DHCP Linux - Security und Firewall Labor: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
 
(5 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 1: Zeile 1:
 +
=Installation=
 
* Damit Hosts im LAN automatisch eine IP-Adresse erlangen, konfigurieren wir nun einen DHCP Server (Befehle ab hier finden auf der '''Firewall''' statt!)
 
* Damit Hosts im LAN automatisch eine IP-Adresse erlangen, konfigurieren wir nun einen DHCP Server (Befehle ab hier finden auf der '''Firewall''' statt!)
 
* '''apt install isc-dhcp-server'''
 
* '''apt install isc-dhcp-server'''
Zeile 8: Zeile 9:
  
  
  INTERFACESv4="enp0s8"
+
  INTERFACESv4="enp0s9"
  
 
* '''vim ''/etc/dhcp/dhcpd.conf'' '''
 
* '''vim ''/etc/dhcp/dhcpd.conf'' '''
  option domain-name "it1xx.int";
+
  option domain-name "it2xx.int";
  option domain-name-servers 10.88.1xx.21;
+
  option domain-name-servers 10.88.2xx.21;
 
  default-lease-time 7200;
 
  default-lease-time 7200;
 
   
 
   
  subnet 172.17.1xx.0 netmask 255.255.255.0 {
+
  subnet 172.26.2xx.0 netmask 255.255.255.0 {
         range 172.17.1xx.50 172.17.1xx.100;
+
         range 172.26.2xx.50 172.26.2xx.70;
         option routers 172.17.1xx.1;
+
         option routers 172.26.2xx.1;
 
  }
 
  }
 
   
 
   
Zeile 35: Zeile 36:
 
             └─1111 /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf enp0s8
 
             └─1111 /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf enp0s8
  
Apr 16 09:27:33 fw.it113.int systemd[1]: Starting isc-dhcp-server.service - LSB: DHCP server...
+
Apr 16 09:27:33 fw.it213.int systemd[1]: Starting isc-dhcp-server.service - LSB: DHCP server...
Apr 16 09:27:33 fw.it113.int isc-dhcp-server[1099]: Launching IPv4 server only.
+
Apr 16 09:27:33 fw.it213.int isc-dhcp-server[1099]: Launching IPv4 server only.
Apr 16 09:27:33 fw.it113.int dhcpd[1111]: Wrote 0 leases to leases file.
+
Apr 16 09:27:33 fw.it213.int dhcpd[1111]: Wrote 0 leases to leases file.
Apr 16 09:27:33 fw.it113.int dhcpd[1111]: Server starting service.
+
Apr 16 09:27:33 fw.it213.int dhcpd[1111]: Server starting service.
Apr 16 09:27:35 fw.it113.int isc-dhcp-server[1099]: Starting ISC DHCPv4 server: dhcpd.
+
Apr 16 09:27:35 fw.it213.int isc-dhcp-server[1099]: Starting ISC DHCPv4 server: dhcpd.
Apr 16 09:27:35 fw.it113.int systemd[1]: Started isc-dhcp-server.service - LSB: DHCP server.
+
Apr 16 09:27:35 fw.it213.int systemd[1]: Started isc-dhcp-server.service - LSB: DHCP server.
 
</pre>
 
</pre>
== Feste IP DHCP ==
+
=Mac vom Client rausfinden=
*[[Feste IP eines DHCP Server]]
+
;anfügen - nicht ersetzen
 +
*cat /var/lib/dhcp/dhcpd.leases
 +
 
 +
=Fixe IP=
 +
*vi /etc/dhcp/dhcpd.conf
 +
<pre>
 +
host debian-client {
 +
hardware ethernet  08:00:27:c7:35:47;
 +
fixed-address      172.17.213.49;
 +
}
 +
</pre>
 +
 
 +
=Den DHCP neustarten=
 +
*systemctl restart isc-dhcp-server
 +
=Client neustarten=
 +
*sudo reboot
 +
;testen ob die Ip Adresse passt

Aktuelle Version vom 27. April 2026, 13:23 Uhr

Installation

  • Damit Hosts im LAN automatisch eine IP-Adresse erlangen, konfigurieren wir nun einen DHCP Server (Befehle ab hier finden auf der Firewall statt!)
  • apt install isc-dhcp-server


  • Nach der Installation des DHCP Servers beschwert sich systemd, dass er den Dienst nicht starten kann, weil er noch nicht richtig konfiguriert ist.
  • Das ist nicht weiter schlimm, da wir ihn wie folgt einstellen:
  • vim /etc/default/isc-dhcp-server 


INTERFACESv4="enp0s9"
  • vim /etc/dhcp/dhcpd.conf 
option domain-name "it2xx.int";
option domain-name-servers 10.88.2xx.21;
default-lease-time 7200;

subnet 172.26.2xx.0 netmask 255.255.255.0 {
        range 172.26.2xx.50 172.26.2xx.70;
        option routers 172.26.2xx.1;
}
  • systemctl restart isc-dhcp-server.service

Status

  • systemctl status isc-dhcp-server.service
● isc-dhcp-server.service - LSB: DHCP server
     Loaded: loaded (/etc/init.d/isc-dhcp-server; generated)
     Active: active (running) since Wed 2025-04-16 09:27:35 CEST; 29min ago
       Docs: man:systemd-sysv-generator(8)
    Process: 1099 ExecStart=/etc/init.d/isc-dhcp-server start (code=exited, status=0/SUCCESS)
      Tasks: 1 (limit: 4642)
     Memory: 4.3M
        CPU: 41ms
     CGroup: /system.slice/isc-dhcp-server.service
             └─1111 /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf enp0s8

Apr 16 09:27:33 fw.it213.int systemd[1]: Starting isc-dhcp-server.service - LSB: DHCP server...
Apr 16 09:27:33 fw.it213.int isc-dhcp-server[1099]: Launching IPv4 server only.
Apr 16 09:27:33 fw.it213.int dhcpd[1111]: Wrote 0 leases to leases file.
Apr 16 09:27:33 fw.it213.int dhcpd[1111]: Server starting service.
Apr 16 09:27:35 fw.it213.int isc-dhcp-server[1099]: Starting ISC DHCPv4 server: dhcpd.
Apr 16 09:27:35 fw.it213.int systemd[1]: Started isc-dhcp-server.service - LSB: DHCP server.

Mac vom Client rausfinden

anfügen - nicht ersetzen
  • cat /var/lib/dhcp/dhcpd.leases

Fixe IP

  • vi /etc/dhcp/dhcpd.conf
host debian-client {
 hardware ethernet  08:00:27:c7:35:47;
 fixed-address      172.17.213.49;
}

Den DHCP neustarten

  • systemctl restart isc-dhcp-server

Client neustarten

  • sudo reboot
testen ob die Ip Adresse passt
Abgerufen von „http://wiki.ixheim.de/index.php?title=DHCP_Linux_-_Security_und_Firewall_Labor&oldid=69084