Содержание
Аннотация
The purpose of the Dynamic Host Configuration Protocol (DHCP) is to assign network settings centrally (from a server) rather than configuring them locally on each and every workstation. A host configured to use DHCP does not have control over its own static address. It is enabled to configure itself completely and automatically according to directions from the server. If you use the NetworkManager on the client side, you do not need to configure the client at all. This is useful if you have changing environments and only one interface active at a time. Never use NetworkManager on a machine that runs a DHCP server.
One way to configure a DHCP server is to identify each client using the hardware address of its network card (which should be fixed in most cases), then supply that client with identical settings each time it connects to the server. DHCP can also be configured to assign addresses to each relevant client dynamically from an address pool set up for this purpose. In the latter case, the DHCP server tries to assign the same address to the client each time it receives a request, even over extended periods. This works only if the network does not have more clients than addresses.
DHCP makes life easier for system administrators. Any changes, even bigger ones, related to addresses and the network configuration in general can be implemented centrally by editing the server's configuration file. This is much more convenient than reconfiguring numerous workstations. It is also much easier to integrate machines, particularly new machines, into the network, because they can be given an IP address from the pool. Retrieving the appropriate network settings from a DHCP server is especially useful in case of laptops regularly used in different networks.
In this chapter, the DHCP server will run in the same subnet as the workstations, 192.168.2.0/24 with 192.168.2.1 as gateway. It has the fixed IP address 192.168.2.254 and serves two address ranges, 192.168.2.10 to 192.168.2.20 and 192.168.2.100 192.168.2.200.
A DHCP server supplies not only the IP address and the netmask, but also the hostname, domain name, gateway, and name server addresses for the client to use. In addition to that, DHCP allows a number of other parameters to be configured in a centralized way, for example, a time server from which clients may poll the current time or even a print server.
To install a DHCP server, start YaST and select
+ . Choose + and select . Confirm the installation of the dependent packages to finish the installation process.LDAP Support | |
---|---|
The YaST DHCP module can be set up to store the server configuration locally (on the host that runs the DHCP server) or to have its configuration data managed by an LDAP server. If you want to use LDAP, set up your LDAP environment before configuring the DHCP server. For more information about LDAP, see Глава 4, LDAP — Сервис директорий (↑Руководство по безопасности). |
The YaST DHCP module (yast2-dhcp-server
)
allows you to set up your own DHCP server for the local network. The
module can run in wizard mode or expert configuration mode.
When the module is started for the first time, a wizard starts, prompting you to make a few basic decisions concerning server administration. Completing this initial setup produces a very basic server configuration that should function in its essential aspects. The expert mode can be used to deal with more advanced configuration tasks.
In the first step, YaST looks for the network interfaces available on your system and displays them in a list. From the list, select the interface to which the DHCP server should listen and click Рисунок 12.1, «DHCP Server: Card Selection».
. After this, select to open the firewall for this interface, and click . SeeUse the check box to determine whether your DHCP settings should be automatically stored by an LDAP server. In the entry fields, provide the network specifics for all clients the DHCP server should manage. These specifics are the domain name, address of a time server, addresses of the primary and secondary name server, addresses of a print and a WINS server (for a mixed network with both Windows and Linux clients), gateway address, and lease time. See Рисунок 12.2, «DHCP Server: Global Settings».
In this step, configure how dynamic IP addresses should be assigned to clients. To do so, specify an IP range from which the server can assign addresses to DHCP clients. All these addresses must be covered by the same netmask. Also specify the lease time during which a client may keep its IP address without needing to request an extension of the lease. Optionally, specify the maximum lease time—the period during which the server reserves an IP address for a particular client. See Рисунок 12.3, «DHCP Server: Dynamic DHCP».
After the third part of the configuration wizard, a last dialog is shown in which you can define how the DHCP server should be started. Here, specify whether to start the DHCP server automatically when the system is booted or manually when needed (for example, for testing purposes). Click Рисунок 12.4, «DHCP Server: Start-Up».
to complete the configuration of the server. See
Both the DHCP server and the DHCP clients are available for
openSUSE. The DHCP server available is dhcpd (published by the
Internet Systems Consortium). On the client side, choose between two
different DHCP client programs: dhcp-client
(also from ISC) and the DHCP client daemon in the
dhcpcd
package.
openSUSE installs dhcpcd by default. The program is very easy to
handle and is launched automatically on each system boot to watch for a
DHCP server. It does not need a configuration file to do its job and
works out of the box in most standard setups. For more complex
situations, use the ISC dhcp-client, which is controlled by means of the
configuration file /etc/dhclient.conf
.
The core of any DHCP system is the dynamic host configuration protocol
daemon. This server leases addresses and watches how
they are used, according to the settings defined in the configuration
file /etc/dhcpd.conf
. By changing the parameters and
values in this file, a system administrator can influence the program's
behavior in numerous ways. Look at the basic sample
/etc/dhcpd.conf
file in
Пример 12.1, «The Configuration File /etc/dhcpd.conf».
Пример 12.1. The Configuration File /etc/dhcpd.conf¶
default-lease-time 600; # 10 minutes max-lease-time 7200; # 2 hours option domain-name "example.com"; option domain-name-servers 192.168.1.116; option broadcast-address 192.168.2.255; option routers 192.168.2.1; option subnet-mask 255.255.255.0; subnet 192.168.2.0 netmask 255.255.255.0 { range 192.168.2.10 192.168.2.20; range 192.168.2.100 192.168.2.200; }
This simple configuration file should be sufficient to get the DHCP server to assign IP addresses in the network. Make sure that a semicolon is inserted at the end of each line, because otherwise dhcpd is not started.
The sample file can be divided into three sections. The first one defines
how many seconds an IP address is leased to a requesting client by
default (default-lease-time
) before it should apply
for renewal. This section also includes a statement of the maximum period
for which a machine may keep an IP address assigned by the DHCP server
without applying for renewal (max-lease-time
).
In the second part, some basic network parameters are defined on a global level:
The line option domain-name
defines the default
domain of your network.
With the entry option domain-name-servers
, specify
up to three values for the DNS servers used to resolve IP addresses
into hostnames and vice versa. Ideally, configure a name server on your
machine or somewhere else in your network before setting up DHCP. That
name server should also define a hostname for each dynamic address and
vice versa. To learn how to configure your own name server, read
Глава 11, The Domain Name System.
The line option broadcast-address
defines the
broadcast address the requesting client should use.
With option routers
, set where the server should
send data packets that cannot be delivered to a host on the local
network (according to the source and target host address and the subnet
mask provided). In most cases, especially in smaller networks, this
router is identical to the Internet gateway.
With option subnet-mask
, specify the netmask
assigned to clients.
The last section of the file defines a network, including a subnet mask.
To finish, specify the address range that the DHCP daemon should use to
assign IP addresses to interested clients. In
Пример 12.1, «The Configuration File /etc/dhcpd.conf», clients may be given any address
between 192.168.2.10
and
192.168.2.20
as well as
192.168.2.100
and 192.168.2.200
.
After editing these few lines, you should be able to activate the DHCP
daemon with the command
rcdhcpd start
. It will be ready
for use immediately. Use the command
rcdhcpd check-syntax
to perform
a brief syntax check. If you encounter any unexpected problems with your
configuration (the server aborts with an error or does not return
done
on start), you should be able to find out what
has gone wrong by looking for information either in the main system log
/var/log/messages
or on console 10
(Ctrl+Alt+F10).
On a default openSUSE system, the DHCP daemon is started in a chroot
environment for security reasons. The configuration files must be copied
to the chroot environment so the daemon can find them. Normally, there is
no need to worry about this because the command
rcdhcpd start
automatically
copies the files.
DHCP can also be used to assign a predefined, static address to a specific client. Addresses assigned explicitly always take priority over dynamic addresses from the pool. A static address never expires in the way a dynamic address would, for example, if there were not enough addresses available and the server needed to redistribute them among clients.
To identify a client configured with a static address, dhcpd uses the
hardware address (which is a globally unique, fixed numerical code
consisting of six octet pairs) for the identification of all network
devices (for example, 00:30:6E:08:EC:80
). If the respective
lines, like the ones in Пример 12.2, «Additions to the Configuration File», are added
to the configuration file of Пример 12.1, «The Configuration File /etc/dhcpd.conf», the DHCP
daemon always assigns the same set of data to the corresponding client.
Пример 12.2. Additions to the Configuration File¶
host jupiter { hardware ethernet 00:30:6E:08:EC:80; fixed-address 192.168.2.100; }
The name of the respective client (host
hostname
, here
jupiter
) is entered in the first line and the MAC
address in the second line. On Linux hosts, find the MAC address with
the command ip link show
followed by
the network device (for example, eth0
). The output
should contain something like
link/ether 00:30:6E:08:EC:80
In the preceding example, a client with a network card having the MAC
address 00:30:6E:08:EC:80
is assigned the IP address
192.168.2.100
and the hostname
jupiter
automatically. The type of hardware to enter is
ethernet
in nearly all cases, although
token-ring
, which is often found on IBM systems, is
also supported.
To improve security, the openSUSE version of the ISC's DHCP server
comes with the non-root/chroot patch by Ari Edelkind applied. This
enables dhcpd to run with the user ID
nobody
and run in a chroot
environment (/var/lib/dhcp
). To make this possible,
the configuration file dhcpd.conf
must be located
in /var/lib/dhcp/etc
. The init script automatically
copies the file to this directory when starting.
Control the server's behavior regarding this feature by means of entries
in the file /etc/sysconfig/dhcpd
. To run dhcpd
without the chroot environment, set the variable
DHCPD_RUN_CHROOTED
in
/etc/sysconfig/dhcpd
to «no».
To enable dhcpd to resolve hostnames even from within the chroot environment, some other configuration files must be copied as well:
/etc/localtime
/etc/host.conf
/etc/hosts
/etc/resolv.conf
These files are copied to /var/lib/dhcp/etc/
when
starting the init script. Take these copies into account for any changes
that they require if they are dynamically modified by scripts like
/etc/ppp/ip-up
. However, there should be no need to
worry about this if the configuration file only specifies IP addresses
(instead of hostnames).
If your configuration includes additional files that should be copied
into the chroot environment, set these under the variable
DHCPD_CONF_INCLUDE_FILES
in the file
/etc/sysconfig/dhcpd
. To ensure that the DHCP
logging facility keeps working even after a restart of the syslog-ng
daemon, there is an additional entry
SYSLOGD_ADDITIONAL_SOCKET_DHCP
in the file
/etc/sysconfig/syslog
.
More information about DHCP is available at the Web site of the
Internet Systems Consortium
(http://www.isc.org/products/DHCP/). Information is
also available in the dhcpd
,
dhcpd.conf
, dhcpd.leases
, and
dhcp-options
man pages.