Linux configuration complete Security DHCP server detailed

Source: Internet
Author: User
Tags range

DHCP is a Dynamic Host Configuration protocol. This protocol is used to automatically provide computers with IP addresses, subnet masks, and routing information. Network administrators typically allocate a range of IP addresses to clients on the local area network. When the device is connected to the local area network, they request an IP address from the DHCP server. The DHCP server then assigns an address to each requested device until all IP addresses within that range are assigned. The assigned IP address must be timed to extend the lease period. This deferred process, called leasing, ensures that the addresses that are assigned when the client device suddenly disconnects from the network before the IP address is normally released can be returned to the server. This article takes Redhat Linux 9.0 as an example to describe how to establish a complete and secure DHCP server.

First, establish a DHCP server configuration file

You can use the Redhat Linux 9.0 itself to carry the RPM pack installation. After the installation is complete, the DHCP port monitor dhcpd configuration file is the file named dhcpd.conf in the/etc directory. Set up the/etc/dhcpd.conf file manually below. /etc/dhcpd.conf usually consists of three parts: parameters, declarations, option.

Parameters (Parameters) in the 1.DHCP profile: Indicates how tasks are performed, whether tasks are performed, or which network configuration options are sent to the customer. The main contents are shown in table 1

Parameters Explain
Ddns-update-style Configure DHCP-DNS Interactive update mode.
Default-lease-time Specify the length of the lease time in the province, the unit is seconds.
Max-lease-time Specifies the maximum length of the lease time, in seconds.
Hardware Specifies the NIC interface type and MAC address.
Server-name Notifies the DHCP client server name.
Get-lease-hostnames Flag Check the IP address used by the client.
Fixed-address IP Assign to the client a fixed address.
Authritative Reject the request for an incorrect IP address.
2. Declarations (Declaration) in the DHCP configuration file: Used to describe the network layout, provide the customer's IP address, and so on. The main contents are shown in table 2:

Statement Explain
Shared-network Used to tell if some subnets share the same network.
Subnet Describes whether an IP address belongs to the subnet.
Range Start IP Termination IP Provides a range of dynamically allocated IP.
Host hostname Name Refer to the special host.
Group Provides a declaration for a set of parameters.
Allow Unknown-clients;deny unknown-client Whether to dynamically assign IP to unknown consumers.
Allow Bootp;deny BOOTP Whether to respond to activation queries.
Allow Booting;deny booting Whether to respond to a user query.
FileName Begins the name of the startup file, applied to the diskless workstation.
Next-server Set up the server to mount from the boot file, such as the hostname, to the diskless workstation.

3. option in the DHCP configuration file: Used to configure DHCP optional parameters, starting with the option keyword, which includes table 3:

Options Explain
Subnet-mask Sets the subnet mask for the client.
Domain-name Indicates the DNS name for the client.
Domain-name-servers Indicates the DNS server IP address for the client.
Host-name Specifies the host name for the client.
Routers Set the default gateway for the client.
Broadcast-address Set the broadcast address for the client.
Ntp-server Set the network time server IP address for the client.
Time-offset The offset time for the client setting and GMT, in seconds.

Note: If the client is using a Windows operating system, do not select the "host-name" option, that is, do not specify a host name for it.

The following is a DHCP profile used by the author, which is a Class C network with a total of 126 IP addresses that can be assigned an example. Readers can copy and use, note that the red part must be modified.

Ddns-update-style Interim;

Ignore client-updates;

Subnet 192.168.1.0 netmask 255.255.255.0 {

Option routers 192.168.1.254;

Option Subnet-mask 255.255.255.0;

Option broadcast-address 192.168.1.255;

Option Domain-name-servers 192.168.1.3;

Option Domain-name "www.cao.com"; #dns Name #

Option Domain-name-servers 192.168.1.3;

Option time-offset-18000;

Range DYNAMIC-BOOTP 192.168.1.128 192.168.1.255;

Default-lease-time 21600;

Max-lease-time 43200;

Host NS {

Hardware Ethernet 52:54:ab:34:5b:09;# The MAC address of the network interface running DHCP

Fixed-address 192.168.1.9;

}

}

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.