DHCP Kea - Security und Firewall Labor
Installation
- Damit Hosts im LAN automatisch eine IP-Adresse erlangen, konfigurieren wir nun einen DHCP Server (Befehle ab hier finden auf der Firewall statt!)
- Debian
- apt install -y kea
- Rocky
- dnf install -y kea
Konfiguration
- vim /etc/kea/kea-dhcp4.conf
{
"Dhcp4": {
"interfaces-config": {
"interfaces": [ "enp0s9" ]
},
"lease-database": {
"type": "memfile",
"persist": true,
"name": "/var/lib/kea/kea-leases4.csv"
},
"valid-lifetime": 600,
"max-valid-lifetime": 7200,
"option-data": [
{ "name": "domain-name-servers", "data": "10.88.$OKT.21" },
{ "name": "domain-name", "data": "it$OKT.int" },
{ "name": "domain-search", "data": "it$OKT.int" }
],
"subnet4": [
{
"id": 1,
"subnet": "172.26.$OKT.0/24",
"pools": [ { "pool": "172.26.$OKT.50 - 172.26.$OKT.100" } ],
"option-data": [ { "name": "routers", "data": "172.26.$OKT.1" } ],
"reservations": [
{ "hw-address": "aa:bb:cc:dd:ee:ff", "ip-address": "172.26.$OKT.10", "hostname": "client" }
]
}
],
"loggers": [
{
"name": "kea-dhcp4",
"output_options": [ { "output": "/var/log/kea/kea-dhcp4.log" } ],
"severity": "INFO"
}
]
}
}
- systemctl enable --now kea-dhcp4.service
Status
- systemctl status kea-dhcp4.service
● kea-dhcp4.service - Kea IPv4 DHCP daemon
Loaded: loaded (/usr/lib/systemd/system/kea-dhcp4.service; enabled)
Active: active (running) since Wed 2025-04-16 09:27:35 CEST; 29min ago
Den DHCP neustarten
- systemctl restart kea-dhcp4.service