DHCP Kea - Security und Firewall Labor: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
 
(5 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 47: Zeile 47:
 
}
 
}
 
</syntaxhighlight>
 
</syntaxhighlight>
* '''systemctl enable --now kea-dhcp4.service'''
+
* '''systemctl enable --now kea-dhcp4-server.service'''
  
 
=Status=
 
=Status=
* systemctl status kea-dhcp4.service
+
* systemctl status kea-dhcp4-server.service
 
<pre>
 
<pre>
 
● kea-dhcp4.service - Kea IPv4 DHCP daemon
 
● kea-dhcp4.service - Kea IPv4 DHCP daemon
Zeile 58: Zeile 58:
  
 
=Den DHCP neustarten=
 
=Den DHCP neustarten=
* systemctl restart kea-dhcp4.service
+
* systemctl restart kea-dhcp4-server.service
 +
=Debugging=
 +
*systemctl status kea-dhcp4-server
 +
*journalctl -n 20 -fu kea-dhcp4-server
 +
*tail -f /var/log/kea/kea-dhcp4.log
 +
*ss -lnup | grep 67

Aktuelle Version vom 20. Mai 2026, 12:25 Uhr

Installation

  • Damit Hosts im LAN automatisch eine IP-Adresse erlangen, konfigurieren wir nun einen DHCP Server (Befehle ab hier finden auf der Firewall statt!)
Debian
  • apt install -y kea
Rocky
  • dnf install -y kea

Konfiguration

  • vim /etc/kea/kea-dhcp4.conf 
{
  "Dhcp4": {
    "interfaces-config": {
      "interfaces": [ "enp0s9" ]
    },
    "lease-database": {
      "type": "memfile",
      "persist": true,
      "name": "/var/lib/kea/kea-leases4.csv"
    },
    "valid-lifetime": 600,
    "max-valid-lifetime": 7200,
    "option-data": [
      { "name": "domain-name-servers", "data": "10.88.2XX.21" },
      { "name": "domain-name", "data": "it2XX.int" },
      { "name": "domain-search", "data": "it2XX.int" }
    ],
    "subnet4": [
      {
        "id": 1,
        "subnet": "172.26.2XX.0/24",
        "pools": [ { "pool": "172.26.2XX.50 - 172.26.2XX.100" } ],
        "option-data": [ { "name": "routers", "data": "172.26.2XX.1" } ],
        "reservations": [ 
          { "hw-address": "aa:bb:cc:dd:ee:ff", "ip-address": "172.26.2XX.10", "hostname": "client" } 
        ]
      }
    ],
    "loggers": [
      {
        "name": "kea-dhcp4",
        "output_options": [ { "output": "/var/log/kea/kea-dhcp4.log" } ],
        "severity": "INFO"
      }
    ]
  }
}
  • systemctl enable --now kea-dhcp4-server.service

Status

  • systemctl status kea-dhcp4-server.service
● kea-dhcp4.service - Kea IPv4 DHCP daemon
     Loaded: loaded (/usr/lib/systemd/system/kea-dhcp4.service; enabled)
     Active: active (running) since Wed 2025-04-16 09:27:35 CEST; 29min ago

Den DHCP neustarten

  • systemctl restart kea-dhcp4-server.service

Debugging

  • systemctl status kea-dhcp4-server
  • journalctl -n 20 -fu kea-dhcp4-server
  • tail -f /var/log/kea/kea-dhcp4.log
  • ss -lnup | grep 67
Abgerufen von „http://wiki.ixheim.de/index.php?title=DHCP_Kea_-_Security_und_Firewall_Labor&oldid=70287