Linux操作系统DHCP服务管理

已于 2025-06-17 20:40:06 修改
阅读量909 收藏 14
点赞数 21
CC 4.0 BY-SA版权
文章标签: linux php 运维
于 2025-06-17 20:39:16 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_50045291/article/details/148707810

一、 概述

DHCP协议

Dynamic Host Configuration Protocol ,动态主机配置协议

作用:动态的进行IP地址分配

服务端的监听端口 67/udp

客户端监听端口 68/udp

网络架构 C/S:client/server

DHCP的优势

  • 提高配置效率

  • 减少配置错误

DHCP的分配方式

  • 手动分配:固定不变,工程师进行地址绑定

  • 自动分配:但是不进行地址回收

  • 动态分配:进行地址回收

应用场景

  • 更加准确的配置网络参数的情况下

  • 网络环境较大时

注意

同一个网络环境下不允许存在多个DHCP服务器

工作流程

1、当客户端配置为自动获得IP地址时,客户端发送discover广播包(发现),用来寻找网络中的DHCP服务器

2、假如网络存在DHCP服务器,此时服务器给出回应,向客户端发送Offer广播包(邀约),携带了IP地址的信息,询问客户端是否使用该IP地址

3、假如客户端使用上述IP地址,向服务端发送Request广播包(请求),并将请求信息写入到该包内。

4、服务端向客户端发送Ack广播包(确认),并确定IP地址的租约期。

何时更新租约

当租约期达到50%时

当客户端重启后

客户端直接发送Request包:

A、IP地址空闲 服务端直接回应Ack

B、IP地址被占用 服务端回应noAck 客户端需要将上述“工作流程”完整执行一遍

客户端类型

Linux DHCP服务器不存在,没有IP

Windows DHCP不存在,会启用备用IP地址 169.254.0.0/16 ~ 168.254.255.255/16

二、DCHP安装与配置

部署

基础环境

配置yum源

配置阿里云镜像源仓库(需要联网)
# 1. 备份原有仓库配置
mkdir -p /etc/yum.repos.d/backup
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/backup/

# 2. 下载RockyLinux阿里云仓库配置
curl -o /etc/yum.repos.d/Rocky-Base.repo https://mirrors.aliyun.com/rockylinux/Rocky-Base.repo

# 3. 添加EPEL仓库(额外软件包)
dnf install epel-release -y
curl -o /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-8.repo

# 4. 刷新缓存
dnf clean all && dnf makecache

# 5. 验证配置
dnf repolist

关闭防火墙及SElinux

 systemctl  stop  firewalld  && systemctl disable firewalld

查看SElinux状态

[root@T100 ~]# getenforce
###设置宽容模式
[root@T100 ~]# setenforce  0
###关闭SElinux,重启才能生效
[root@T100 ~]# vim  /etc/selinux/config
SELINUX=enforcing  改为 SELINUX=disabled

配置静态IP

###关闭网络图形化工具
[root@T100 ~]# systemctl  stop NetworkManager ; systemctl disable NetworkManager
[root@T100 ~]# cd /etc/sysconfig/network-scripts/
[root@T100 ~]# cp ifcfg-ens33 ifcfg-ens34
[root@T100 ~]# cat ifcfg-ens34
TYPE=Ethernet
BOOTPROTO=static
NAME=ens34
DEVICE=ens34
ONBOOT=yes
IPADDR=192.168.100.254
PREFIX=24
[root@T100 ~]# systemctl restart network  
安装DHCP软件包
yum install -y dhcp-server

配置

配置文件存储路径 /etc/dhcp

默认配置文件副本路径 /usr/share/doc/dhcp-4.2.5/

数据文件存储路径 /var/lib/dhcpd

核心配置文件 /etc/dhcp/dhcpd.conf

​
[root@T100 ~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/
[root@T100 ~]# cd /etc/dhcp/
[root@T100 ~]# cp dhcpd.conf.example dhcpd.conf
[root@T100 ~]# cat dhcpd.conf

# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
​
# option definitions common to all supported networks...
option domain-name "example.org";    ##指定DNS服务器域名
option domain-name-servers ns1.example.org, ns2.example.org;  ##指定DNS服务器域名
​
default-lease-time 600;  ##默认租约。单位s
max-lease-time 7200; ##最大租约时间,单位s
​
# Use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;
​
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
​
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;  ##日志输出通道,交给syslog服务管理
​
# No service will be given on this subnet, but declaring it helps the 
# DHCP server to understand the network topology.
#######每一个subnet都是一个分配地址段的定义######################
subnet 10.152.187.0 netmask 255.255.255.0 {
}
​
# This is a very basic subnet declaration.
​
subnet 10.254.239.0 netmask 255.255.255.224 {
  range 10.254.239.10 10.254.239.20;
  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
}
​
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
​
subnet 10.254.239.32 netmask 255.255.255.224 {
  range dynamic-bootp 10.254.239.40 10.254.239.60;
  option broadcast-address 10.254.239.31;
  option routers rtr-239-32-1.example.org;
}
​
# A slightly different configuration for an internal subnet.
subnet 10.5.5.0 netmask 255.255.255.224 {
  range 10.5.5.26 10.5.5.30;  ##定义分配地址段的地址范围
  option domain-name-servers ns1.internal.example.org;
  option domain-name "internal.example.org";
  option routers 10.5.5.1;  ###定义分配的网关地址
  option broadcast-address 10.5.5.31; ###定义地址段的广播地址
  default-lease-time 600;
  max-lease-time 7200;
}
​
# Hosts which require special configuration options can be listed in
# host statements.   If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.
######每一个host都是进行地址绑定的配置项###############
host passacaglia {
  hardware ethernet 0:0:c0:5d:bd:95;
  filename "vmunix.passacaglia";
  server-name "toccata.fugue.com";
}
​
# Fixed IP addresses can also be specified for hosts.   These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
host fantasia {
  hardware ethernet 08:00:07:26:c0:a5;  ###固定分配地址的主机的MAC地址
  fixed-address fantasia.fugue.com;  ###需要进行分配的IP地址
}
​
# You can declare a class of clients and then do address allocation
# based on that.   The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.
​
class "foo" {
  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
}
​
shared-network 224-29 {
  subnet 10.17.224.0 netmask 255.255.255.0 {
    option routers rtr-224.example.org;
  }
  subnet 10.0.29.0 netmask 255.255.255.0 {
    option routers rtr-29.example.org;
  }
  pool {
    allow members of "foo";
    range 10.17.224.10 10.17.224.250;
  }
  pool {
    deny members of "foo";
    range 10.0.29.10 10.0.29.230;
  }
}
​
​
单一地址池的配置文件
[root@T100~ dhcp]# cat dhcpd.conf | grep -v "^#" | grep -v "^$"
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 192.168.100.0 netmask 255.255.255.0 {
  range 192.168.100.100 192.168.100.200;
  option domain-name-servers ns1.internal.example.org;
  option domain-name "internal.example.org";
  option routers 192.168.100.254;
  option broadcast-address 192.168.100.255;
  default-lease-time 600;
  max-lease-time 7200;
}
host passacaglia {
  hardware ethernet 0:0:c0:5d:bd:95;
  filename "vmunix.passacaglia";
  server-name "toccata.fugue.com";
}
host fantasia {
  hardware ethernet 08:00:07:26:c0:a5;
  fixed-address fantasia.fugue.com;
}
class "foo" {
  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
}
shared-network 224-29 {
  subnet 10.17.224.0 netmask 255.255.255.0 {
    option routers rtr-224.example.org;
  }
  subnet 10.0.29.0 netmask 255.255.255.0 {
    option routers rtr-29.example.org;
  }
  pool {
    allow members of "foo";
    range 10.17.224.10 10.17.224.250;
  }
  pool {
    deny members of "foo";
    range 10.0.29.10 10.0.29.230;
  }
}
###重启DHCP服务器

systemctl restart dhcpd
###查看监听

[root@T100~ dhcp]# netstat -anptu | grep :67
udp        0      0 0.0.0.0:67              0.0.0.0:*                           28005/dhcpd
地址绑定配置文件
[root@T100~ dhcp]# cat dhcpd.conf | grep -v "^#" | grep -v "^$"
....省略.....
host s1 {
  hardware ethernet 00:0c:29:dd:24:41;
  fixed-address 192.168.100.110;
}
....省略.....
###重启DHCP服务器
[root@T100~ dhcp]# systemctl restart dhcpd
###查看监听
[root@T100~ dhcp]# netstat -anptu | grep :67
udp        0      0 0.0.0.0:67              0.0.0.0:*                           28005/dhcpd 
####客户端验证
[root@client ~]# ifdown ens34 ; ifup ens34
[root@client ~]# ip a
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:dd:24:41 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.110/24 brd 192.168.100.255 scope global noprefixroute dynamic ens34
       valid_lft 599sec preferred_lft 599sec
    inet6 fe80::20c:29ff:fedd:2441/64 scope link 
       valid_lft forever preferred_lft forever
多地址池配置
路由器配置
###安装dhcp软件,提供dhcrelay命令
[root@nginx1 ~]# yum install -y dhcp
##开启路由功能
[root@nginx1 ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@nginx1 ~]# sysctl -p
net.ipv4.ip_forward = 1
##分别对连接两个网络的网卡配置IP地址
[root@nginx1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens34 
TYPE=Ethernet
BOOTPROTO=static
NAME=ens34
DEVICE=ens34
ONBOOT=yes
IPADDR=192.168.100.253
PREFIX=24
[root@nginx1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens37
TYPE=Ethernet
BOOTPROTO=static
NAME=ens37
DEVICE=ens37
ONBOOT=yes
IPADDR=192.168.200.253
PREFIX=24
##使用dhcrelay进行DHCP广播的中继转发
[root@nginx1 ~]# dhcrelay 192.168.100.254  
DHCP服务器配置
##DHCP分配地址配置文件,添加如下配置:
[root@dhcpserver dhcp]# vim dhcpd.conf
....省略.....
subnet 192.168.200.0 netmask 255.255.255.0 {
range 192.168.200.100 192.168.200.200;
option domain-name-servers ns1.internal.example.org;
option domain-name "internal.example.org";
option routers 192.168.200.253;
option broadcast-address 192.168.200.255;
default-lease-time 600;
max-lease-time 7200;
 } 
....省略.....
##重启DHCP服务器
[root@dhcpserver ~]# systemctl restart dhcpd
##设置DHCP服务器的网关
[root@dhcpserver ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens34 
TYPE=Ethernet
BOOTPROTO=static
NAME=ens34
DEVICE=ens34
ONBOOT=yes
IPADDR=192.168.100.254
PREFIX=24
GATEWAY=192.168.100.253
##验证网关
[root@dhcpserver ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.100.253 0.0.0.0         UG    103    0        0 ens34
客户端验证
[root@nginx2 ~]# ifdown ens34 ;ifup ens34
[root@nginx2 ~]# ifconfig ens34
ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.200.100  netmask 255.255.255.0  broadcast 192.168.200.255
        inet6 fe80::20c:29ff:fe8a:4a83  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:8a:4a:83  txqueuelen 1000  (Ethernet)
        RX packets 40  bytes 9956 (9.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 172  bytes 27844 (27.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

三、案例实验

实验拓扑:

实验要求

1. DHCP服务器能够为两个网络分别分配IP地址。
2. 内部客户机设置为固定获得某一个IP地址。

步骤:

shell脚本

  • 网络配置
#!/bin/bash
#关闭防火墙
if systemctl status firewalld
then
        systemctl disabled --now firewalld
else
        echo "防火墙已关闭"
fi
iptables -F
#关闭SELinux
if [ `getenforce` == 'Disabled' ]
then
        setenforce 0
        sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
fi
#配置IP地址
nics=`ip a | awk -F: '/ens/{print $2}' | grep -v "^$" | tr -d ' '`
echo -e "当前系统可用的网卡有:\n$nics"
while true
do
read -p "请输入要配置的网卡名称:" nic
if ![[ $nics =~ $nic ]]
then
        continue
fi
read -p "请输入要配置的网络参数的方式(dhcp|static):" tp
if [ $tp == 'dhcp' ]
then
echo "TYPE=Ethernet
BOOTPROTO=$tp
NAME=$nic
DEVICE=$nic
ONBOOT=yes"> /etc/sysconfig/network-scripts/ifcfg-$nic
ifdown $nic ; ifup $nic
elif [ $tp == 'static' ]
then
read -p "输入IP地址:" ip
        read -p "输入子网掩码:" mask
        read -p "输入网关:" gw
        read -p "输入dns:" dns
echo "TYPE=Ethernet
BOOTPROTO=static
NAME=$nic
DEVICE=$nic
ONBOOT=yes
IPADDR=$ip
PREFIX=$mask
GATEWAY=$gw
DNS1=$dns" > /etc/sysconfig/network-scripts/ifcfg-$nic
ifdown $nic ; ifup $nic
else
        echo "输入错误"
        exit
fi
done
  • 配置dhcp服务器
#!/bin/bash
config_dhcp(){
echo "subnet 192.168.100.0 netmask 255.255.255.0 {
  range 192.168.100.2 192.168.100.253;
  option domain-name-servers ns1.internal.example.org;
  option domain-name "internal.example.org";
  option routers 192.168.100.254;
  option broadcast-address 192.168.100.255;
  default-lease-time 600;
  max-lease-time 7200;
}       
host fantasia {
  hardware ethernet 08:00:07:26:c0:a5;
  fixed-address 192.168.100.100;
}" > /etc/dhcp/dhcpd.conf
systemctl enable --now dhcpd
}
if rpm -q dhcp
then
        config_dhcp
else
        yum install -y dhcp
        config_dhcp
fi
  •  配置路由器
#!/bin/bash
# 路由器配置脚本(适用于Rocky Linux 8)
# 需要root权限执行

# 配置变量(根据实际网络修改)
IF_INTERNAL="vment1"       # 内部网络接口
IF_EXTERNAL="vmennt2"      # 外部网络接口
SUBNET_A="192.168.1.0/24"  # 内部网段1
SUBNET_B="192.168.2.0/24"  # 内部网段2
GW_INTERNAL="192.168.1.1"  # 内部接口IP
GW_EXTERNAL="192.168.2.1"  # 外部接口IP

# 检查root权限
if [ "$EUID" -ne 0 ]; then
  echo "错误: 必须使用root权限运行此脚本"
  exit 1
fi

# 1. 启用IP转发
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p

# 2. 配置网卡IP
nmcli connection modify "$IF_INTERNAL" ipv4.addresses "$GW_INTERNAL/24" ipv4.method manual
nmcli connection modify "$IF_EXTERNAL" ipv4.addresses "$GW_EXTERNAL/24" ipv4.method manual
nmcli connection up "$IF_INTERNAL"
nmcli connection up "$IF_EXTERNAL"

# 3. 防火墙配置
firewall-cmd --permanent --new-zone=router
firewall-cmd --permanent --zone=router --add-interface="$IF_INTERNAL"
firewall-cmd --permanent --zone=router --add-interface="$IF_EXTERNAL"
firewall-cmd --permanent --zone=router --set-target=ACCEPT
firewall-cmd --permanent --zone=router --add-masquerade
firewall-cmd --reload

# 4. 添加静态路由(非必需,如果网关是默认路由可省略)
ip route add $SUBNET_A dev $IF_INTERNAL
ip route add $SUBNET_B dev $IF_EXTERNAL

echo "路由器配置完成!"
echo "内部网关: $GW_INTERNAL"
echo "外部网关: $GW_EXTERNAL"
echo "路由网段: $SUBNET_A  <-->  $SUBNET_B"

验证
# 查看路由表
ip route show

# 测试连通性(从A网段主机ping B网段主机)
ping -c 4 B网段任意IP

# 检查转发状态
sysctl net.ipv4.ip_forward

运行以上脚本dhcp服务器可根据需求自动分配IP

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值