DHCP 伺服器 - 無法與客戶端共享 Internet
注意:我將執行 isc-dhcp-server 的伺服器稱為“DHCP-SERVER”,並將連接到我的交換機的電腦稱為“DHCP-Clients”
嗨,我目前正在建立一個網路,但我無法通過 DHCP 客戶端共享網際網路。我也在使用isc-dhcp-server 例如,我的 DHCP-SERVER 可以 ping google.com,使用 SSH 我的 dhcp-clients 登錄。我的 DHCP 客戶端可以 ping DHCP 伺服器,除此之外別無其他。執行 ping google.com 時,輸出如下
user@client1:~ $ ping google.com ping: google.com: Temporary failure in name resolution
在這裡,您可以找到 我的設置圖
DHCP伺服器
介面:
- WLAN:wlp2s0,連接到我的wifi路由器,可以與世界互動(例如ping google.com工作)
- 乙太網:enx0050b62184c1,連接到我的交換機,可以與交換機的有線客戶端互動
isri@shuttle:~$ cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback auto enx0050b62184c1 iface enx0050b62184c1 inet static address 10.0.2.1 #netmask 255.255.255.240 gateway 192.168.1.1
user@dhcp-server:~$ ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enx0050b62184c1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:50:b6:21:84:c1 brd ff:ff:ff:ff:ff:ff inet 10.0.2.1/8 brd 10.255.255.255 scope global enx0050b62184c1 valid_lft forever preferred_lft forever inet6 fe80::250:b6ff:fe21:84c1/64 scope link valid_lft forever preferred_lft forever 3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether b0:c0:90:92:c4:6b brd ff:ff:ff:ff:ff:ff inet 192.168.1.99/24 brd 192.168.1.255 scope global dynamic noprefixroute wlp2s0 valid_lft 86329sec preferred_lft 86329sec inet6 fe80::b2c0:90ff:fe92:c46b/64 scope link noprefixroute valid_lft forever preferred_lft forever
/etc/dhcp/dhcpd.conf
user@dhcp-server:~$ cat /etc/default/isc-dhcp-server # Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server) # Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf). #DHCPDv4_CONF=/etc/dhcp/dhcpd.conf #DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf # Path to dhcpd's PID file (default: /var/run/dhcpd.pid). #DHCPDv4_PID=/var/run/dhcpd.pid #DHCPDv6_PID=/var/run/dhcpd6.pid # Additional options to start dhcpd with. # Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead #OPTIONS="" # On what interfaces should the DHCP server (dhcpd) serve DHCP requests? # Separate multiple interfaces with spaces, e.g. "eth0 eth1". INTERFACESv4="enx0050b62184c1" #INTERFACESv6=""
dhcpd 配置文件
user@dhcp-server:~$ cat /etc/dhcp/dhcpd.conf # dhcpd.conf option domain-name "my-network"; # option domain-name-servers none; # option domain-name-servers 192.168.1.1; default-lease-time 600; max-lease-time 7200; ddns-update-style none; subnet 10.0.2.0 netmask 255.255.255.240 { range 10.0.2.2 10.0.2.14; option routers 10.0.2.1; host client1 { hardware ethernet b8:27:eb:d3:83:02; fixed-address 10.0.2.6; } host client2 { hardware ethernet b8:27:eb:1e:8f:9d; fixed-address 10.0.2.5; } host client3 { hardware ethernet b8:27:eb:bd:fc:16; fixed-address 10.0.2.4; } }
到目前為止我嘗試過的
我嘗試在我的 DHCP 伺服器上使用以下命令
iptables -t nat -A POSTROUTING -s 10.0.2.0/28 -j MASQUERADE
我還啟用了 net.ipv4.ip_forward。
sysctl -w net.ipv4.ip_forward=1
在我的 /etc/network/interfaces 文件中,我還嘗試將 192.168.1.1 替換為我的給定 IP 192.168.1.99。
但沒有任何效果。知道為什麼嗎?
MeMow 的回答:我更改了“option domain-name-servers none;” 到我的本地 DNS IP(由我的 ISP 提供的 IP)。現在,在 ping 一個網站時,我遇到了這個問題:
user@client1:~ $ ping google.com PING google.com (142.250.74.238) 56(84) bytes of data. From 10.0.2.1 (10.0.2.1) icmp_seq=1 Destination Host Unreachable From 10.0.2.1 (10.0.2.1) icmp_seq=2 Destination Host Unreachable From 10.0.2.1 (10.0.2.1) icmp_seq=3 Destination Host Unreachable
根據您的 ping 輸出,您仍然有路由問題。很可能它無法正常執行。它應該通過啟用
echo 1 > /proc/sys/net/ipv4/ip_forward
應添加以下行
/etc/sysctl.conf
,以免重新啟動後鬆脫。net.ipv4.ip_forward = 1
此外,您的 iptables NAT 規則不包含目的地。您需要指定 dst 或輸出介面。
iptables -t nat -A POSTROUTING -s 10.0.2.0/28 -d 0/0 -j MASQUERADE
或者
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
確保重新啟動後規則不會失去。通常應該使用以下命令將它們保存到文件中。Debian/Ubuntu:
iptables-save > /etc/iptables/rules.v4
RHEL/CentOS:
iptables-save > /etc/sysconfig/iptables