Linux configuration complete Security DHCP server detailed

DHCP is a Dynamic Host Configuration protocol. This protocol is used to automatically provide computers with IP addresses, subnet masks, and routing information. Network administrators typically allocate a range of IP addresses to clients on the local area network. When the device is connected to the local area network, they request an IP address from the DHCP server. The DHCP server then assigns an address to each requested device until all IP addresses within that range are assigned. The assigned IP address must be timed to extend the lease period. This deferred process, called leasing, ensures that the addresses that are assigned when the client device suddenly disconnects from the network before the IP address is normally released can be returned to the server. This article takes Redhat Linux 9.0 as an example to describe how to establish a complete and secure DHCP server.

First, establish a DHCP server configuration file

You can use the Redhat Linux 9.0 itself to carry the RPM pack installation. After the installation is complete, the DHCP port monitor dhcpd configuration file is the file named dhcpd.conf in the/etc directory. Set up the/etc/dhcpd.conf file manually below. /etc/dhcpd.conf usually consists of three parts: parameters, declarations, option.

Parameters (Parameters) in the 1.DHCP profile: Indicates how tasks are performed, whether tasks are performed, or which network configuration options are sent to the customer. The main contents are shown in table 1

Parameters	Explain
Ddns-update-style	Configure DHCP-DNS Interactive update mode.
Default-lease-time	Specify the length of the lease time in the province, the unit is seconds.
Max-lease-time	Specifies the maximum length of the lease time, in seconds.
Hardware	Specifies the NIC interface type and MAC address.
Server-name	Notifies the DHCP client server name.
Get-lease-hostnames Flag	Check the IP address used by the client.
Fixed-address IP	Assign to the client a fixed address.
Authritative	Reject the request for an incorrect IP address.

2. Declarations (Declaration) in the DHCP configuration file: Used to describe the network layout, provide the customer's IP address, and so on. The main contents are shown in table 2:

Statement	Explain
Shared-network	Used to tell if some subnets share the same network.
Subnet	Describes whether an IP address belongs to the subnet.
Range Start IP Termination IP	Provides a range of dynamically allocated IP.
Host hostname Name	Refer to the special host.
Group	Provides a declaration for a set of parameters.
Allow Unknown-clients;deny unknown-client	Whether to dynamically assign IP to unknown consumers.
Allow Bootp;deny BOOTP	Whether to respond to activation queries.
Allow Booting;deny booting	Whether to respond to a user query.
FileName	Begins the name of the startup file, applied to the diskless workstation.
Next-server	Set up the server to mount from the boot file, such as the hostname, to the diskless workstation.

3. option in the DHCP configuration file: Used to configure DHCP optional parameters, starting with the option keyword, which includes table 3:

Options	Explain
Subnet-mask	Sets the subnet mask for the client.
Domain-name	Indicates the DNS name for the client.
Domain-name-servers	Indicates the DNS server IP address for the client.
Host-name	Specifies the host name for the client.
Routers	Set the default gateway for the client.
Broadcast-address	Set the broadcast address for the client.
Ntp-server	Set the network time server IP address for the client.
Time-offset	The offset time for the client setting and GMT, in seconds.

Note: If the client is using a Windows operating system, do not select the "host-name" option, that is, do not specify a host name for it.

The following is a DHCP profile used by the author, which is a Class C network with a total of 126 IP addresses that can be assigned an example. Readers can copy and use, note that the red part must be modified.

Ddns-update-style Interim; Ignore client-updates; Subnet 192.168.1.0 netmask 255.255.255.0 { Option routers 192.168.1.254; Option Subnet-mask 255.255.255.0; Option broadcast-address 192.168.1.255; Option Domain-name-servers 192.168.1.3; Option Domain-name "www.cao.com"; #dns Name # Option Domain-name-servers 192.168.1.3; Option time-offset-18000; Range DYNAMIC-BOOTP 192.168.1.128 192.168.1.255; Default-lease-time 21600; Max-lease-time 43200; Host NS { Hardware Ethernet 52:54:ab:34:5b:09;# The MAC address of the network interface running DHCP Fixed-address 192.168.1.9; } }