address is set to 10.0.0.150. All of those lines are contained within a host definition, where the host name is defined as maple. (See the Thin Clients heading in Table 23-2 for other options that may be useful for configuring thin clients.)
Adding options
There are dozens of options you can use in the /etc/dhcpd.conf file to pass information from the DHCP server to DHCP clients. Table 23-1 describes data types you can use for different options. Table 23-2 describes options that are available.
Data Types | Description |
|---|---|
ip-address | Enter ip-address as either an IP address number (11.111.111.11) or a fully-qualified domain name (comp1.handsonhistory.com). To use a domain name, the name must be resolvable to an IP address number. |
int32, int16, int8, uint32, uint16, uint8 | Used to represent signed and unsigned 32-, 16-, and 8-bit integers, respectively. |
"string" | Enter a string of characters, surrounded by double quotes. |
Boolean | Enter true or false when a boolean value is required. |
data-string | Enter a string of characters in quotes ("client1") or a hexadecimal series of octets (00:04:5A:4F:8E:47). |
Options contain values that are passed from the DHCP server to clients. Although Table 23-2 lists valid options, the client computer will not be able to use every value you could potentially pass to it. In other words, not all options are appropriate in all cases.Table 23-2 is divided into the following categories:
Names, Addresses, and Time — These options set values that are used by clients to have their host name, domain name, network numbers, and time (offset from GMT) defined.
Servers and Routers — These options are used to tell DHCP clients where on the network to find routers and servers. Though more than a dozen server types are listed, most often you will just indicate the address of the router and the DNS servers the client will use.
Routing — These options indicate whether or not the client routes packets.
Thin Clients — These options are useful if DHCP is being used as a boot server for thin clients. A thin client may be an X Terminal or diskless workstation that has processing power, but no disk (or a very small disk) so it can't store a boot image and a file system itself.
Starting the DHCP server
After the /etc/dhcpd.conf file is configured, you can start the DHCP server immediately. As root user from a Terminal window, type the following:
# service dhcpd start
Your DHCP server should now be available to distribute information to the computers on your LAN. If there are client computers on your LAN waiting on your DHCP server, their network interfaces should now be active.If everything is working properly, you can have your DHCP server start automatically each time your computer boots by turning on the dhcpd service as follows:
# chkconfig dhcpd on
There are a few ways you can check that your DHCP server is working:
Check the /var/lib/dhcp/dhcpd.leases file. If a client has successfully been assigned addresses from the DHCP server, a lease line should appear in that file. There should be one set of information that looks like the following for each client that has leased an IP address:lease 10.0.0.225 {
starts 2 2002/05/04 03:48:12;
ends 2 2002/05/04 15:48:12;
hardware ethernet 00:50:ba:d8:03:9e;
client-hostname "pine:;
}
Turn on the Ethereal window (type ethereal& from a Terminal window) and start capturing data (in promiscuous mode). Restart the DHCP server and restart the network interface on the client. You should see a series of DHCP packets that show a sequence that looks like the following: DHCP Offer, DHCP Discover, DHCP Offer, DHCP Request, and DHCP ACK.
From the client computer, you should be able to start communicating on the network. If the client is a Linux system, type the ifconfig -a command. Your Ethernet interface (probably eth0) should appear, with the IP address set to the address assigned by the DHCP server.
When the server is running properly, you can continue to add DHCP clients to your network to draw on the pool of addresses you assign.
