DHCP Kea - Security und Firewall Labor: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
Zeile 12: Zeile 12:
 
   "Dhcp4": {
 
   "Dhcp4": {
 
     "interfaces-config": {
 
     "interfaces-config": {
       "interfaces": ["enp0s9"]
+
       "interfaces": [ "enp0s9" ]
 
     },
 
     },
 +
    "lease-database": {
 +
      "type": "memfile",
 +
      "persist": true,
 +
      "name": "/var/lib/kea/kea-leases4.csv"
 +
    },
 +
    "valid-lifetime": 600,
 +
    "max-valid-lifetime": 7200,
 
     "option-data": [
 
     "option-data": [
       { "name": "domain-name", "data": "it2xx.int" },
+
       { "name": "domain-name-servers", "data": "10.88.$OKT.21" },
       { "name": "domain-name-servers", "data": "10.88.2XX.21" }
+
       { "name": "domain-name", "data": "it$OKT.int" },
 +
      { "name": "domain-search", "data": "it$OKT.int" }
 
     ],
 
     ],
    "valid-lifetime": 7200,
 
 
     "subnet4": [
 
     "subnet4": [
 
       {
 
       {
         "id": 1,
+
         "id": 1,
         "subnet": "172.26.2XX.0/24",
+
         "subnet": "172.26.$OKT.0/24",
         "pools": [{ "pool": "172.26.2XX.50 - 172.26.2XX.70" }],
+
         "pools": [ { "pool": "172.26.$OKT.50 - 172.26.$OKT.100" } ],
         "option-data": [
+
         "option-data": [ { "name": "routers", "data": "172.26.$OKT.1" } ],
          { "name": "routers", "data": "172.26.2XX.1" }
+
        "reservations": [
 +
          { "hw-address": "aa:bb:cc:dd:ee:ff", "ip-address": "172.26.$OKT.10", "hostname": "client" }  
 
         ]
 
         ]
 +
      }
 +
    ],
 +
    "loggers": [
 +
      {
 +
        "name": "kea-dhcp4",
 +
        "output_options": [ { "output": "/var/log/kea/kea-dhcp4.log" } ],
 +
        "severity": "INFO"
 
       }
 
       }
 
     ]
 
     ]

Version vom 6. Mai 2026, 06:25 Uhr

Installation

  • Damit Hosts im LAN automatisch eine IP-Adresse erlangen, konfigurieren wir nun einen DHCP Server (Befehle ab hier finden auf der Firewall statt!)
Debian
  • apt install -y kea
Rocky
  • dnf install -y kea

Konfiguration

  • vim /etc/kea/kea-dhcp4.conf 
{
  "Dhcp4": {
    "interfaces-config": {
      "interfaces": [ "enp0s9" ]
    },
    "lease-database": {
      "type": "memfile",
      "persist": true,
      "name": "/var/lib/kea/kea-leases4.csv"
    },
    "valid-lifetime": 600,
    "max-valid-lifetime": 7200,
    "option-data": [
      { "name": "domain-name-servers", "data": "10.88.$OKT.21" },
      { "name": "domain-name", "data": "it$OKT.int" },
      { "name": "domain-search", "data": "it$OKT.int" }
    ],
    "subnet4": [
      {
        "id": 1,
        "subnet": "172.26.$OKT.0/24",
        "pools": [ { "pool": "172.26.$OKT.50 - 172.26.$OKT.100" } ],
        "option-data": [ { "name": "routers", "data": "172.26.$OKT.1" } ],
        "reservations": [ 
          { "hw-address": "aa:bb:cc:dd:ee:ff", "ip-address": "172.26.$OKT.10", "hostname": "client" } 
        ]
      }
    ],
    "loggers": [
      {
        "name": "kea-dhcp4",
        "output_options": [ { "output": "/var/log/kea/kea-dhcp4.log" } ],
        "severity": "INFO"
      }
    ]
  }
}
  • systemctl enable --now kea-dhcp4.service

Status

  • systemctl status kea-dhcp4.service
● kea-dhcp4.service - Kea IPv4 DHCP daemon
     Loaded: loaded (/usr/lib/systemd/system/kea-dhcp4.service; enabled)
     Active: active (running) since Wed 2025-04-16 09:27:35 CEST; 29min ago

Den DHCP neustarten

  • systemctl restart kea-dhcp4.service
Abgerufen von „http://wiki.ixheim.de/index.php?title=DHCP_Kea_-_Security_und_Firewall_Labor&oldid=69568