Red Hat Fedora Linux 3 Bible
Assuming you have already set up the physical connections between your DHCP server and the client computers on your network (presumably an Ethernet LAN), the minimum tools you need to get the DHCP server working are:
-
A firewall that allows DHCP access
-
A configured /etc/dhcpd.conf file
-
A running dhcpd server daemon (which can be started at boot time)
After the DHCP server is running, it broadcasts its availability as a DHCP server to the LAN. A client simply boots up (with an Ethernet network interface turned on and DHCP identified as its method of getting network addresses), and the information it needs to get up and running on the network is fed to it from the server.
| Note | The dhcpd.conf file can serve a wide range of configuration information to DHCP clients. To see the full set of options and parameters you can set in that file, refer to the dhcp-options and dhcpd.conf man pages (type man dhcp-options). |
Opening your firewall for DHCP
The firewall on your DHCP server must be configured to allow access to UDP ports 67 and 68. If you are using iptables (and you did not open ports 67 and 68 during installation), you can add a new rule to iptables and then save the changes permanently. Type the following as root user:
# iptables -I INPUT -i eth0 -p udp --sport 67:68 --dport 67:68 -j ACCEPT
In this example, requests are allowed to and from ports 67 and 68 on the eth0 interface (which is your first Ethernet card). If your DHCP server is also a routing firewall for your network, you want to make sure that you are only offering DHCP services to your LAN and not to the Internet. (You need to figure out if eth0, eth1, or some other card is connected to your LAN.)
If the rule was accepted (type iptables -L to make sure), you can save your entire firewall configuration so that the new rule is included permanently. To do that, type the following (as root user):
# iptables-save > /etc/sysconfig/iptables
This updates your /etc/sysconfig/iptables file so that all the current rules (including the one you just added) are included the next time iptables is restarted.
Configuring the dhcpd.conf file
Suppose you have a single pool of IP addresses that you want to distribute to a set of computers that are all on the same subnetwork. In other words, all the computers are connected to one switch or cluster of switches with no routing between the devices. Here is an example of a simple dhcpd.conf file:
ddns-update-style interim; ignore client-updates; subnet 10.0.0.0 netmask 255.0.0.0 { option routers 10.0.0.1; option domain-name-servers 10.0.0.1; option subnet-mask 255.0.0.0; option domain-name "handsonhistory.com"; range dynamic-bootp 10.0.0.150 10.0.0.225; default-lease-time 21600; max-lease-time 43200; # Set name server to appear at a fixed address host ns { next-server ns1.handsonhistory.com; hardware ethernet 00:D0:B3:79:B5:35; fixed-address 10.0.0.1; } }
In this example, this DHCP server is providing IP addresses for client computers on a small LAN. The first two lines tell the DHCP server not to update DNS records for the local domain based on the IP addresses it assigns.
The DHCP server is serving a single LAN: 10.0.0.0 network with a 255.0.0.0 netmask. Other data in this file define what information the DHCP server will hand out to clients on this LAN.
A single server at address 10.0.0.1 is used as the router (or gateway) and DNS server for the LAN. To ensure that this server always gets the fixed address of 10.0.0.1, a host entry is set to the hardware address (00:D0:B3:79:B5:35) for the Ethernet card on the host named ns.
The pool of addresses handed out by this DHCP server is 10.0.0.150 to 10.0.0.225, as set by the range dynamic-bootp line. (Using dynamic-bootp allows bootp and dhcp clients to get addresses.) Along with the IP address that each client is assigned, the client is also given the associated subnet-mask and domain name.
The IP addresses that the DHCP server hands out are leased to each client for a particular time. The default-lease-time (set to 21,600 seconds here, or 6 hours) is the time assigned if the client doesn’t request a particular lease period. The max-lease-time (43,200 seconds here, or 12 hours) is the highest amount of time the server will assign, if the client requests it. Clients can renew leases, so they don't have to lose the IP address while they are still using it.
Expanding the dhcpd.conf file
As I noted earlier, this is a very simple example that works well for a single network of client computers. Below are some examples of ways that you can expand your dhcpd.conf file.
-
If you have multiple ranges of addresses on the same subnetwork, you can add multiple range options to a subnet declaration. Here is an example:
subnet 10.0.0.0 netmask 255.0.0.0 { range 10.0.0.10 10.0.0.100; range 10.0.0.200 10.0.0.250; }
This example causes the DHCP server to assign IP addresses between the ranges of 0.0.10 and 0.0.100 and between 0.0.200 and 0.0.250 on network number 10.
-
You can set fixed addresses for particular host computers, also called address reservations. In particular, you would want to do this for your server computers so that their addresses don’t change. While you could simply omit the fixed IP addresses from your pool of DHCP assigned addresses, you would lose centralized management of IP configurations. The DHCP reservations allow you to centrally configure all IP address information. One way to do this is based on the Ethernet hardware address of the server’s Ethernet card. All information for that computer can be contained in a host definition, such as the following:
host pine { hardware ethernet 00:04:5A:4F:8E:47; fixed-address 10.0.0.254; }
Here, when the DHCP server encounters the Ethernet address, the fixed-address (10.0.0.254) is assigned to it. Type ifconfig -a on the server computer to see the address of its Ethernet hardware (while the interface is up). Within this host definition, you can add other options as well. For example, you could set the location of different routes (routers option).
-
Many of the options enable you to define the locations of various server types. These options can be set globally or within particular host or subnet definitions. For example:
option netbios-name-servers 10.0.0.252; option time-servers 10.0.0.253;
In these examples, the netbios-name-servers option defines the location of the WINS server (if you are doing Windows file and print server sharing using Samba). The time-servers option sets the location of a time server on your network.
-
The DHCP server can be used to provide the information an X Terminal or diskless workstation could use to boot up on the network. The following is an example of a definition you could use to start such a computer on your network:
host maple { filename "/dwboot/maple.nb"; hardware ethernet 00:04:5A:4F:8E:47; fixed-address 10.0.0.150; }
In the previous example, the boot file used by the diskless workstation from the DHCP server is located at /dwboot/maple.nb. The hardware ethernet value identifies the address of the Ethernet card on the client. The client’s IP address is set to 10.0.0.150. All of those lines are contained within a host definition, where the host name is defined as maple. (See the Thin Clients heading in Table 23-2 for other options that may be useful for configuring thin clients.)
Adding options
There are dozens of options you can use in the /etc/dhcpd.conf file to pass information from the DHCP server to DHCP clients. Table 23-1 describes data types you can use for different options. Table 23-2 describes options that are available.
| Data Types | Description |
|---|---|
| ip-address | Enter ip-address as either an IP address number (11.111.111.11) or a fully qualified domain name (comp1.handsonhistory.com). To use a domain name, the name must be resolvable to an IP address number. |
| int32, int16, int8, uint32, uint16, uint8 | Used to represent signed and unsigned 32-, 16-, and 8-bit integers. |
| "string" | Enter a string of characters, surrounded by double quotes. |
| Boolean | Enter true or false when a boolean value is required. |
| data-string | Enter a string of characters in quotes ("client1") or a hexadecimal series of octets (00:04:5A:4F:8E:47). |
Options contain values that are passed from the DHCP server to clients. Although Table 23-2 lists valid options, the client computer will not be able to use every value you could potentially pass to it. In other words, not all options are appropriate in all cases.
Table 23-2 is divided into the following categories:
-
Names, Addresses, and Time — These options set values that are used by clients to have their host name, domain name, network numbers, and time (offset from GMT) defined.
-
Servers and Routers — These options are used to tell DHCP clients where on the network to find routers and servers. Though more than a dozen server types are listed, most often you will just indicate the address of the router and the DNS servers the client will use.
-
Routing — These options indicate whether or not the client routes packets.
-
Thin Clients — These options are useful if DHCP is being used as a boot server for thin clients. A thin client may be an X Terminal or diskless workstation that has processing power, but no disk (or a very small disk) so it can’t store a boot image and a file system itself.
| Options | Descriptions |
|---|---|
| Names, Addresses, and Time | |
| option host-name string; | Indicates the name that the client computer can use to identify itself. It can either be a simple host name (for example, pine) or a fully qualified domain name (for example, pine.handsonhistory.com). You may use this in a host declaration, where a host computer is identified by an Ethernet address. |
| option domain-name string | Identifies the default domain name the client should use to resolve DNS host names. |
| option subnet-mask ip-address; | Associates a subnetwork mask with an IP address. For example, option 255.0.0.0 10.0.0.1;. |
| option time-offset int32; | Indicates the offset (in seconds) from the Universal Time Coordinate (UTC). For example, a six-hour UTC offset is set as follows: option time-offset 21600;. |
| Servers and Routers | |
| option routers ip-address [, ip- address... ]; | Lists, in order of preference, one or more routers connected to the local subnetwork. The client may refer to this value as the gateway. |
| option domain-name-servers ip- address [, ip-address... ]; | Lists one or more Domain Name System (DNS) servers that the client can use to resolve names into IP addresses. List servers in the order in which they should be tried. |
| option time-servers ip-address [, ip- address... ]; | Lists, in order of preference, one or more time servers that can be used by the DHCP client. |
| option ien116-name-servers ip-address [, ip-address... ]; | Lists, in order of preference, one or more IEN 116 name servers that can be used by the client. (IEN 116 name servers predate modern DNS servers and are considered obsolete.) |
| option log-servers ip-address [, ip- address... ]; | Lists one or more MIT-LCS UDP log servers. List servers in the order in which they should be tried. |
| option cookie-servers ip-address [, ip- address... ]; | Lists one or more Quote of the Day (cookie) servers (see RFC 865). List servers in the order in which they should be tried. |
| option lpr-servers ip-address [, ip- address... ]; | Lists one or more line printer servers that are available. List servers in the order in which they should be tried. |
| option impress-servers ip-address [, ip- address... ]; | Lists one or more Imagen Impress image servers. List servers in the order in which they should be tried. |
| option resource-location-servers ip- address [, ip-address... ]; | Lists one or more Resource Location servers (RFC 887). List servers in the order in which they should be tried. |
| option nis-domain string; | Indicates the name of the NIS domain, if an NIS server is available to the client. |
| option nis-servers ip-address [, ip- address... ]; | Lists addresses of NIS servers available to the client, in order of preference. |
| option ntp-servers ip-address [, ip- address... ]; | Lists addresses of network time protocol servers, in order of preference. |
| option netbios-name-servers ip- address [, ip-address...]; | Lists the addresses of WINS servers, used for NetBIOS name resolution (for Windows file and print sharing). |
| option netbios-dd-server ip-address [, ip-address... ]; | Lists the addresses of NetBIOS datagram distribution (NBDD) servers, in preference order. |
| option netbios-node-type uint8; | Contains a number (a single octet) that indicates how NetBIOS names are determined (used with NetBIOS over TCP/IP). Acceptable values include: 1 (broadcast: no WINS), 2 (peer: WINS only), 4 (mixed: broadcast, then WINS), 8 (hybrid: WINS, then broadcast). |
| option font-servers ip-address [, ip- address... ]; | Indicates the location of one or more X Window font servers that can be used by the client, listed in preference order. |
| option nisplus-domain string; | Indicates the NIS domain name for the NIS+ domain. |
| option nisplus-servers ip-address [, ip- address... ]; | Lists addresses of NIS+ servers available to the client, in order of preference. |
| option smtp-server ip-address [, ip- address... ]; | Lists addresses of SMTP servers available to the client, in order of preference. |
| option pop-server ip-address [, ip- address... ]; | Lists addresses of POP3 servers available to the client, in order of preference. |
| option nntp-server ip-address [, ip- address... ]; | Lists addresses of NNTP servers available to the client, in order of preference. |
| option www-server ip-address [, ip- address... ]; | Lists addresses of WWW servers available to the client, in order of preference. |
| option finger-server ip-address [, ip- address... ]; | Lists addresses of Finger servers available to the client, in order of preference. |
| option irc-server ip-address [, ip- address... ]; | Lists addresses of IRC servers available to the client, in order of preference. |
| Routing | |
| option ip-forwarding flag; | Indicates whether the client should allow (1) or not allow (0) IP forwarding. This would be allowed if the client were acting as a router. |
| option non-local-source-routing flag; | Indicates whether or not the client should allow (1) or disallow (0) datagrams with nonlocal source routes to be forwarded. |
| option static-routes ip-address ip- address [, ip-address ip-address... ]; | Specifies static routes that the client should use to reach specific hosts. (List multiple routes to the same location in descending priority order.) |
| option router-discovery flag; | Indicates whether the client should try to discover routers (1) or not (0) using the router discovery mechanism. |
| option router-solicitation-address ip- address; | Indicates an address the client should use to transmit router solicitation requests. |
| Thin Clients | |
| option boot-size uint16; | Indicates the size of the default boot image (in 512-octet blocks) that the client computer uses to boot. |
| option merit-dump string; | Indicates where the core image should be dumped if the client crashes. |
| option swap-server ip-address; | Indicates where the client computer’s swap server is located. |
| option root-path string; | Indicates the location (path name) of the root disk used by the client. |
| option tftp-server-name string; | Indicates the name of the TFTP server that the client should use to transfer the boot image. Used more often with DHCP clients than with BOOTP clients. |
| option bootfile-name string; | Indicates the location of the bootstrap file that is used to boot the client. Used more often with DHCP clients than with BOOTP clients. |
| option x-display-manager ip-address [, ip-address... ]; | Indicates the locations of X Window System Display Manager servers that the client can use, in order of preference. |
Starting the DHCP server
After the /etc/dhcpd.conf file is configured, you can start the DHCP server immediately. As root user from a Terminal window, type the following:
# service dhcpd start
Your DHCP server should now be available to distribute information to the computers on your LAN. If there are client computers on your LAN waiting on your DHCP server, their network interfaces should now be active.
If everything is working properly, you can have your DHCP server start automatically each time your computer boots by turning on the dhcpd service as follows:
# chkconfig dhcpd on
There are a few ways you can verify that your DHCP server is working:
-
Check the /var/lib/dhcp/dhcpd.leases file. If a client has successfully been assigned addresses from the DHCP server, a lease line should appear in that file. There should be one set of information that looks like the following for each client that has leased an IP address:
lease 10.0.0.225 { starts 2 2002/05/04 03:48:12; ends 2 2002/05/04 15:48:12; hardware ethernet 00:50:ba:d8:03:9e; client-hostname "pine:; }
-
Turn on the Ethereal window (type ethereal& from a Terminal window) and start capturing data (in promiscuous mode). Restart the DHCP server and restart the network interface on the client. You should see a series of DHCP packets that show a sequence that looks like the following: DHCP Offer, DHCP Discover, DHCP Offer, DHCP Request, and DHCP ACK.
-
From the client computer, you should be able to start communicating on the network. If the client is a Linux system, type the ifconfig -a command. Your Ethernet interface (probably eth0) should appear, with the IP address set to the address assigned by the DHCP server. If your client is a Windows 2000 or XP system, open a command prompt and type ipconfig /all. You will see the configuration information for all of your network interfaces.
When the server is running properly, you can continue to add DHCP clients to your network to draw on the pool of addresses you assign.
Категории