主页 / server / 问题 / 1120581
Accepted
acgbox
Asked: 2023-01-19 15:59:04 +0800 CST

没有 WAN 的子网声明

  • 772
  • 我有 2 个enp0s3用于 WAN 和enp0s8LAN 的网卡。
  • WAN 具有动态 IP 地址(从 ISP 接收)。
  • LAN 为我的本地网络提供 C 类静态 IP 地址
  • 我有带有此配置的 isc-dhcp-server:
nano /etc/dhcp/dhcpd.conf

# ISC-DHCP-Server Configuration
authoritative;
option wpad code 252 = text;
server-identifier 192.168.0.10;
deny duplicates;
one-lease-per-client true;
deny declines;
deny client-updates;
ping-check true;
log-facility local7;
ddns-update-style none;


    host user3 {
    hardware ethernet 40:e2:30:f4:00:04;
    fixed-address 192.168.0.90;
    }

    host user1 {
    hardware ethernet 40:e2:30:f4:00:02;
    fixed-address 192.168.0.50;
    }

class "blockdhcp" {
     match pick-first-value (option dhcp-client-identifier, hardware);
    }
    subclass "blockdhcp" 1:90:68:c3:00:00:00;

subnet 192.168.0.0 netmask 255.255.255.0 {
    option routers 192.168.0.10;
    option subnet-mask 255.255.255.0;
    option broadcast-address 192.168.0.255;
    #option domain-name "example.org";
    option domain-name-servers 8.8.8.8,8.8.4.4;
    min-lease-time 2592000; # 30 days
    default-lease-time 2592000; # 30 days
    max-lease-time 2592000; # 30 days
    pool {
        min-lease-time 60;
        default-lease-time 60;
        max-lease-time 60;
        deny members of "blockdhcp";
        range 192.168.0.100 192.168.0.250;
    }
}

问题是 isc-dhcp-server 显示错误消息No subnet declaration for enp0s3 (10.0.2.15)因为它要求我为 WAN 分配一个范围,这是不可能的,因为它是动态的,ISP 提供商最终可以更改IP

sudo systemctl status isc-dhcp-server
● isc-dhcp-server.service - ISC DHCP IPv4 server
     Loaded: loaded (/lib/systemd/system/isc-dhcp-server.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2023-01-18 18:29:32 -05; 7min ago
       Docs: man:dhcpd(8)
   Main PID: 17055 (dhcpd)
      Tasks: 4 (limit: 19112)
     Memory: 4.9M
        CPU: 24ms
     CGroup: /system.slice/isc-dhcp-server.service
             └─17055 dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid -cf /etc/dhcp/dhcpd.conf

ene 18 18:29:32 uservm dhcpd[17055]: Sending on   LPF/enp0s8/08:00:27:8d:e7:c9/192.168.0.0/24
ene 18 18:29:32 uservm dhcpd[17055]: 
ene 18 18:29:32 uservm dhcpd[17055]: No subnet declaration for enp0s3 (10.0.2.15).
ene 18 18:29:32 uservm dhcpd[17055]: ** Ignoring requests on enp0s3.  If this is not what
ene 18 18:29:32 uservm dhcpd[17055]:    you want, please write a subnet declaration
ene 18 18:29:32 uservm dhcpd[17055]:    in your dhcpd.conf file for the network segment
ene 18 18:29:32 uservm dhcpd[17055]:    to which interface enp0s3 is attached. **
ene 18 18:29:32 uservm dhcpd[17055]: 
ene 18 18:29:32 uservm dhcpd[17055]: Sending on   Socket/fallback/fallback-net
ene 18 18:29:32 uservm dhcpd[17055]: Server starting service.

如何避免这种情况,使这些充斥日志的错误消息不再出现?提前致谢

networking

2 个回答

  1. Best Answer

    虽然另一个答案是正确的,因为忽略这个警告是安全的,但有些人更喜欢“零警告策略”,通过提前配置系统,这样它就不会在已知情况下发出警告。那么任何警告系统仍然会产生将是有意义的,你不会在“已知和预期的警告”流中不小心错过它们。

    您可以将 dhcpd 配置为仅侦听您希望其提供服务的接口,该接口配置于/etc/default/isc-dhcp-server

    INTERFACES="enp0s8"

    (默认情况下它无处不在)。在较新的系统上,您可能需要这样设置:

    INTERFACESv4="enp0s8"
INTERFACESv6=""

    另一种抑制警告的方法是让它知道接口/子网存在,但不为其提供任何服务。库存文件中dhcpd.conf有一个如何执行此操作的示例(可能不是安装在 /etc 中的 Ubuntu 或 Debian):

    # No service will be given on this subnet, but declaring it helps the 
# DHCP server to understand the network topology.

subnet 10.152.187.0 netmask 255.255.255.0 {
}

    (将其替换为 WAN NIC 上的网络)。这正是警告本身所暗示的。

    • 2 
  2. ene 18 18:29:32 uservm dhcpd[17055]: No subnet declaration for enp0s3 (10.0.2.15).
ene 18 18:29:32 uservm dhcpd[17055]: ** Ignoring requests on enp0s3.  If this is not what
ene 18 18:29:32 uservm dhcpd[17055]:    you want, please write a subnet declaration
ene 18 18:29:32 uservm dhcpd[17055]:    in your dhcpd.conf file for the network segment
ene 18 18:29:32 uservm dhcpd[17055]:    to which interface enp0s3 is attached. **

    这意味着,“我对那个接口和它所连接的子网一无所知,因此我将忽略来自它的任何 DHCP 请求”。这很好,因为您实际上并不想在 WAN 接口上提供 DHCP 服务。

    忽略警告并继续。

    • 0

相关问题