ISC DHCP 伺服器在虛擬介面上偵聽
我有一個 ISC DHCP 伺服器 4.2.2 (Debian Wheezy) 工作。我需要為未知客戶添加第二個範圍,為他們提供虛假地址(主要用於故障排除)。但是,我嘗試的任何方法似乎都不起作用。下面的 dhcpd4.conf 文件被截斷,新的子網聲明如下。
subnet 10.111.111.0 netmask 255.255.255.0 { range 10.111.111.5 10.111.111.250; allow unknown-clients; } subnet 192.168.XXX.0 netmask 255.255.255.0 { range 192.168.XXX.194 192.168.XXX.200; range 192.168.XXX.100 192.168.XXX.109; range 192.168.XXX.215 192.168.XXX.250; ignore unknown-clients; option routers 192.168.XXX.XXX; <lots more options> }
我知道 DHCP 伺服器會忽略 10.111.111.0 子網,如果它沒有與該子網上的 IP 的介面,所以我首先嘗試了一個虛擬的。在 /etc/network/interfaces 中,我添加了:
up ip addr add 10.111.111.1/24 dev eth0 label eth0:1
然後調出界面。ifconfig 確認它已啟動。然後我將 eth0:1 添加到 /etc/default/isc-dhcp-server :
INTERFACES="eth0 eth0:1"
然後我重新啟動了 DHCP 伺服器,但只得到以下內容:
...WARNING: Host declarations are global. They are not limited to the scope you declared them in. Wrote 0 deleted host decls to leases file. Wrote 0 new dynamic host decls to leases file. Wrote 53 leases to leases file. Listening on LPF/eth0/00:50:XX:XX:XX:71/192.168.220.0/24 Sending on LPF/eth0/00:50:XX:XX:XX:71/192.168.220.0/24 Sending on Socket/fallback/fallback-net
在 192.168.220.0 上收聽,但不在 10.111.111.0 上收聽。然後我嘗試了一個更明確的命令行:
/usr/sbin/dhcpd -cf /etc/dhcp/dhcpd4.conf eth0:1
但這只給了我一個
No subnet declaration for eth0:1 (no IPv4 addresses). ** Ignoring requests on eth0:1. If this is not what you want, please write a subnet declaration in your dhcpd.conf file for the network segment to which interface eth0:1 is attached. **
在網上搜尋,我找到了一個執行緒(Aliased network interfaces 和 isc dhcp server),Zoredache 的回答讓我在沒有虛擬介面的情況下嘗試了它。我已經設置好了, ip addr show 顯示介面在那裡(但 ifconfig 沒有 - 我應該擔心嗎?)。
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:50:XX:XX:XX:71 brd ff:ff:ff:ff:ff:ff inet 192.168.XXX.XXX/24 brd 192.168.220.255 scope global eth0 inet 10.111.111.1/24 scope global eth0 inet 192.168.XXX.XXX/24 scope global secondary eth0:0
但是,在重新啟動 DHCP 伺服器後,我沒有收到正在偵聽 10.111.111.1 的消息,只是在偵聽 192.168.XXX.XXX。
任何想法我做錯了什麼?
好的,我想通了。如果您為同一介面分配了多個 IP 地址,則必須將所有子網聲明組合到另一個聲明中。例如,Linux 機器在 eth0 上有 192.168.1.1 和 10.10.10.1(都是 /24)IP。那麼一個簡單的範圍是:
shared-network mynet { subnet 10.10.10.0 netmask 255.255.255.0 { range 10.10.10.5 10.10.10.250; allow unknown-clients; } subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.194 192.168.1.200; ignore unknown-clients; } }
shared-network {} 必須圍繞兩個子網聲明。然後當你啟動 dhcp 伺服器時,它會說正在監聽 mynet 而不是 IP 地址。