dhcp
一、概念
DHCP:Dynamic Host Configuration Protocol,动态主机配置协议; 集中管理、分配网络资源,使局域网中的知己能动态的获得IP、Gateway、DNS服务器; PXE过程传输引导文件、tftp文件等。
工作在应用层、 局域网网络协议、 数据传输采用UDP协议
二、DHCP工作原理
1.租约四部曲
说明:
(1)DHCP Client——Discover 局域网内广播,Client请求IP地址。
(Client使用0.0.0.0作为源地址,255.255.255.255作为目标地址,UDP 67端口作为Server目的端口,广播发送Discover包;携带Client的MAC地址、计算机名)
(2)DHCP Server——Offer 收到请求后,Server发送IP地址。
(从IP地址池中,寻找合法的IP地址,标记后发给Client;Server使用自己的IP作为源地址,255.255.255.255作为目标地址,UDP 68端口作为Client目的端口,广播发送Offer包;携带Client和Server的MAC地址、IP地址/掩码/网关/租约期限)
(3)DHCP Client——Request Client挑选最先收到的IP地址。
(从第一个接收到的Offer中选择IP地址,Client虽然选择了IP地址,但是还没有将其配置,而一个网络中可能存在好几个Server,我们又不知道Server的IP地址,所以还是要广播回复消息;Client仍然使用0.0.0.0作为源地址,255.255.255.255作为目标地址,UDP 67端口作为Server目的端口,广播发送Request包;携带所选择IP地址所属Server的标识符,Server查看标识符来判断自己是否被Client指定)
(4)DHCP Server——ACK或NACK Server最终确认:1.ACK建立租约;2.NACK不建立租约。
(情况一:Server确认了Client的租约请求,但是Client此时还不知道所以仍然没有IP地址;Server使用自己的IP作为源地址,255.255.255.255作为目标地址,UDP 68端口作为Client目的端口,广播发送ASK包;携带IP地址的有效租约、其他可能配置的信息;Client接收ACK报文后,如果通过ARP发现该IP地址存在冲突或其他原因导致不可用,将发送DECLINE报文,通知Server所分配的地址不可用)
(情况二:Server拒绝了Client的租约请求,例如Client试图租约先前的IP地址但该IP已经不可用、或者Client迁移到其他子网该IP无效;Server使用自己的IP作为源地址,255.255.255.255作为目标地址,UDP 68端口作为Client目的端口,广播发送NACK包;Client将重新开始租约过程,如果一直不能建立租约,它将从TCP/IP的B类网段169.254.0.0/16中挑选1个IP地址使用,继续每5分钟尝试与Server通讯)
2.续租
(1)Client会在租期过去50%的时候,向相应的Server发送Request包。如果收到ASK包,则更新TCP/IP参数;如果没有收到回复,则继续使用IP地址。
(2)Client会在租期过去87.5%的时候,向相应的Server再次发送Request包。如果还收不到回复,则租期结束时Client必须放弃该IP地址,重新申请。如果此时无Sever可用,则Client将从TCP/IP的B类网段169.254.0.0/16中挑选1个IP地址使用,继续每5分钟尝试与Server通讯。
三、DHCP服务搭建
1.准备实验环境
(1)关闭防火墙
(2)关闭Selinux
(3)关闭VMware自带的DHCP功能
(4)将两台Linux主机加入到同一个LAN中,不要选桥接、NAT什么的!如不设置,笔记本网卡连接的外部DHCP服务器将工作(选了桥接),或者根本就没有DHCP服务器工作(选了NAT)。多么痛的领悟,我还以为是机器克隆的原因,然后改MAC地址、IP冲突什么的~.~耗费了我3个多小时!准备今后学习一下VWware Workstation了,好吧还是网络没学好,公司培训内容忘得差不多了......
2.DHCP相关信息
(1)软件名:
dhcp dhcp服务软件包
dhcp-common dhcp命令软件包,精简版不会被自动安装
(2)服务名:
dhcpd
dhcrelay dhcp中继服务名
(3)端口号:
udp 67 Client的目的端口,端口在Server上
udp 68 Server的源端口,端口在Server上
(4)配置文件
/etc/dhcp/dhcpd.conf 主配置文件。默认为空,需要找模板文件生成
/usr/share/doc/dhcp*/dhcpd.conf.example 主配置文件の模板配置文件
/etc/systemd/system/dhcrelay6.service 中继配置文件。默认为空,需要找模板文件生成
/lib/systemd/service/dhcrelay.service 中继配置文件の模板配置文件
3.配置文件详解
注释掉/etc/dhcp/dhcpd.conf中前面的subnet,只保留最后一个subnet进行修改。
[root@localhost dhcp]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.50 netmask 255.255.255.0 broadcast 10.0.0.255 #主机的网段是10.0.0.0/24 inet6 fe80::dac7:97cd:26f9:178a prefixlen 64 scopeid 0x20<link> ether 00:50:56:2c:d2:d9 txqueuelen 1000 (Ethernet) RX packets 21006 bytes 2045450 (1.9 MiB) RX errors 0 dropped 10 overruns 0 frame 0 TX packets 9877 bytes 1236642 (1.1 MiB) [root@localhost dhcp]# vim dhcpd.conf subnet 10.0.0.0 netmask 255.255.255.0 { #注意要和主机同网段,否则dhcp不能工作。ifconfig命令可以查看主机网络。 range 10.0.0.240 10.0.0.250; #声明可用的IP地址池 # option domain-name-servers ns1.internal.example.org; #设置DNS服务器 # option domain-name "internal.example.org"; #设置DNS域 # option routers 10.0.0.1; #设置默认网关 # option broadcast-address 10.0.0.255; #设置广播地址(可省) default-lease-time 600; #默认租约(秒) max-lease-time 7200; #最大租约(秒) }
四、DHCP基础实验部署
1.DHCP Server生成配置文件
[root@localhost dhcp]cp -a /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example ./dhcpd.conf
2.DHCP Server修改配置文件
[root@localhost dhcp]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.50 netmask 255.255.255.0 broadcast 10.0.0.255 #主机的网段是10.0.0.0/24 inet6 fe80::dac7:97cd:26f9:178a prefixlen 64 scopeid 0x20<link> ether 00:50:56:2c:d2:d9 txqueuelen 1000 (Ethernet) RX packets 21006 bytes 2045450 (1.9 MiB) RX errors 0 dropped 10 overruns 0 frame 0 TX packets 9877 bytes 1236642 (1.1 MiB) [root@localhost dhcp]# vim dhcpd.conf subnet 10.0.0.0 netmask 255.255.255.0 { #注意要和主机同网段,否则dhcp不能工作。ifconfig命令可以查看主机网络。 range 10.0.0.200 10.0.0.210; #声明可用的IP地址池 # option domain-name-servers ns1.internal.example.org; #设置DNS服务器 # option domain-name "internal.example.org"; #设置DNS域 # option routers 10.0.0.1; #设置默认网关 # option broadcast-address 10.0.0.255; #设置广播地址(可省) default-lease-time 600; #默认租约(秒) max-lease-time 7200; #最大租约(秒) }
3.DHCP Server重启服务
[root@localhost dhcp]# systemctl restart dhcpd [root@localhost dhcp]# netstat -anup Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 0.0.0.0:948 0.0.0.0:* 778/rpcbind udp 0 0 0.0.0.0:5353 0.0.0.0:* 811/avahi-daemon: r udp 0 0 192.168.122.1:53 0.0.0.0:* 1584/dnsmasq udp 0 0 0.0.0.0:67 0.0.0.0:* 4306/dhcpd udp 0 0 0.0.0.0:67 0.0.0.0:* 1584/dnsmasq udp 0 0 0.0.0.0:111 0.0.0.0:* 778/rpcbind udp 0 0 0.0.0.0:51377 0.0.0.0:* 811/avahi-daemon: r udp6 0 0 :::948 :::* 778/rpcbind udp6 0 0 :::111 :::* 778/rpcbind [root@localhost dhcp]# systemctl status dhcpd ● dhcpd.service - DHCPv4 Server Daemon Loaded: loaded (/usr/lib/systemd/system/dhcpd.service; disabled; vendor preset: disabled) Active: active (running) since Tue 2020-04-28 04:19:27 CST; 1h 0min ago Docs: man:dhcpd(8) man:dhcpd.conf(5) Main PID: 4306 (dhcpd) Status: "Dispatching packets..." Tasks: 1 CGroup: /system.slice/dhcpd.service └─4306 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid
4.DHCP Client重启网络
[root@localhost dhcp]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.102 netmask 255.255.255.0 broadcast 10.0.0.255 inet6 fe80::9b78:bd30:d01a:403a prefixlen 64 scopeid 0x20<link> ether 00:0c:29:e2:7e:e8 txqueuelen 1000 (Ethernet) RX packets 8919 bytes 778678 (760.4 KiB) RX errors 0 dropped 13 overruns 0 frame 0 TX packets 367 bytes 45879 (44.8 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@localhost dhcp]# ifdown ens33; ifup ens33 #注意,实际生产环境中有多张网卡,若systemctl restart network命令会重启所有网卡,这会造成网络不稳定! Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/8) [root@localhost dhcp]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.200 netmask 255.255.255.0 broadcast 10.0.0.255 #10.0.0.200确实在我们设置的IP地址池中,实验成功 inet6 fe80::9b78:bd30:d01a:403a prefixlen 64 scopeid 0x20<link> ether 00:0c:29:e2:7e:e8 txqueuelen 1000 (Ethernet) RX packets 9301 bytes 814370 (795.2 KiB) RX errors 0 dropped 13 overruns 0 frame 0 TX packets 424 bytes 56607 (55.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
五、DHCP保留地址部署(为了IP地址绑定)
1.DHCP Server获取Client的MAC地址
[root@localhost dhcp]# arp -a #或者切换到Client客户端,使用ifconfig命令,把mac地址复制粘贴过来 ? (10.0.0.1) at <incomplete> on ens33 ? (10.0.0.200) at 00:0c:29:e2:7e:e8 [ether] on ens33
2.DHCP Server修改配置文件
[root@localhost dhcp]# vim dhcpd.conf host fantasia { hardware ethernet 00:0c:29:e2:7e:e8; fixed-address 10.0.0.199; #地址池是200~210,我们绑定一个地址池以外的IP,道理就是:地址池以外的IP不能分配出去,那么作为固定IP使用了。你绑定一个地址池里面的IP,这个实验没意义啊。 } [root@localhost dhcp]# systemctl restart dhcpd
3.DHCP Clinet重启网络
[root@localhost dhcp]# ifdown ens33;ifup ens33 Device 'ens33' successfully disconnected. Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/10) [root@localhost dhcp]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.199 netmask 255.255.255.0 broadcast 10.0.0.255 inet6 fe80::9b78:bd30:d01a:403a prefixlen 64 scopeid 0x20<link> ether 00:0c:29:e2:7e:e8 txqueuelen 1000 (Ethernet) RX packets 9327 bytes 819055 (799.8 KiB) RX errors 0 dropped 13 overruns 0 frame 0 TX packets 508 bytes 71581 (69.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
4.DHCP Server的日志信息
[root@localhost dhcp]# vim /var/log/messages Apr 28 05:53:52 localhost dhcpd: DHCPREQUEST for 10.0.0.200 from 00:0c:29:e2:7e:e8 via ens33: lease 10.0.0.200 unavailable. Apr 28 05:53:52 localhost dhcpd: DHCPNAK on 10.0.0.200 to 00:0c:29:e2:7e:e8 via ens33 Apr 28 05:53:52 localhost dhcpd: DHCPDISCOVER from 00:0c:29:e2:7e:e8 via ens33 Apr 28 05:53:52 localhost dhcpd: ns1.example.org: host unknown. Apr 28 05:53:52 localhost dhcpd: ns2.example.org: host unknown. Apr 28 05:53:52 localhost dhcpd: DHCPOFFER on 10.0.0.199 to 00:0c:29:e2:7e:e8 via ens33 Apr 28 05:53:52 localhost dhcpd: DHCPREQUEST for 10.0.0.199 (10.0.0.50) from 00:0c:29:e2:7e:e8 via ens33 Apr 28 05:53:52 localhost dhcpd: DHCPACK on 10.0.0.199 to 00:0c:29:e2:7e:e8 via ens33 Apr 28 05:57:50 localhost dhcpd: DHCPREQUEST for 10.0.0.199 from 00:0c:29:e2:7e:e8 via ens33 Apr 28 05:57:50 localhost dhcpd: ns1.example.org: host unknown. Apr 28 05:57:50 localhost dhcpd: ns2.example.org: host unknown. Apr 28 05:57:50 localhost dhcpd: DHCPACK on 10.0.0.199 to 00:0c:29:e2:7e:e8 via ens33
六、DHCP超级作用域
1.简介
DHCP服务器可为单个物理网络上的客户端提供多个作用域租约地址。
需求:生产环境一般用C类地址,但是1个C类地址最多只能分配253个主机,现在有400台主机在一个单独物理网络内,想让它们能互相通信和单独访问网络,该怎么办?
实际:生产环境中,可以用2个C类地址,然后在路由器上配置DHCP服务,这样IP地址的数量就够了,两个网段之间的通过路由转发实现互相通信。
路由:单臂路由,一个网口上配置2个不同网段的IP地址
2.实验环境
3台虚拟机使用NAT模式:1个做DHCP服务器,2个做客户机
3.实验步骤
3.1设置DHCP Server的单臂路由所需子网卡,在两个不同的C类网段
[root@localhost dhcp]# cd /etc/sysconfig/network-scripts/ [root@localhost network-scripts]# cp -a ifcfg-ens33 ifcfg-ens33:0 [root@localhost network-scripts]# vim ifcfg-ens33:0 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33:0 UUID=3294ba0a-1db5-4076-8ede-8da3b8cfac9c DEVICE=ens33:0 ONBOOT=yes IPADDR=10.0.99.50 NETMASK=255.255.255.0
[root@localhost network-scripts]# ifconfig #10.0.0.50和10.0.99.50在2个不同的C类网段 ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.50 netmask 255.255.255.0 broadcast 10.0.0.255 inet6 fe80::dac7:97cd:26f9:178a prefixlen 64 scopeid 0x20<link> ether 00:50:56:2c:d2:d9 txqueuelen 1000 (Ethernet) RX packets 21550 bytes 2143849 (2.0 MiB) RX errors 0 dropped 10 overruns 0 frame 0 TX packets 10212 bytes 1291669 (1.2 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.99.50 netmask 255.255.255.0 broadcast 10.0.99.255 ether 00:50:56:2c:d2:d9 txqueuelen 1000 (Ethernet)
3.2开启DHCP Server的单臂路由转发功能
[root@localhost network-scripts]# vim /etc/sysctl.conf net.ipv4.ip_forward=1 [root@localhost network-scripts]# sysctl -p net.ipv4.ip_forward = 1
3.3修改DHCP Server的主配置文件/etc/dhcp/dhcpd.conf
将之前的网段声明、主机声明、MAC地址绑定全都注释掉!
shared-network 0-99 { #0-99是自己设置的任意名称,shared-network是固定名称 subnet 10.0.0.0 netmask 255.255.255.0 { #至少有一个subnet和DHCP Server同网段才行,这里是10.0.0.0/24网段 option routers 10.0.0.50; range 10.0.0.202 10.0.0.202; #这里设置1个IP地址,然后2台主机,IP地址池肯定不够用,会用下面的地址池~ } subnet 10.0.99.0 netmask 255.255.255.0 { #最后实现10.0.99.0/24和10.0.0.0/24两个网段的IP地址分配,并实现主机的跨网段通信~ option routers 10.0.99.50; range 10.0.99.215 10.0.99.220; } }
3.4修改2台DHCP Client的网络配置文件
[root@localhost network-scripts]# vim ifcfg-ens33 XY_METHOD=none BROWSER_ONLY=no BOOTPROTO=dhcp DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=3294ba0a-1db5-4076-8ede-8da3b8cfac9c DEVICE=ens33 ONBOOT=yes
3.5关闭2台DHCP Client的网卡
[root@localhost network-scripts]# ifdown ens33 Device 'ens33' successfully disconnected.
3.6开启DHCP Server的dhcp,并监听日志!!!
[root@localhost network-scripts]# systemctl restart dhcpd
[root@localhost dhcp]# tail -f /var/log/messages
3.7开启2台DHCP Client的网卡,并ifconfig查看
[root@localhost network-scripts]# ifup ens33
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/8) [root@localhost network-scripts]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.99.215 netmask 255.255.255.0 broadcast 10.0.99.255 inet6 fe80::9b78:bd30:d01a:403a prefixlen 64 scopeid 0x20<link> ether 00:0c:29:e2:7e:e8 txqueuelen 1000 (Ethernet) RX packets 9650 bytes 871638 (851.2 KiB) RX errors 0 dropped 13 overruns 0 frame 0 TX packets 903 bytes 137852 (134.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost network-scripts]# ifup ens32 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/8) [root@localhost network-scripts]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.202 netmask 255.255.255.0 broadcast 10.0.0.255 inet6 fe80::26c4:9318:3ca0:d017 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:59:28:35 txqueuelen 1000 (Ethernet) RX packets 162 bytes 28154 (27.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 275 bytes 37793 (36.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost network-scripts]# ping 10.0.99.216 #可以跨网段通信 PING 10.0.99.216 (10.0.99.216) 56(84) bytes of data. 64 bytes from 10.0.99.216: icmp_seq=1 ttl=63 time=11.4 ms From 10.0.0.50 icmp_seq=2 Redirect Host(New nexthop: 10.0.99.216) From 10.0.0.50: icmp_seq=2 Redirect Host(New nexthop: 10.0.99.216)
3.8指定DHCP Client更换IP地址
谢谢:https://blog.51cto.com/1895538/2311412
DHCP服务器优先分发尚未出租的最前ip地址,以后DHCP客户机每次重新登录网络时,就不需要再发送DHCP discover发现信息,而是直接发送包含前一次所分配的ip地址的DHCP REQUEST。当DHCP服务器收到这一信息后,它会尝试让DHCP客户机继续使用原来的IP地址,并回答一个DHCP ACK确认信息。
如果此IP地址无法再分配给原来的客户机时,则DHCP给客户机回答一个DHCP NACK的否认信息。DHCP客户机收到NACK否认信息后,它就必须重新发送DHCP Discover信息来请求新的IP地址。
DHCP服务器向客户机出租的IP地址一般都有一个租借期限,期满后DHCP服务器便会收回出租的IP地址,如果客户机要延长其IP租约,则必须更新其IP租约。DHCP客户机启动时和IP租约期限过一半时,客户机都会自动向DHCP服务器发送更新其ip租约的信息。
[root@localhost network-scripts]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.99.215 netmask 255.255.255.0 broadcast 10.0.99.255 inet6 fe80::9b78:bd30:d01a:403a prefixlen 64 scopeid 0x20<link> ether 00:0c:29:e2:7e:e8 txqueuelen 1000 (Ethernet) RX packets 9701 bytes 879961 (859.3 KiB) RX errors 0 dropped 13 overruns 0 frame 0 TX packets 924 bytes 140547 (137.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@localhost network-scripts]# dhclient -r ens33 #释放现有IP地址 [root@localhost network-scripts]# dhclient ens33 #获取新的IP地址 [root@localhost network-scripts]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.99.216 netmask 255.255.255.0 broadcast 10.0.99.255 inet6 fe80::9b78:bd30:d01a:403a prefixlen 64 scopeid 0x20<link> ether 00:0c:29:e2:7e:e8 txqueuelen 1000 (Ethernet) RX packets 9706 bytes 881109 (860.4 KiB) RX errors 0 dropped 13 overruns 0 frame 0 TX packets 944 bytes 144559 (141.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
七、DHCP中继
7.1简介
DHCP中继,实现在不同的子网和物理网段之间处理和转发dhcp功能,让不同的物理网络共用1个DHCP服务器。
注意与DHCP超级作用域区分开来
7.2实验环境准备
DHCP服务器:
ens33 10.0.0.5 VMnet10
DHCP中继器:
ens33 10.0.0.11 VMnet10
ens38 100.0.0.11 VMnet11
外面客户机:
ens33 dhcp获取 VMnet11 先关闭网卡
[root@localhost network-scripts]# ifdown ens33 Device 'ens33' successfully disconnected.
TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=dhcp DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME="ifcfg-ens33" UUID=eed7a949-3e44-4daa-b0a4-7a59f93a1151 ONBOOT=yes
7.3DHCP Sever配置
[root@localhost network-scripts]# iptables -F [root@localhost network-scripts]# setenforce 0 setenforce: SELinux is disabled
[root@localhost network-scripts]# vim /etc/dhcp/dhcpd.conf subnet 10.0.0.0 netmask 255.255.255.0 { range 10.0.0.55 10.0.0.60; option routers 10.0.0.11; default-lease-time 600; max-lease-time 7200; } subnet 100.0.0.0 netmask 255.255.255.0 { range 100.0.0.65 100.0.0.70; option routers 100.0.0.11; default-lease-time 600; max-lease-time 7200; }
7.4DHCP Relay配置
[root@localhost network-scripts]# vim *ens33 BROWSER_ONLY=no BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=3294ba0a-1db5-4076-8ede-8da3b8cfac9c DEVICE=ens33 ONBOOT=yes IPADDR=10.0.0.11 NETMASK=255.255.255.0 [root@localhost network-scripts]# cp -a ifcfg-ens33 ifcfg-ens38 [root@localhost network-scripts]# vim *ens38 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy
删除UUID、MAC地址,避免冲突~ NAME=ens38 DEVICE=ens38 ONBOOT=yes IPADDR=100.0.0.11 NETMASK=255.255.255.0
[root@localhost network-scripts]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.11 netmask 255.255.255.0 broadcast 10.0.0.255 inet6 fe80::9b78:bd30:d01a:403a prefixlen 64 scopeid 0x20<link> ether 00:0c:29:e2:7e:e8 txqueuelen 1000 (Ethernet) RX packets 31064 bytes 23784749 (22.6 MiB) RX errors 0 dropped 13 overruns 0 frame 0 TX packets 4363 bytes 473887 (462.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens38: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 100.0.0.11 netmask 255.255.255.0 broadcast 100.0.0.255 inet6 fe80::4634:9515:c8fb:6660 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:e2:7e:f2 txqueuelen 1000 (Ethernet) RX packets 256 bytes 39569 (38.6 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 257 bytes 40149 (39.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost network-scripts]# cp /lib/systemd/system/dhcrelay.service /etc/systemd/system/ #官网文档redhat 7版本 [root@localhost network-scripts]# vi /etc/systemd/system/dhcrelay.service [Unit] Description=DHCP Relay Agent Daemon Documentation=man:dhcrelay(8) Wants=network-online.target After=network-online.targe
[Service] Type=notify
ExecStart=/usr/sbin/dhcrelay -d --no-pid 10.0.0.5 [Install] WantedBy=multi-user.target
[root@localhost sysconfig]# vim /etc/sysctl.conf net.ipv4.ip_forward=1 [root@localhost sysconfig]# sysctl -p net.ipv4.ip_forward = 1
[root@localhost network-scripts]# systemctl --system daemon-reload
[root@localhost network-scripts]# systemctl restart dhcrelay
官方文档:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/networking_guide/dhcp-relay-agent
7.5外网客户机
[root@localhost network-scripts]# ifup ens32 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/15) [root@localhost network-scripts]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 100.0.0.65 netmask 255.255.255.0 broadcast 100.0.0.255 inet6 fe80::26c4:9318:3ca0:d017 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:59:28:35 txqueuelen 1000 (Ethernet) RX packets 670 bytes 111505 (108.8 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 567 bytes 88376 (86.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
7.6查看日志
[root@localhost sysconfig]# tail -f /var/log/messages
UUID=3294ba0a-1db5-4076-8ede-8da3b8cfac9c
