**
redhat 7 中DHCP服务器搭建与应用
DHCP基于客户/服务器模式,当DHCP客户端启动时,它会自动与DHCP服务器通信要求提供自动分配IP地址的服务,而安装了DHCP服务软件的服务器则会响应要求。
用户可以利用DHCP服务器管理动态的IP地址分配及其他相关的环境配置工作,如DNS服务器、WINS服务器、Gateway(网关)的设置。
在DHCP机制中可以分为服务器和客户端两个部分,服务器使用固定的IP地址,在局域网中扮演着给客户端提供动态IP地址、DNS配置和网管配置的角色。客户端与IP地址相关的配置,都在启动时由服务器自动分配。
dhcp的服务程序的主配置文件/etc/dhcp/dhcpd.conf中只有3行注释语句,这意味着我们需要自行编写这个文件。
根据注释信息找到一个模板配置文件/usr/share/doc/dhcp-4.2.5/dhcpd.conf.example,我们可以将文件中的内容复制到配置文件中。如果不知道怎么编写,可以看一下下图参考示例文件,其组成架构如图所示。
dhcpd服务程序配置文件的架构
一个标准的配置文件应该包括全局配置参数、子网网段声明、地址配置选项以及地址配置参数。其中,全局配置参数用于定义dhcpd服务程序的整体运行参数;子网网段声明用于配置整个子网段的地址属性。
考虑到dhcpd服务程序配置文件的可用参数比较多,这里挑选了最常用的参数(见表),并逐一进行了简单介绍,以便为接下来的实验打好基础。
参数 | 作用 |
---|---|
ddns-update-style 类型 | 定义DNS服务动态更新的类型 |
ddns-update-style 类型 | 类型包括:none(不支持动态更新)、 |
ddns-update-style 类型 | interim(互动更新模式)与ad-hoc(特殊更新模式) |
allow/ignore client-updates | 允许/忽略客户端更新DNS记录 |
default-lease-time 21600 | 默认超时时间 |
max-lease-time 43200 | 最大超时时间 |
option domain-name-servers 8.8.8.8 | 定义DNS服务器地址 |
option domain-name “domain.org” | 定义DNS域名 |
range | 定义用于分配的IP地址池 |
option subnet-mask | 定义客户端的子网掩码 |
option routers | 定义客户端的网关地址 |
broadcast-address 广播地址 | 定义客户端的广播地址 |
ntp-server IP地址 | 定义客户端的网络时间服务器(NTP) |
nis-servers IP地址 | 定义客户端的NIS域服务器的地址 |
hardware 硬件类型 MAC地址 | 指定网卡接口的类型与MAC地址 |
server-name 主机名 | 向DHCP客户端通知DHCP服务器的主机名 |
fixed-address IP地址 | 将某个固定的IP地址分配给指定主机 |
time-offset 偏移差 | 指定客户端与格林尼治时间的偏移差 |
一、dhcp服务器配置实验步骤
实验准备
软件:VMware Workstation Pro
虚拟机:Red Hat Enterprise Linux 7 64 位 多台
DHCP 配置、DHCP中继代理、DHCP多作用域配置
DHCP服务器:192.168.10.10/24
由于VMware Workstation虚拟机软件自带DHCP服务,为了避免与自己配置的dhcpd服务程序产生冲突,应该先将虚拟机软件自带的DHCP功能关闭,但是一定要注意,DHCP客户端与服务器需要处于同一种网络模式—仅主机模式(Hostonly),否则就会产生物理隔离,从而无法获取IP地址。
1、检查VMnet1和VMnet8两张虚拟网卡是否打开
2、克隆一台redhat 7虚拟机,用作客户端
3、调整仅主机模式下的系统设置,关闭本地DHCP服务,设置子网网段。并设置DHCP服务器与客户端网络适配器模式为仅主机模式。
4、开启服务器,配置静态网络。
5、检查服务器在专用网络内能否正常ping通
[root@localhost 桌面]# ping 192.168.10.1 -c4
PING 192.168.10.1 (192.168.10.1) 56(84) bytes of data.
64 bytes from 192.168.10.1: icmp_seq=1 ttl=128 time=0.124 ms
64 bytes from 192.168.10.1: icmp_seq=2 ttl=128 time=0.108 ms
64 bytes from 192.168.10.1: icmp_seq=3 ttl=128 time=0.123 ms
64 bytes from 192.168.10.1: icmp_seq=4 ttl=128 time=0.125 ms
6、配置yum源,安装DHCP服务。
[root@localhost Desktop]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/rhel-root 38G 2.9G 35G 8% /
devtmpfs 905M 0 905M 0% /dev
tmpfs 914M 140K 914M 1% /dev/shm
tmpfs 914M 8.9M 905M 1% /run
tmpfs 914M 0 914M 0% /sys/fs/cgroup
/dev/sda1 497M 119M 379M 24% /boot
/dev/sr0 3.5G 3.5G 0 100% /run/media/root/RHEL-7.0 Server.x86_64
[root@localhost Desktop]# mkdir /mnt/cdrom
[root@localhost Desktop]# mount /dev/sr0 /mnt/cdrom
mount: /dev/sr0 is write-protected, mounting read-only
[root@localhost Desktop]# vim /etc/yum.repos.d/a.repo
[a]
name=welcome to redhatroom
baseurl=file:///mnt/cdrom
enabled=1
gpgcheck=0
[root@localhost \]# yum install -y dhcp \\安装DHCP软件包
[root@localhost \]# rpm -qa | grep dhcp \\查询安装结果
[root@localhost \]# systemctl start dhcpd \\启动DHCP服务
[root@localhost \]# systemctl restart dhcpd \\重启DHCP服务
[root@localhost \]# systemctl status dhcpd \\查看DHCP服务运行状态
[root@localhost \]# systemctl enable dhcpd \\设置DHCP服务开机自启
[root@localhost \]# systemctl stop dhcpd \\停止DHCP服务
[root@localhost \]# systemctl list-unit-files | grep dhcp \\查看开机自启项
[root@localhost \]# cat /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example >> /etc/dhcp/dhcpd.conf
在确认DHCP服务器的IP地址等网络信息配置妥当后,就可以配置dhcpd服务程序了。请注意,在配置dhcpd服务程序时,配置文件中的每行参数后面都需要以分号(;)结尾,这是规定。另外,dhcpd服务程序配置文件内的参数都十分重要,因此在表中罗列出了每一行参数,并对其用途进行了简单介绍。
[root@localhost /]# vim /etc/dhcp/dhcpd.conf
ddns-update-style none;
ignore client-updates;
subnet 192.168.10.0 netmask 255.255.255.0 {
range 192.168.10.100 192.168.10.150;
option domain-name-servers 192.168.10.2;
option domain-name "hnsw01.com";
option routers 192.168.10.254;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.10.255;
default-lease-time 600;
max-lease-time 7200;
}
参数 | 作用 |
---|---|
ddns-update-style none; | 设置DNS服务不自动进行动态更新 |
ignore client-updates; | 忽略客户端更新DNS记录 |
subnet 192.168.10.0 netmask 255.255.255.0 { | 作用域为192.168.10.0/24网段 |
range 192.168.10.100 192.168.10.200; | IP地址池为192.168.10.100-200(约100个IP地址) |
option domain-name-servers 192.168.10.2; | 定义客户端的DNS地址 |
option domain-name “redhat.com”; | 定义默认的搜索域 |
option routers 192.168.10.254; | 定义客户端的网关地址 |
option subnet-mask 255.255.255.0; | 定义客户端默认的子网掩码 |
option broadcast-address 192.168.10.255; | 定义客户端的广播地址 |
default-lease-time 600; | 定义默认租约时间(单位:秒) |
max-lease-time 7200; | 定义最大预约时间(单位:秒) |
} | 结束符 |
[root@localhost /]# dhcpd \\检验配置文件
Internet Systems Consortium DHCP Server 4.2.5
Copyright 2004-2013 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
Wrote 0 deleted host decls to leases file.
Wrote 0 new dynamic host decls to leases file.
Wrote 1 leases to leases file.
Listening on LPF/eno16777736/00:0c:29:a5:64:e8/192.168.10.0/24
Sending on LPF/eno16777736/00:0c:29:a5:64:e8/192.168.10.0/24
Sending on Socket/fallback/fallback-net
There's already a DHCP server running.
This version of ISC DHCP is based on the release available
on ftp.isc.org. Features have been added and other changes
have been made to the base software release in order to make
it work better with this distribution.
Please report for this software via the Red Hat Bugzilla site:
http://bugzilla.redhat.com
exiting.
[root@localhost \]# systemctl restart dhcpd \\重启DHCP服务
[root@localhost \]# systemctl status dhcpd.service \\查看DHCP服务状态
Internet Systems Consortium DHCP Server 4.2.5
Copyright 2004-2013 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
Wrote 0 leases to leases file.
Listening on LPF/eno16777736/00:0c:29:a5:64:e8/192.168.10.0/24
Sending on LPF/eno16777736/00:0c:29:a5:64:e8/192.168.10.0/24
Sending on Socket/fallback/fallback-net
把dhcpd服务程序配置妥当之后就可以开启克隆出来的客户端来检验IP分配效果了。
[root@localhost Desktop]# nmcli device connect eno16777736
Device 'eno16777736' successfully activated with '08f0a4ec-6c40-4963-b21a-143897fc020a'.
[root@localhost Desktop]# ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.100 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::20c:29ff:fe47:ae4f prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:47:ae:4f txqueuelen 1000 (Ethernet)
RX packets 33 bytes 3112 (3.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 55 bytes 6223 (6.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 23 bytes 2352 (2.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 23 bytes 2352 (2.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
如果是在生产环境中配置dhcpd服务,则有可能会因为DHCP没有被防火墙放行而导致失败,此时执行下面的命令即可:
[root@linuxprobe ~]# firewall-cmd --zone=public --permanent --add-service=dhcp
success
[root@linuxprobe ~]# firewall-cmd --reload
success
二、绑定IP地址
在DHCP协议中有个术语是“预约”,它用来确保局域网中特定的设备总是获取到固定的IP地址。换句话说,就是dhcpd服务程序会把某个IP地址私藏下来,只将其用于相匹配的特定设备。
要想把某个IP地址与某台主机进行绑定,就需要用到这台主机的MAC地址。
[root@localhost /]# vim /etc/dhcp/dhcpd.conf
ddns-update-style none;
ignore client-updates;
subnet 192.168.10.0 netmask 255.255.255.0 {
range 192.168.10.100 192.168.10.150;
option domain-name-servers 192.168.10.2;
option domain-name "hnsw01.com";
option routers 192.168.10.254;
option broadcast-address 192.168.10.255;
default-lease-time 600;
max-lease-time 7200;
}
host xiaozhang {
hardware ethernet 00:0c:29:47:ae:4f;
fixed-address 192.168.10.88;
}
[root@localhost /]# dhcpd \\检验配置文件
Internet Systems Consortium DHCP Server 4.2.5
Copyright 2004-2013 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
Wrote 0 deleted host decls to leases file.
Wrote 0 new dynamic host decls to leases file.
Wrote 1 leases to leases file.
Listening on LPF/eno16777736/00:0c:29:a5:64:e8/192.168.10.0/24
Sending on LPF/eno16777736/00:0c:29:a5:64:e8/192.168.10.0/24
Sending on Socket/fallback/fallback-net
There's already a DHCP server running.
This version of ISC DHCP is based on the release available
on ftp.isc.org. Features have been added and other changes
have been made to the base software release in order to make
it work better with this distribution.
Please report for this software via the Red Hat Bugzilla site:
http://bugzilla.redhat.com
exiting.
[root@localhost \]# systemctl restart dhcpd \\重启DHCP服务
[root@localhost 桌面]# systemctl status dhcpd.service
dhcpd.service - DHCPv4 Server Daemon
Loaded: loaded (/usr/lib/systemd/system/dhcpd.service; disabled)
Active: active (running) since 四 2023-11-02 08:25:22 CST; 19min ago
Docs: man:dhcpd(8)
man:dhcpd.conf(5)
Main PID: 15207 (dhcpd)
Status: "Dispatching packets..."
CGroup: /system.slice/dhcpd.service
└─15207 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid
打开克隆机,重启网络服务,查看是否获得了绑定的ip地址;
[root@localhost 桌面]# systemctl restart network
[root@localhost 桌面]# ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.88 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::20c:29ff:fe47:ae4f prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:47:ae:4f txqueuelen 1000 (Ethernet)
RX packets 47 bytes 6701 (6.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 206 bytes 17868 (17.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 125 bytes 12206 (11.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 125 bytes 12206 (11.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
三、 DHCP配置多作用域
单一的作用域,大部分时间能够满足网络的需求,但随着网络规模的扩大,如何增加可用的IP地址?
那么需要我们通过设置多个作用域来实现IP地址增容了
有两种方法实现:一是采用双网卡,二是利用DHCP超级作用域功能;
3.1双网卡实现两个作用域
(增加了网络拓扑的复杂性,加大了维护难度)
先看图例:
在VMware Workstation Pro菜单虚拟网络编辑器中增加新的虚拟网络VMnet2,类型为仅主机模式。
在DHCP服务器上增加一张新网卡,设置网络连接类型为虚拟网络VMnet2.
1、配置IP地址
为每块网卡配置独立的IP地址。IP地址配置的网段要与DHCP服务器发布的作用域一一对应,如下所示。
[root@localhost /]# ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::20c:29ff:fe2a:36a7 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:2a:36:a7 txqueuelen 1000 (Ethernet)
RX packets 625 bytes 73801 (72.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1094 bytes 98614 (96.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eno33554992: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.1 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::20c:29ff:fe2a:36b1 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:2a:36:b1 txqueuelen 1000 (Ethernet)
RX packets 213 bytes 31517 (30.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 63 bytes 8189 (7.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 641 bytes 64246 (62.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 641 bytes 64246 (62.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
2、配置dhcpd.conf
搭建DHCP服务器网络环境后,编辑配置文件,即可完成多作用域的设置,如下所示。
[root@localhost /]# vim /etc/dhcp/dhcpd.conf
ddns-update-style none;
ignore client-updates;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.254;
option domain-name-servers 192.168.1.2;
option domain-name "redhat.com";
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
default-lease-time 602;
max-lease-time 7200;
}
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.30 192.168.0.254;
option domain-name-servers 192.168.0.2;
option domain-name "redhat.com";
option routers 192.168.0.1;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
default-lease-time 602;
max-lease-time 7200;
}
[root@localhost /]# dhcpd \\检验配置文件
[root@localhost \]# systemctl restart dhcpd \\重启DHCP服务
开启两个DHCP客户端,测试。
3.2 超级作用域
1 确定DHCP服务器的IP
[root@desktop ~] # ifconfig eno16777736 192.168.1.3 netmask 255.255.255.0
2 配置dhcpd.conf文件
[root@localhost /]# vim /etc/dhcp/dhcpd.conf
ddns-update-style none;
ignore client-updates;
shared-network company {
option domain-name-servers 192.168.1.3;
option domain-name "company.com";
default-lease-time 602;
max-lease-time 7200;
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.1;
range 192.168.1.10 192.168.1.10;
}
subnet 192.168.3.0 netmask 255.255.255.0 {
option routers 192.168.3.1;
range 192.168.3.11 192.168.3.11;
}
}
因为我们需要测试IP分配,所以最好 把一个网段的IP地址池的范围设置为一个。在内核中开启路由转发功能
永久开启,(写入内核)
[root@localhost /]# vim /etc/sysctl.conf
加入此行
net.ipv4.ip_forward = 1
[root@localhost /]# sysctl -p # 加载一下,使之生效
[root@localhost /]# dhcpd \\检验配置文件
[root@localhost /]# systemctl restart dhcpd \\重启DHCP服务
注意:如果之前做过其它的DHCP实验,建议在DHCP客户端上删除原网卡,新建一张新网卡获取新的MAC地址,再进行测试,防止之前实验对新实验造成影响。
四、配置DHCP中继代理
当网络中存在多个子网的时候,通过搭建一台或者几台DHCP 服务器,就能够承担整个网络的IP地址分配工作,完全没有必要为每个子网建立一台DHCP 服务器。由于客户计算机只能通过广播发送DHCP请求,而这些请求一般不能跨越路由器,因此需采用特殊的设置使客户机获得其他子网的 TCP/IP信息。
DHCP客户机能够通过 DHCP中继代理计算机转发 DHCP的请求。DHCP 中继代理计算机能听取DHCP广播,由于它了解DHCP服务器的IP地址,因此通过正常的IP数据包可将原广播包转发到服务器中,然后再将服务器的回应信息回复给客户机。这样,就好像子网中存在一个 DHCP服务器一样。
实例1 某学院内部有两个子网,IP地址网段分别为192.168.1.0/24 以及192.168.3.0/24。现需要使用一台 DHCP服务器,为这两个子网客户机分配IP地址。其学院网络拓扑结构如图2.13所示。
1、配置DHCP服务器
配置DHCP服务器,IP地址192.168.3.10及网关192.168.3.2(指向中继外网卡),设置网络连接为VMnet1,并在VMware虚拟网络编辑器中设置VMnet1,及VMnet8的子网地址。
[root@localhost \]# yum install -y dhcp \\安装DHCP软件包
[root@localhost \]# rpm -qa | grep dhcp \\查询安装结果
[root@localhost /]# vim /etc/dhcp/dhcpd.conf
ddns-update-style none;
ignore-client-updates;
shared-network school {
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.10;
option domain-name-servers 192.168.1.3;
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
default-lease-time 600;
max-lease-time 7200;
}
subnet 192.168.3.0 netmask 255.255.255.0 {
range 192.168.3.10 192.168.3.100;
option domain-name-servers 192.168.3.10;
option routers 192.168.3.1;
option subnet-mask 255.255.255.0;
default-lease-time 600;
max-lease-time 7200;
}
}
[root@localhost \]# systemctl start dhcpd \\启动DHCP服务
2、配置DCHP中继代理
中继代理服务器关机后添加一块网卡,根据网络拓扑图,设置DCHP中继代理服务器两张网卡分别为VMnet1网卡地址192.168.3.2/24,DNS及网关为192.168.3.1;设置VMnet8网卡地址192.168.1.3/24,DNS及网关为192.168.1.1;,测试网络连通情况
[root@localhost network-scripts]# ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.3.2 netmask 255.255.255.0 broadcast 192.168.3.255
inet6 fe80::20c:29ff:fe44:2ec6 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:44:2e:c6 txqueuelen 1000 (Ethernet)
RX packets 3637 bytes 406661 (397.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2388 bytes 548064 (535.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eno33554992: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.3 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::20c:29ff:fe44:2ed0 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:44:2e:d0 txqueuelen 1000 (Ethernet)
RX packets 3414 bytes 389000 (379.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 664 bytes 205845 (201.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost \]# yum install -y dhcp \\安装DHCP软件包
出于安全考虑,Linux系统默认是禁⽌数据包转发的。所谓转发即当主机拥有多于⼀块的⽹卡时,其中⼀块收到数据包,根据数据包的⽬的ip地址将数据包发往本机另⼀块⽹卡,该⽹卡根据路由表继续发送数据包。这通常是路由器所要实现的功能。
开启路由转发功能
[root@localhost network-scripts]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@localhost network-scripts]# sysctl -p
net.ipv4.ip_forward = 1
[root@localhost network-scripts]# sysctl -a | grep forward
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.eno16777736.forwarding = 1
net.ipv4.conf.eno16777736.mc_forwarding = 0
net.ipv4.conf.eno33554992.forwarding = 1
net.ipv4.conf.eno33554992.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.ip_forward = 1 \\已开启
net.ipv6.conf.all.forwarding = 0
net.ipv6.conf.all.mc_forwarding = 0
net.ipv6.conf.default.forwarding = 0
net.ipv6.conf.default.mc_forwarding = 0
net.ipv6.conf.eno16777736.forwarding = 0
net.ipv6.conf.eno16777736.mc_forwarding = 0
net.ipv6.conf.eno33554992.forwarding = 0
net.ipv6.conf.eno33554992.mc_forwarding = 0
net.ipv6.conf.lo.forwarding = 0
net.ipv6.conf.lo.mc_forwarding = 0
3、启用中继代理
dhcrelay命令可以提供中继DHCP和BOOTP请求,从一个没有DHCP服务器的子网直接连接到其它子网内的一个或多个DHCP服务器。该命令在DHCP中继服务器上使用,同时支持DHCPv4/BOOTP和DHCPv6协议。
[root@localhost network-scripts]# dhcrelay 192.168.3.10
Dropped all unnecessary capabilities.
Internet Systems Consortium DHCP Relay Agent 4.2.5
Copyright 2004-2013 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/eno33554992/00:0c:29:44:2e:d0
Sending on LPF/eno33554992/00:0c:29:44:2e:d0
Listening on LPF/eno16777736/00:0c:29:44:2e:c6
Sending on LPF/eno16777736/00:0c:29:44:2e:c6
Sending on Socket/fallback
4、测试
1)开户一台LIUNX客户端,设置网络模式为VMnet8,连接网卡
[root@localhost ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.10 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::ffdf:d95a:1113:4879 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:f9:9f:5c txqueuelen 1000 (Ethernet)
RX packets 1822 bytes 286859 (280.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2011 bytes 227200 (221.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
2)开启一台win7客户端,设置网络模式为VMnet1,打开CMD,测试
3)查看DHCP服务器租约数据库文件
vim /var/lib/dhcpd/dhcpd.leases
# The format of this file is documented in the dhcpd.leases(6) manual page.
# This lease file was written by isc-dhcp-4.2.5
server-duid "\000\001\000\001*\337\322\333\000\014)\200?\270";
lease 192.168.1.10 {
starts 1 2022/10/17 08:47:55;
ends 1 2022/10/17 08:57:55;
cltt 1 2022/10/17 08:47:55;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 00:0c:29:44:2e:c6;
}
lease 192.168.3.10 {
starts 1 2022/10/17 08:54:02;
ends 1 2022/10/17 09:04:02;
cltt 1 2022/10/17 08:54:02;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 00:0c:29:a4:6b:76;
uid "\001\000\014)\244kv";
client-hostname "student";
}