根据this answer,DHCPd租约文件每小时清除一次。目标是连续备份租约文件,因此永远不会丢失租约。这很困难,因为不清楚小时计时器是基于系统时间(例如,文件在凌晨 1 点、凌晨 2 点、凌晨 3 点等重写)还是处理时间(service_start + 1h、service_start + 2h 等)。假设租约文件在凌晨 3 点清空,租约在 2:58:55 授予;备份租约文件的服务需要在清理文件之前快速运行。
DHCPd 进程将自己的文件备份到/var/lib/dhcpd/dhcpd.leases~. 最好的选择似乎是制作一个脚本,每小时将此文件备份到另一个位置。但是,如果重新启动 DHCPd 进程并且计时器相对于该进程,则备份任务上的小时标记可能会对齐,这可能会导致一个进程读取而另一个进程写入,这可能会破坏文件(取决于它是如何完成的)。因此,备份任务需要了解 DHCPd 何时启动。这变得越来越复杂。
备份 DHCPd 租约文件的“正确”方法是什么,因此不会丢失任何租约?
我正在尝试在 linux 机器上使用 ISC DHCPv6 设置一个简单的 ipv6 网络。
这是我的 dhcpd6.conf:
subnet6 beef:fade::/112 {
max-lease-time 3600;
range6 beef:fade::100 beef:fade::fffe;
}
dhcpv6 服务器工作并将地址分配给指定范围内的连接主机,但是,连接的设备无法相互 ping 或 ping dhcpv6 服务器,因为它们使用 128 作为网络掩码。
上网查了一下,发现是因为没有RA。所以我下载并启动了 RADVD,启用了 ipv6 转发并且我的防火墙被禁用了。这是我的 radvd.conf:
interface enp1s0
{
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
prefix beef:fade::/112
{
AdvOnLink on;
AdvAutonomous off;
};
};
但这导致 radvd 说:enp1s0 prefix length should be: 64. 但我不想要前缀长度 64。我希望能够在必要时将其设置为几乎任何长度。
我该怎么做呢?我唯一的要求是我必须使用 ISC DHCPv6 实现。
另外,假设我可以让它工作。当在 DHCPv6 服务器上启用防火墙时,我必须向我的防火墙添加哪些规则才能使其正常工作。
我已经建立了一个带有 ISC BIND9 和 DHCP 服务的本地网络。新租约触发 DHCP 添加一个完美运行的 A 和 PTR 记录。
我还在dhcpd.conf. 现在我注意到 DDNS 更新仅适用于实际从 DHCP 服务器请求租约的客户端。我在网络中有一些不支持 DHCP 的设备。我仍然在dhcp.conf. 对于那些,不请求租约,现在不创建 DNS 记录。我必须以创建 DNS 记录的方式添加这些静态条目?
如果可能的话,我宁愿只使用dhcpd.conf。非常感谢任何建议!
我正在尝试为在具有动态引导范围声明的 Linux 上运行的 ISC dhcp 服务器配置故障转移。
配置文件看起来像这样(我首先在本地尝试,因此是私有范围):
authoritative;
log-facility local7;
shared-network "vm-net" {
failover peer "failover-partner" {
secondary;
address 192.168.122.4;
port 647;
peer address 192.168.122.3;
peer port 647;
max-response-delay 60;
max-unacked-updates 10;
load balance max seconds 3;
}
subnet 192.168.122.0 netmask 255.255.255.128 {
pool {
failover peer "failover-partner";
max-lease-time 1800;
range 192.168.122.0 192.168.122.127;
}
deny unknown-clients;
}
subnet 192.168.122.128 netmask 255.255.255.128 {
pool {
failover peer "failover-partner";
max-lease-time 1800;
range dynamic-bootp 192.168.122.128 192.168.122.255;
}
deny unknown-clients;
}
}
但是,守护程序重新加载失败并显示以下 syslog 错误消息:
Dec 7 14:59:07 dhcpmaster1 dhcpd[4397]: range declarations where there is a failover
Dec 7 14:59:07 dhcpmaster1 dhcpd[4397]: peer in scope. If you wish to declare an
Dec 7 14:59:07 dhcpmaster1 dhcpd[4397]: address range from which dynamic bootp leases
Dec 7 14:59:07 dhcpmaster1 dhcpd[4397]: can be allocated, please declare it within a
Dec 7 14:59:07 dhcpmaster1 dhcpd[4397]: pool declaration that also contains the "no
Dec 7 14:59:07 dhcpmaster1 dhcpd[4397]: failover" statement. The failover protocol
Dec 7 14:59:07 dhcpmaster1 dhcpd[4397]: itself does not permit dynamic bootp - this
Dec 7 14:59:07 dhcpmaster1 dhcpd[4397]: is not a limitation specific to the ISC DHCP
Dec 7 14:59:07 dhcpmaster1 dhcpd[4397]: server. Please don't ask me to defend this
Dec 7 14:59:07 dhcpmaster1 dhcpd[4397]: until you have read and really tried to understand
Dec 7 14:59:07 dhcpmaster1 dhcpd[4397]: the failover protocol specification.
Dec 7 14:59:07 dhcpmaster1 dhcpd[4397]: Configuration file errors encountered -- exiting
这是否意味着 ISC dhcp 协议不支持动态范围的故障转移?或者有没有其他方法可以配置它?
我在手册页中找不到任何进一步的信息,并且 isc.org 似乎已关闭/无法访问。
任何建议将不胜感激。
我有一个运行在 Docker 容器中的 isc-dhcp-server,我配置了一个包含 100 个可用 IP @ 的子网。
当启动我的笔记本电脑(它们都运行 Linux 操作系统)时,当它们请求 IP@ 时,它们都由 DHCP 服务器提供相同的 IP,即使它们具有不同的 MAC@。
当我查看 /var/lib/dhcp/dhcpd.leases 文件时,我看到不同的“租约”行,每台笔记本电脑一个,但 IP@ 相同。
是否有特定的配置来确保 DHCP 服务器分配不同的 IP@ 或者您是否看到这里可能有什么问题?
我正在使用 Linux DDNS 设置设置 Windows AD 服务器。Linux DDNS 按预期运行得非常好。但是,当我尝试将 AD 角色添加到 Windows Enterprise 2019 服务器时,该角色会按预期安装,但不会使用该区域的 SRV 记录更新主 DNS 数据库。
在 Wireshark 中,在 Windows AD 设置期间和之后,我可以看到对 SRV 记录的主 DNS 查询,主 DNS 以“没有这样的名称”响应。
我已允许在主 DNS 上的 named.conf.local 中更新/查询 AD 服务器,并且 AD 服务器设置为使用主 DNS 服务器的地址作为其 DNS 服务器。
我现在已经尝试了两次全新安装 AD 服务器,每次都遇到相同的问题。我不知道可能是什么问题 - 一个潜在的解决方案是否只是手动将所有必要的 SRV 记录添加到数据库文件中?
我在下面添加了配置(我知道允许地址授予太多权限,named.conf.local但我只是在试验并试图让它工作,因为这是我第一次设置它)。
/etc/bind/named.conf.local
zone "lims.co.uk" {
type master;
file "/var/lib/bind/db.lims.co.uk";
notify yes;
allow-update {
192.168.80.3;
192.168.80.7;
192.168.80.8;
192.168.80.9;
localnets;
};
allow-query {
127.0.0.1;
192.168.80.3;
192.168.80.5;
192.168.80.6;
192.168.80.7;
192.168.80.8;
192.168.80.9;
localnets;
};
allow-transfer {
192.168.80.3;
192.168.80.5;
192.168.80.6;
192.168.80.7;
192.168.80.8;
192.168.80.9;
};
};
zone "80.168.192.in-addr.arpa" {
type master;
file "/var/lib/bind/db.80.168.192.in-addr.arpa";
notify yes;
allow-update {
192.168.80.3;
192.168.80.7;
192.168.80.8;
192.168.80.9;
localnets;
};
allow-query {
127.0.0.1;
192.168.80.3;
192.168.80.5;
192.168.80.6;
192.168.80.7;
192.168.80.8;
192.168.80.9;
localnets;
};
allow-transfer {
192.168.80.3;
192.168.80.5;
192.168.80.6;
192.168.80.7;
192.168.80.8;
192.168.80.9;
};
};
/var/lib/bind/db.lims.co.uk
$ORIGIN .
$TTL 604800 ; 1 week
lims.co.uk IN SOA lims.co.uk. admin\@lims.co.uk. (
2021032201 ; serial
604800 ; refresh (1 week)
86400 ; retry (1 day)
2419200 ; expire (4 weeks)
604800 ; minimum (1 week)
)
NS ns1.lims.co.uk.
NS ns2.lims.co.uk.
A 192.168.80.7
A 192.168.80.8
A 192.168.80.9
$ORIGIN lims.co.uk.
AD1 A 192.168.80.7
BDC1 A 192.168.80.8
BDC2 A 192.168.80.9
ns1 A 192.168.80.5
ns2 A 192.168.80.6
dhcp A 192.168.80.3
db.80.168.192.in-addr.arpa
$ORIGIN .
$TTL 604800 ; 1 week
80.168.192.in-addr.arpa IN SOA 80.168.192.in-addr.arpa. admin\@lims.co.uk. (
2021032201 ; serial
604800 ; refresh (1 week)
86400 ; retry (1 day)
2419200 ; expire (4 weeks)
604800 ; minimum (1 week)
)
NS ns1.lims.co.uk.
NS ns2.lims.co.uk.
$ORIGIN 80.168.192.in-addr.arpa.
3 PTR dhcp.lims.co.uk.
5 PTR ns1.lims.co.uk.
6 PTR ns2.lims.co.uk.
7 PTR AD1.lims.co.uk.
8 PTR BDC1.lims.co.uk.
9 PTR BDC2.lims.co.uk.
$TTL 300 ; 5 minutes
99 PTR DESKTOP-9MFAP8Q.lims.co.uk.
192.168.80.3 DHCP
192.168.80.4 主 DNS
192.168.80.5 辅助 DNS
192.168.80.6 辅助 DNS
192.168.80.7 Windows 广告
192.168.80.8 备份域控制器(尚未配置)
192.168.80.9 备份域控制器(尚未配置)
更新:
我在我的 AD 服务器上收到以下错误。
DFS 复制服务未能联系域控制器以访问配置信息。复制停止。该服务将在下一个配置轮询周期内再次尝试,该周期将在 60 分钟后发生。此事件可能由 TCP/IP 连接、防火墙、Active Directory 域服务或 DNS 问题引起。
附加信息:错误:160(一个或多个参数不正确。)
此计算机现在托管指定的目录实例,但 Active Directory Web 服务无法为其提供服务。Active Directory Web 服务将定期重试此操作。
目录实例:NTDS 目录实例 LDAP 端口:389 目录实例 SSL 端口:636
我正在尝试将我的 Ubuntu Server 20.04 LTS 配置为在其网络配置中使用 DHCP。
网上很多教程都推荐我用下面的设置创建下面的文件...
root@sinj:/home/brlight# cat /etc/netplan/99_config.yaml
network:
version: 2
renderer: networkd
ethernets:
ens3:
dhcp4: true
...并运行以下命令...
root@sinj:/home/brlight# netplan --debug generate
root@sinj:/home/brlight# netplan apply
问题:服务器正在通过 DHCP 获取其设置,但无法访问 Internet。
加:
与同一网络上的其他服务器不同,该服务器似乎无法获取网关设置。
服务器没问题...
[root@ssh_brl ~]# ip route show
default via 10.0.0.1 dev eth0 proto dhcp metric 100
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.6 metric 100
10.2.0.0/24 via 10.0.0.7 dev eth0 proto dhcp metric 100
服务器有问题...
root@sinj:/home/brlight# ip route show
10.0.0.0/24 dev ens3 proto kernel scope link src 10.0.0.17
10.2.0.0/24 via 10.0.0.7 dev ens3 proto dhcp src 10.0.0.17 metric 100
其他信息:
我
root@sinj:/home/brlight# ip route show
10.0.0.0/24 dev ens3 proto kernel scope link src 10.0.0.17
10.2.0.0/24 via 10.0.0.7 dev ens3 proto dhcp src 10.0.0.17 metric 100
二
root@sinj:/home/brlight# lshw -C network
*-network
description: Ethernet controller
product: Virtio network device
vendor: Red Hat, Inc.
physical id: 3
bus info: pci@0000:00:03.0
version: 00
width: 32 bits
clock: 33MHz
capabilities: msix bus_master cap_list rom
configuration: driver=virtio-pci latency=0
resources: irq:11 ioport:c060(size=32) memory:fc056000-fc056fff memory:fc000000-fc03ffff
*-virtio0
description: Ethernet interface
physical id: 0
bus info: virtio@0
logical name: ens3
serial: 52:54:00:6c:ec:1f
capabilities: ethernet physical
configuration: autonegotiation=off broadcast=yes driver=virtio_net driverversion=1.0.0 ip=10.0.0.17 link=yes multicast=yes
三
root@sinj:/home/brlight# networkctl status ens3
● 2: ens3
Link File: /usr/lib/systemd/network/99-default.link
Network File: /run/systemd/network/10-netplan-ens3.network
Type: ether
State: routable (configured)
Path: pci-0000:00:03.0
Driver: virtio_net
Vendor: Red Hat, Inc.
Model: Virtio network device
HW Address: 52:54:00:6c:ec:1f
MTU: 1500 (min: 68, max: 65535)
Queue Length (Tx/Rx): 1/1
Auto negotiation: no
Speed: n/a
Address: 10.0.0.17 (DHCP4)
fe80::5054:ff:fe6c:ec1f
DNS: 10.0.0.1
Mar 06 01:47:12 sinj systemd-networkd[641]: ens3: IPv6 successfully enabled
Mar 06 01:47:12 sinj systemd-networkd[641]: ens3: Link UP
Mar 06 01:47:12 sinj systemd-networkd[641]: ens3: Gained carrier
Mar 06 01:47:12 sinj systemd-networkd[641]: ens3: DHCPv4 address 10.0.0.17/24 via 10.0.0.1
Mar 06 01:47:13 sinj systemd-networkd[641]: ens3: Gained IPv6LL
四
root@sinj:/home/brlight# dig www.google.com
; <<>> DiG 9.16.1-Ubuntu <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10647
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 41 IN A 172.217.30.36
;; Query time: 48 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sat Mar 06 04:37:04 UTC 2021
;; MSG SIZE rcvd: 59
五
root@sinj:/home/brlight# dhclient -v ens3
Internet Systems Consortium DHCP Client 4.4.1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/ens3/52:54:00:6c:ec:1f
Sending on LPF/ens3/52:54:00:6c:ec:1f
Sending on Socket/fallback
DHCPREQUEST for 10.0.0.17 on ens3 to 255.255.255.255 port 67 (xid=0x601d9dc1)
DHCPACK of 10.0.0.17 from 10.0.0.5 (xid=0xc19d1d60)
RTNETLINK answers: File exists
bound to 10.0.0.17 -- renewal in 933 seconds.
六
root@sinj:/home/brlight# cat /var/lib/dhcp/dhclient.leases
lease {
interface "ens3";
fixed-address 10.0.0.17;
option subnet-mask 255.255.255.0;
option dhcp-lease-time 4000;
option routers 10.0.0.1;
option dhcp-message-type 5;
option dhcp-server-identifier 10.0.0.5;
option domain-name-servers 10.0.0.1;
option dhcp-renewal-time 1000;
option rfc3442-classless-static-routes 24,10,2,0,10,0,0,7;
option dhcp-rebinding-time 2000;
option host-name "sinj";
renew 6 2021/03/06 05:20:33;
rebind 6 2021/03/06 05:38:40;
expire 6 2021/03/06 06:12:00;
}
lease {
interface "ens3";
fixed-address 10.0.0.17;
option subnet-mask 255.255.255.0;
option dhcp-lease-time 4000;
option routers 10.0.0.1;
option dhcp-message-type 5;
option dhcp-server-identifier 10.0.0.5;
option domain-name-servers 10.0.0.1;
option dhcp-renewal-time 1000;
option rfc3442-classless-static-routes 24,10,2,0,10,0,0,7;
option dhcp-rebinding-time 2000;
option host-name "sinj";
renew 6 2021/03/06 18:50:24;
rebind 6 2021/03/06 19:10:57;
expire 6 2021/03/06 19:44:17;
}
七
root@sinj:/home/brlight# ip route
10.0.0.0/24 dev ens3 proto kernel scope link src 10.0.0.17
10.2.0.0/24 via 10.0.0.7 dev ens3
10.2.0.0/24 via 10.0.0.7 dev ens3 proto dhcp src 10.0.0.17 metric 100
[参考:https://ubuntu.com/server/docs/network-configuration,http://manpages.ubuntu.com/manpages/cosmic/man5/netplan.5.html,https://www.krizna。 com/ubuntu/setup-network-ubuntu-18-04/,https://websiteforstudents.com/configure-static-ip-addresses-on-ubuntu-18-04-beta/,https://www.linuxtechi。 com/assign-static-ip-address-ubuntu-20-04-lts/]
我在主 dns 服务器上使用 bind9,两个辅助 dns 服务器处于主/从关系。我正在尝试实现 DDNS,但在添加转发映射时似乎遇到了问题,我收到了错误
无法将 DESKTOP-9MFAP8Q.student.co.uk 的正向映射添加到 192.168.80.51:SERVFAIL
我最初得到一个 REFUSED 错误,直到我将 DHCP 服务器的地址添加到主 dns 上的allow-query和allow-transfer选项中。named.conf.local我不确定这是否需要,这只是我为了让它工作而尝试的东西。
我尝试使用更改区域文件的权限
sudo chown 绑定:绑定 /etc/bind/*.db
sudo chmod 664 /etc/bind/*.db
但这对结果没有任何改变。
我将在下面发布配置文件,不胜感激。
路由器 - 192.168.80.2
DHCP - 192.168.80.3
主 DNS - 192.168.80.4
辅助 DNS - 192.168.80.5、192.168.80.6
-------------------------主 DNS------------------------ --
命名.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
key "rndc-key" {
algorithm hmac-sha256;
secret "ppxPx1DgcHkDWDgngLNlgKAETBPEEL9+k8kn9zI/iKRHMdP/8G+U4FRasufyNGOKuUGgTfNqHnOyFxs3zuWlMA==";
};
zone "student.co.uk" {
type master;
file "/etc/bind/db.student.co.uk";
notify no;
allow-query {
127.0.0.1;
192.168.80.5;
192.168.80.6;
192.168.80.3;
};
allow-transfer {
192.168.80.5;
192.168.80.6;
192.168.80.3;
};
allow-update {
{ key rndc-key; };
};
};
zone "80.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.80.168.192.in-addr.arpa";
notify no;
allow-query {
127.0.0.1;
192.168.80.5;
192.168.80.6;
};
allow-transfer {
192.168.80.5;
192.168.80.6;
};
allow-update {
{ key rndc-key; };
};
};
命名.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
8.8.8.8;
8.8.4.4;
};
allow-query {
192.168.80.5;
192.168.80.6;
127.0.0.1;
};
allow-transfer {
192.168.80.5;
192.168.80.6;
127.0.0.1;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
listen-on-v6 { any; };
};
db.80.168.192.in-addr.arpa
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
2021020902 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns1.student.co.uk.
@ IN NS ns2.student.co.uk.
150 IN PTR www.student.co.uk.
151 IN PTR www.student.co.uk.
db.student.co.uk
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
2021021902 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns1.student.co.uk.
@ IN NS ns2.student.co.uk.
ns1 IN A 192.168.80.5
ns2 IN A 192.168.80.6
www IN A 192.168.80.150
www IN A 192.168.80.151
-------------------------DHCP------------------------ -
dhcpd.conf
# option definitions common to all supported networks...
option domain-name "student.co.uk";
option domain-name-servers 192.168.80.5, 192.168.80.6;
default-lease-time 600;
max-lease-time 7200;
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-updates on;
ddns-update-style standard;
update-static-leases on;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
allow unknown-clients;
use-host-decl-names on;
key rndc-key {
algorithm hmac-sha256;
secret ppxPx1DgcHkDWDgngLNlgKAETBPEEL9+k8kn9zI/iKRHMdP/8G+U4FRasufyNGOKuUGgTfNqHnOyFxs3zuWlMA==;
};
zone student.co.uk. {
primary 192.168.80.4;
key rndc-key;
}
zone 80.168.192.in-addr.arpa. {
primary 192.168.80.4;
key rndc-key;
}
subnet 192.168.80.0 netmask 255.255.255.0 {
range 192.168.80.50 192.168.80.100;
option domain-name-servers 192.168.80.5, 192.168.80.6;
option domain-name "student.co.uk";
ddns-domainname "student.co.uk.";
ddns-rev-domainname "in-addr.arpa.";
option subnet-mask 255.255.255.0;
option routers 192.168.80.2;
option broadcast-address 192.168.80.255;
default-lease-time 600;
max-lease-time 7200;
host DOMAIN1 {
hardware ethernet 00:0c:29:20:87:b0;
fixed-address 192.168.80.99;
ddns-hostname "test";
}
}
我希望属于不同 VLAN 的设备具有不同的路由器。例如:
我这样配置 ISC DHCP 服务器:
subnet 10.0.10.0 netmask 255.255.255.0 {
option subnet-mask 255.255.0.0;
option routers 10.0.10.1;
...
pool {
failover peer "dhcp-primary";
max-lease-time 1800;
range 10.0.10.200 10.0.10.210;
}
}
subnet 10.0.11.0 netmask 255.255.255.0 {
option subnet-mask 255.255.0.0;
option routers 10.0.11.1;
...
pool {
failover peer "dhcp-primary";
max-lease-time 1800;
range 10.0.11.200 10.0.11.210;
}
}
host nmap-tests {
hardware ethernet de:ad:c0:de:ca:fe;
fixed-address 10.0.11.6;
}
不幸的是,这不起作用。当我运行nmap --script broadcast-dhcp-discover时,转储tcpdump -n -i eth0 port bootps or port bootpc -v显示原始请求:
0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from de:ad:c0:de:ca:fe ...
和回应:
10.0.10.5.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, ...
Your-IP 192.168.1.205
Client-Ethernet-Address de:ad:c0:de:ca:fe
鉴于配置,我希望 DHCP 服务器以固定地址 10.0.11.6 进行响应,而不是池中的 IP 地址。
配置有什么问题?
注意:我将运行 isc-dhcp-server 的服务器称为“DHCP-SERVER”,并将连接到我的交换机的计算机称为“DHCP-Clients”
嗨,我目前正在建立一个网络,但我无法通过 DHCP 客户端共享互联网。我也在使用isc-dhcp-server 例如,我的 DHCP-SERVER 可以 ping google.com,使用 SSH 我的 dhcp-clients 登录。我的 DHCP 客户端可以 ping DHCP 服务器,除此之外别无其他。运行 ping google.com 时,输出如下
user@client1:~ $ ping google.com
ping: google.com: Temporary failure in name resolution
在这里,您可以找到 我的设置图
接口:
isri@shuttle:~$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
auto enx0050b62184c1
iface enx0050b62184c1 inet static
address 10.0.2.1
#netmask 255.255.255.240
gateway 192.168.1.1
user@dhcp-server:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enx0050b62184c1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:b6:21:84:c1 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.1/8 brd 10.255.255.255 scope global enx0050b62184c1
valid_lft forever preferred_lft forever
inet6 fe80::250:b6ff:fe21:84c1/64 scope link
valid_lft forever preferred_lft forever
3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether b0:c0:90:92:c4:6b brd ff:ff:ff:ff:ff:ff
inet 192.168.1.99/24 brd 192.168.1.255 scope global dynamic noprefixroute wlp2s0
valid_lft 86329sec preferred_lft 86329sec
inet6 fe80::b2c0:90ff:fe92:c46b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
/etc/dhcp/dhcpd.conf
user@dhcp-server:~$ cat /etc/default/isc-dhcp-server
# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
#DHCPDv4_PID=/var/run/dhcpd.pid
#DHCPDv6_PID=/var/run/dhcpd6.pid
# Additional options to start dhcpd with.
# Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
#OPTIONS=""
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACESv4="enx0050b62184c1"
#INTERFACESv6=""
dhcpd 配置文件
user@dhcp-server:~$ cat /etc/dhcp/dhcpd.conf
# dhcpd.conf
option domain-name "my-network";
# option domain-name-servers none;
# option domain-name-servers 192.168.1.1;
default-lease-time 600;
max-lease-time 7200;
ddns-update-style none;
subnet 10.0.2.0 netmask 255.255.255.240 {
range 10.0.2.2 10.0.2.14;
option routers 10.0.2.1;
host client1 {
hardware ethernet b8:27:eb:d3:83:02;
fixed-address 10.0.2.6;
}
host client2 {
hardware ethernet b8:27:eb:1e:8f:9d;
fixed-address 10.0.2.5;
}
host client3 {
hardware ethernet b8:27:eb:bd:fc:16;
fixed-address 10.0.2.4;
}
}
我尝试在我的 DHCP 服务器上使用以下命令
iptables -t nat -A POSTROUTING -s 10.0.2.0/28 -j MASQUERADE
我还启用了 net.ipv4.ip_forward。
sysctl -w net.ipv4.ip_forward=1
在我的 /etc/network/interfaces 文件中,我还尝试将 192.168.1.1 替换为我的给定 IP 192.168.1.99。
但没有任何效果。知道为什么吗?
MeMow 的回答:我更改了“option domain-name-servers none;” 到我的本地 DNS IP(由我的 ISP 提供的 IP)。现在,在 ping 一个网站时,我遇到了这个问题:
user@client1:~ $ ping google.com
PING google.com (142.250.74.238) 56(84) bytes of data.
From 10.0.2.1 (10.0.2.1) icmp_seq=1 Destination Host Unreachable
From 10.0.2.1 (10.0.2.1) icmp_seq=2 Destination Host Unreachable
From 10.0.2.1 (10.0.2.1) icmp_seq=3 Destination Host Unreachable