Debian-Wheezy

ISC DHCP 伺服器在虛擬介面上偵聽

  • April 24, 2015

我有一個 ISC DHCP 伺服器 4.2.2 (Debian Wheezy) 工作。我需要為未知客戶添加第二個範圍,為他們提供虛假地址(主要用於故障排除)。但是,我嘗試的任何方法似乎都不起作用。下面的 dhcpd4.conf 文件被截斷,新的子網聲明如下。

subnet 10.111.111.0 netmask 255.255.255.0 {
       range 10.111.111.5 10.111.111.250;
       allow unknown-clients;
}

subnet 192.168.XXX.0 netmask 255.255.255.0 {
 range 192.168.XXX.194 192.168.XXX.200;
 range 192.168.XXX.100 192.168.XXX.109;
 range 192.168.XXX.215 192.168.XXX.250;

       ignore unknown-clients;
 option routers 192.168.XXX.XXX;
<lots more options>
}

我知道 DHCP 伺服器會忽略 10.111.111.0 子網,如果它沒有與該子網上的 IP 的介面,所以我首先嘗試了一個虛擬的。在 /etc/network/interfaces 中,我添加了:

up ip addr add 10.111.111.1/24 dev eth0 label eth0:1

然後調出界面。ifconfig 確認它已啟動。然後我將 eth0:1 添加到 /etc/default/isc-dhcp-server :

INTERFACES="eth0 eth0:1"

然後我重新啟動了 DHCP 伺服器,但只得到以下內容:

...WARNING: Host declarations are global.  They are not limited to the scope you declared them in.
Wrote 0 deleted host decls to leases file.
Wrote 0 new dynamic host decls to leases file.
Wrote 53 leases to leases file.
Listening on LPF/eth0/00:50:XX:XX:XX:71/192.168.220.0/24
Sending on   LPF/eth0/00:50:XX:XX:XX:71/192.168.220.0/24
Sending on   Socket/fallback/fallback-net

在 192.168.220.0 上收聽,但不在 10.111.111.0 上收聽。然後我嘗試了一個更明確的命令行:

/usr/sbin/dhcpd -cf /etc/dhcp/dhcpd4.conf eth0:1

但這只給了我一個

No subnet declaration for eth0:1 (no IPv4 addresses).
** Ignoring requests on eth0:1.  If this is not what
   you want, please write a subnet declaration
   in your dhcpd.conf file for the network segment
   to which interface eth0:1 is attached. **

在網上搜尋,我找到了一個執行緒(Aliased network interfaces 和 isc dhcp server),Zoredache 的回答讓我在沒有虛擬介面的情況下嘗試了它。我已經設置好了, ip addr show 顯示介面在那裡(但 ifconfig 沒有 - 我應該擔心嗎?)。

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
   link/ether 00:50:XX:XX:XX:71 brd ff:ff:ff:ff:ff:ff
   inet 192.168.XXX.XXX/24 brd 192.168.220.255 scope global eth0
   inet 10.111.111.1/24 scope global eth0
   inet 192.168.XXX.XXX/24 scope global secondary eth0:0  

但是,在重新啟動 DHCP 伺服器後,我沒有收到正在偵聽 10.111.111.1 的消息,只是在偵聽 192.168.XXX.XXX。

任何想法我做錯了什麼?

好的,我想通了。如果您為同一介面分配了多個 IP 地址,則必須將所有子網聲明組合到另一個聲明中。例如,Linux 機器在 eth0 上有 192.168.1.1 和 10.10.10.1(都是 /24)IP。那麼一個簡單的範圍是:

shared-network mynet {
 subnet 10.10.10.0 netmask 255.255.255.0 {
     range 10.10.10.5 10.10.10.250;
     allow unknown-clients;
 }

 subnet 192.168.1.0 netmask 255.255.255.0 {
    range 192.168.1.194 192.168.1.200;
    ignore unknown-clients;
 }
}

shared-network {} 必須圍繞兩個子網聲明。然後當你啟動 dhcp 伺服器時,它會說正在監聽 mynet 而不是 IP 地址。

引用自:https://serverfault.com/questions/684123