DHCP principle and configuration in Linux Network

1, DHCP service

1. DHCP (Dynamic Host Configuration Protocol)

(1) Designed and developed by Internet task force
(2) It is specially used for self allocation of computers in TCP/IP networks ТСР/ Protocol of IP parameters

2. Benefits of using DHCP

(1) Reduce administrator workload
(2) Avoid the possibility of input errors
(3) Avoid IP address conflicts
(4) When changing the IP address segment, there is no need to reconfigure the IP address of each user
(5) Improved IP address utilization
(6) Convenient client configuration

2, DHCP lease process

1. The process by which a client obtains an IP address from a DHCP server is called the DHCP lease process
2. There are four steps

1. The client searches the network for servers

When a DHCP client starts, the client does not have an IP address, so the client needs to obtain a legal address through DHCP.
At this time, the DHCP client sends DHCP Discover discovery information by broadcasting to find the DHCP server

2. The server responds to the client service

When the DHCP server receives the information from the client requesting the IP address, it will find out whether there is a legal IP address provided to the client in its own IP address pool.
If yes, the DHCP server marks this IP address, adds it to the DHCP Offer message, and then broadcasts a DHCP Offer message

3. Client select IP address

The DHCP client extracts the IP address from the first DHCP Offer message received, and the DHCP server that sends the IP address reserves the address, so that the address can no longer be assigned to another DHCP client

4. The server determines the lease

After receiving the DHCP Request message, the DHCP server broadcasts a successful confirmation to the client in the form of DHCP ACK message, which contains the valid lease of IP address and other configurable information
When the client receives the DHCP ACK message, configure the IP address and complete the initialization of TCP/IP

5. Login again

Each time the DHCP client logs in to the network again, it does not need to send the DHCP Discover information, but directly send the DHCP Request information containing the last assigned IP address

6. Renewal lease

When the lease term of the IP address leased by the DHCP server to the client reaches 50%, the lease needs to be updated
The client sends a DHCP Request packet directly to the server providing the lease, requesting to update the existing address lease

3, Dynamically configure host addresses using DHCP

1. DHCP service

(1) Automatically assign addresses to a large number of clients and provide centralized management
(2) Reduce management and maintenance costs and improve network configuration efficiency

2. The assignable address information mainly includes

(1) IP address and subnet mask of network card
(2) Corresponding network address and broadcast address
(3) Default gateway address
(4) DNS server address

4, Install DHCP server

1. DHCP server software

(1) Dhcp-4.2.5-47 in CentOS CD el7. centos. x86_ 64.rpm
(2) Main files of DHCP package
Main configuration file: /etc/dhcpd conf
Executor: / usr/sbin/dhcpd, / usr / SBIN / dhcrawley

2. Main configuration file: dhcpd Content composition of conf

ddns-update-style  interim;     #Global configuration parameters
subnet  netmask {       #Segment declaration
   option routers;       #configuration option
   default-lease-time 21600;   #configuration parameter
   host ns {
      fixed-address;    #Host declaration

3. Master profile: global settings that apply to the entire DHCP server

ddns-update-style    none;
default-lease-time    21600;
max-lease-time        43200;
option  domain-name  "domain.org";
option  domain-name-servers;

5, To configure a DHCP server

stay ensp Medium configuration DHCP relay-------
dhcp enable         #Enable DHCP function
interface vlanif10 
 ip address
 dhcp select relay                         #Enable DHCP relay function
 dhcp relay server-ip       #Address to DHCP server    
interface vlanif20
 ip address
 dhcp select relay
 dhcp relay server-ip
interface Vlanif100
 ip address
 dhcp select relay
 dhcp relay server-ip
----stay centos Configuration in virtual machine-----
yum install  -y  dhcp

cd  /etc/dhcp/
less  dhcpd.conf

cd   /usr/share/doc/dhcp-4.2.5/
less  dhcpd. conf.example

cp   /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example   /etc/dhcp/dhcpd. conf
vim  /etc/dhcp/dhcpd. conf        
------Set global configuration parameters------
default-lease-time  21600;         # The default lease is 6 hours in seconds
max-lease-time    43200;           #The maximum lease is 12 hours in seconds
option  domain-name  "xxxx.com";           #Specify default domain name
option domain-name-servers,;         #Specify DNS server address
ddns-update-style  none;                  #Disable DNS dynamic updates
----subnet Segment declaration(Applies to the whole subnet segment, and some configuration parameters have priority over the global configuration parameters)
subnet  netmask {             #Declare the network segment address to be assigned
     range;                    #Set address pool
     option routers;                                   #Specify the default gateway address

subnet  netmask {
   option  routers;
subnet  netmask {
   option routers;
-------host Host declaration(Assign fixed to stand-alone IP address)------
host  hostname {                          #Specify the name of the client that needs to be assigned a fixed IP address
  hardware ethernet 00:c0:c3:22:46:81;    #Specify the MAC address of the host  
  fixed-address;          #Specify the IP address reserved for this host  

---------Turn the firewall service on and off------------
systemctl   start  dhcp
systemctl  stop   firewalld
setenforce 0

netstat -anpu | grep ":67"

-----If DHCP Service startup failed,You can view the log file to troubleshoot errors------
tail -f /var/log/messages

6, FTP file transfer

FTP service ---- the protocol used to transfer files
By default, the FTP server uses ports 20 and 21 of TCP protocol to communicate with the client
Port 20 is used to establish data connection and transfer file data
Port 21 is used to establish a control connection and transmit FTP control commands
FTP data connection is divided into active mode and passive mode
Active mode: the server initiates data connection actively
Passive mode: the server passively waits for the data connection

yum install -y vsftpd
cd /etc/vsftpd/
cp vsftpd.conf vsftpd.conf.bak

Set the for anonymous user access FTP service(Maximum permission)
----Modify profile----
vim /etc/vsftpd/vsftpd.conf
anonymous enable=YES             #Enable anonymous user access. It is enabled by default
write_enable=YES                 #Open the write permission of the server (to upload, it must be enabled). It is enabled by default
anon_umask=022                  #Set the permission mask (unmask) of the data uploaded by anonymous users. It is enabled by default
anon_upload_enable=YES          #Allow anonymous users to upload files. It is annotated by default and needs to be uncommented
anon_mkdir_write_enable=YES     #Allow anonymous users to create (upload) directories. It is annotated by default and needs to be uncommented
anon_other_write_enable=YES     #Delete, rename, overwrite and other operations are allowed. Need to add

----For anonymous access ftp Under the root directory of pub Set maximum permissions for subdirectories,For anonymous users to upload data-----
chmod 777  /var/ftp/pub/

----Open service,Turn off firewalls and enhanced security-----
systemctl start vsftpd
systemctl stop firewalld
setenforce 0
----Anonymous access test----
stay windows System on "start" menu,input cmd Command opens the command prompt
----establish ftp connect------
----Anonymous access with user name ftp,If the password is blank, enter directly to complete the login
ftp> pwd        #The root directory of anonymous FTP access is / var/ftp / directory of Linux system
ftp> ls         #View current directory
ftp> cd pub     #Switch to the pub directory
ftp> get file name   #Download the file to the Current windows local directory
ftp> put file name   #Upload files to ftp directory
ftp> quit        #sign out
Set up local user authentication access ftp,And prohibit switching to ftp Directory other than (the default login root directory is the home directory of the local user)
----Modify profile-----
vim  /etc/vsftpd/vsftpd.conf
local_enable=Yes      #Enable local users
anonymous_enable=NO   #Turn off anonymous user access
write_enable=YES      #Open the write permission of the server (to upload, it must be enabled)
anon_umask=077        #You can set that only the host user has the permission of the uploaded file (unmask)
chroot_local_user=YES  #Imprison access in the user's Host Directory
allow_writeable_chroot=YES     #Allow restricted user home directory to have write permission

---Restart service-----
systemctl restart vsftpd

----Modify the default root directory of anonymous users and local users------
anon_root=/var/www/html   #anon_root for anonymous users
local_root=/var/www/html  #local_root for system users

Posted by mydimension on Fri, 15 Apr 2022 13:37:30 +0930