目录
项目前准备
项目要求 1、DHCP服务器能够为两个网络分别分配IP地址。
2、内部客户机设置为固定获得某一个IP地址。
项目前准备
1、准备四台虚拟机,分为DHCP服务器、内部客户机、路由器和外部客户机
2、配置网络连接模式
DHCP服务器和内部客户机
路由器
外部客户机
一、DHCP服务器配置(Rocky8)
1,关闭防火墙、安全上下文
[root@localhost ~]# systemctl disable --now firewalld [root@localhost ~]# setenforce 0 [root@localhost ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) since Mon 2025-06-16 22:13:06 EDT; 36s ago Docs: man:firewalld(1) Process: 329610 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCC> Main PID: 329610 (code=exited, status=0/SUCCESS) 6月 16 22:12:46 bogon systemd[1]: Starting firewalld - dynamic firewall daemon... 6月 16 22:12:46 bogon systemd[1]: Started firewalld - dynamic firewall daemon. 6月 16 22:12:46 bogon firewalld[329610]: WARNING: AllowZoneDrifting is enabled. This is considered an insecu> 6月 16 22:13:04 bogon systemd[1]: Stopping firewalld - dynamic firewall daemon... 6月 16 22:13:06 bogon systemd[1]: firewalld.service: Succeeded. 6月 16 22:13:06 bogon systemd[1]: Stopped firewalld - dynamic firewall daemon. [root@localhost ~]# getenforce Permissive
2、配置网卡文件
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 TYPE=Ethernet BOOTPROTO=static NAME=ens33 DEVICE=ens33 ONBOOT=yes IPADDR=192.168.100.1 PREFIX=24 GATEWAY=192.168.100.254 [root@localhost ~]# systemctl restart NetworkManager [root@localhost dhcp]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:5b:74:6c brd ff:ff:ff:ff:ff:ff altname enp2s1 inet 192.168.100.1/24 brd 192.168.100.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe5b:746c/64 scope link valid_lft forever preferred_lft forever
3、安装hdcp-server
[root@localhost ~]# yum install -y dhcp-server Rocky Linux 8 - AppStream 2.7 kB/s | 4.8 kB 00:01 Rocky Linux 8 - AppStream 3.1 MB/s | 19 MB 00:05 Rocky Linux 8 - BaseOS 4.1 kB/s | 4.3 kB 00:01 Rocky Linux 8 - BaseOS 4.9 MB/s | 26 MB 00:05 Rocky Linux 8 - Extras 2.5 kB/s | 3.1 kB 00:01 Rocky Linux 8 - Extras 12 kB/s | 15 kB 00:01 依赖关系解决。 ============================================================================================================= 软件包 架构 版本 仓库 大小 ============================================================================================================= 安装: dhcp-server x86_64 12:4.3.6-50.el8_10 baseos 529 k 安装依赖关系: bind-export-libs x86_64 32:9.11.36-16.el8_10.4 baseos 1.1 M dhcp-common noarch 12:4.3.6-50.el8_10 baseos 207 k dhcp-libs x86_64 12:4.3.6-50.el8_10 baseos 147 k 事务概要 ============================================================================================================= 安装 4 软件包 总下载:2.0 M 安装大小:4.6 M 下载软件包: (1/4): dhcp-libs-4.3.6-50.el8_10.x86_64.rpm 381 kB/s | 147 kB 00:00 (2/4): dhcp-common-4.3.6-50.el8_10.noarch.rpm 509 kB/s | 207 kB 00:00 (3/4): dhcp-server-4.3.6-50.el8_10.x86_64.rpm 2.4 MB/s | 529 kB 00:00 (4/4): bind-export-libs-9.11.36-16.el8_10.4.x86_64.rpm 1.7 MB/s | 1.1 MB 00:00 ------------------------------------------------------------------------------------------------------------- 总计 1.1 MB/s | 2.0 MB 00:01 Rocky Linux 8 - BaseOS 1.6 MB/s | 1.6 kB 00:00 导入 GPG 公钥 0x6D745A60: Userid: "Release Engineering <infrastructure@rockylinux.org>" 指纹: 7051 C470 A929 F454 CEBE 37B7 15AF 5DAC 6D74 5A60 来自: /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial 导入公钥成功 运行事务检查 事务检查成功。 运行事务测试 事务测试成功。 运行事务 准备中 : 1/1 安装 : dhcp-libs-12:4.3.6-50.el8_10.x86_64 1/4 安装 : dhcp-common-12:4.3.6-50.el8_10.noarch 2/4 安装 : bind-export-libs-32:9.11.36-16.el8_10.4.x86_64 3/4 运行脚本: bind-export-libs-32:9.11.36-16.el8_10.4.x86_64 3/4 运行脚本: dhcp-server-12:4.3.6-50.el8_10.x86_64 4/4 安装 : dhcp-server-12:4.3.6-50.el8_10.x86_64 4/4 运行脚本: dhcp-server-12:4.3.6-50.el8_10.x86_64 4/4 验证 : bind-export-libs-32:9.11.36-16.el8_10.4.x86_64 1/4 验证 : dhcp-common-12:4.3.6-50.el8_10.noarch 2/4 验证 : dhcp-libs-12:4.3.6-50.el8_10.x86_64 3/4 验证 : dhcp-server-12:4.3.6-50.el8_10.x86_64 4/4 已安装: bind-export-libs-32:9.11.36-16.el8_10.4.x86_64 dhcp-common-12:4.3.6-50.el8_10.noarch dhcp-libs-12:4.3.6-50.el8_10.x86_64 dhcp-server-12:4.3.6-50.el8_10.x86_64 完毕!
4、配置dhcp服务
[root@localhost ~]# cd /etc/dhcp
[root@localhost dhcp]# ls
dhclient.d dhcpd6.conf dhcpd.conf
[root@localhost dhcp]# vim dhcpd.conf
#查看路径并复制(/usr/share/doc/dhcp-server/dhcpd.conf.example)
[root@localhost dhcp]# cp /usr/share/doc/dhcp-server/dhcpd.conf.example ./
[root@localhost dhcp]# ls
dhclient.d dhcpd6.conf dhcpd.conf dhcpd.conf.example
[root@localhost dhcp]# cp dhcpd.conf.example dhcpd.conf
cp:是否覆盖'dhcpd.conf'? yes
[root@localhost dhcp]# ls
dhclient.d dhcpd6.conf dhcpd.conf dhcpd.conf.example
#多地址池配置#
[root@localhost dhcp]# vim dhcpd.conf
#找到这项最全的,更改里面的参数#
# A slightly different configuration for an internal subnet.
subnet 192.168.100.0 netmask 255.255.255.0 {
range 192.168.100.2 192.168.100.253;
option domain-name-servers 192.168.100.1;
#option domain-name "internal.example.org";
option routers 192.168.100.254;
option broadcast-address 192.168.100.255;
default-lease-time 600;
max-lease-time 7200;
}
subnet 192.168.200.0 netmask 255.255.255.0 {
range 192.168.200.2 192.168.200.253;
option domain-name-servers 192.168.100.1;
#option domain-name "internal.example.org";
option routers 192.168.200.254;
option broadcast-address 192.168.200.255;
default-lease-time 600;
max-lease-time 7200;
}
#找到此项更改,绑定单一地址#
set.host ens37(#更改成绑定单一地址的客户端的网卡名#) {
hardware ethernet 00:0c:29:7b:65:46(#找到绑定单一地址的客户端的网卡MAC,更改此MAAC地址#);
fixed-address 192.168.100.100(#更改成固定的IP地址);
}
5、重启dhcp服务
[root@localhost dhcp]# systemctl restart dhcpd [root@localhost dhcp]# systemctl enable --now dhcpd Created symlink /etc/systemd/system/multi-user.target.wants/dhcpd.service → /usr/lib/systemd/system/dhcpd.service.
二、配置路由器
1、添加两块网卡并更改网卡配置文件
[root@bogon ~]# cd /etc/sysconfig/network-scripts/ [root@bogon network-scripts]# ls ifcfg-ens33 ifdown-eth ifdown-post ifdown-TeamPort ifup-eth ifup-plip ifup-sit init.ipv6-global [root@bogon Packages]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:29:e3:11 brd ff:ff:ff:ff:ff:ff inet 192.168.100.4/24 brd 192.168.100.255 scope global dynamic ens33 valid_lft 394sec preferred_lft 394sec inet6 fe80::6acc:265f:ab9d:d3b6/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:29:e3:1b brd ff:ff:ff:ff:ff:ff inet 192.168.200.254/24 brd 192.168.200.255 scope global noprefixroute ens37 valid_lft forever preferred_lft forever inet6 fe80::e3e4:845e:bce5:e922/64 scope link noprefixroute valid_lft forever preferred_lft forever 4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 52:54:00:10:4b:1a brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000 link/ether 52:54:00:10:4b:1a brd ff:ff:ff:ff:ff:ff [root@bogon network-scripts]# cp ifcfg-33 ifcfg-37 [root@bogon network-scripts]# vim ifcfg-ens33 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy DEVICE=ens33 ONBOOT=yes IPADDR=192.168.100.254 PREFIX=24 [root@bogon network-scripts]# vim ifcfg-ens37 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens37 DEVICE=ens37 ONBOOT=yes IPADDR=192.168.200.254 PREFIX=24 [root@bogon network-scripts]# systemctl restart NetworkManager [root@bogon network-scripts]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:29:e3:11 brd ff:ff:ff:ff:ff:ff inet 192.168.100.254/24 brd 192.168.100.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet 192.168.100.4/24 brd 192.168.100.255 scope global secondary dynamic ens33 valid_lft 545sec preferred_lft 545sec inet6 fe80::6acc:265f:ab9d:d3b6/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:29:e3:1b brd ff:ff:ff:ff:ff:ff inet 192.168.200.254/24 brd 192.168.200.255 scope global noprefixroute ens37 valid_lft forever preferred_lft forever inet6 fe80::e3e4:845e:bce5:e922/64 scope link noprefixroute valid_lft forever preferred_lft forever 4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 52:54:00:10:4b:1a brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000 link/ether 52:54:00:10:4b:1a brd ff:ff:ff:ff:ff:ff
2、配置路由功能
[root@bogon ~]# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf [root@bogon ~]# sysctl -p net.ipv4.ip_forward = 1
3、挂载本地镜像并安装dhcp服务
[root@bogon ~]#mount /dev/sr0 /mnt [root@bogon ~]# cd /mnt/Packages/ [root@bogon Packages]# rpm -ivh dhcp-4.2.5-82.el7.centos.x86_64.rpm 警告:dhcp-4.2.5-82.el7.centos.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEY 准备中... ################################# [100%] 正在升级/安装... 1:dhcp-12:4.2.5-82.el7.centos ################################# [100%] [root@bogon Packages]# systemctl restart dhcpd [root@bogon Packages]# systemctl enable --now dhcpd
4、配置中继转发
[root@bogon Packages]# dhcrelay 192.168.100.1 Dropped all unnecessary capabilities. Internet Systems Consortium DHCP Relay Agent 4.2.5 Copyright 2004-2013 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Listening on LPF/virbr0/52:54:00:10:4b:1a Sending on LPF/virbr0/52:54:00:10:4b:1a Listening on LPF/ens37/00:0c:29:29:e3:1b Sending on LPF/ens37/00:0c:29:29:e3:1b Listening on LPF/ens33/00:0c:29:29:e3:11 Sending on LPF/ens33/00:0c:29:29:e3:11 Sending on Socket/fallback
三、客户端查看
验证结果
内部客户机
[root@localhost ~]# ip a 1: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:7b:65:46 brd ff:ff:ff:ff:ff:ff altname enp2s5 inet 192.168.100.100/24 brd 192.168.200.255 scope global dynamic noprefixroute ens37 valid_lft 160sec preferred_lft 160sec inet6 fe80::20c:29ff:fe7b:6546/64 scope link noprefixroute valid_lft forever preferred_lft forever
外部客户机
[root@localhost ~]# ip a 1: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:7b:65:46 brd ff:ff:ff:ff:ff:ff altname enp2s5 inet 192.168.200.2/24 brd 192.168.200.255 scope global dynamic noprefixroute ens37 valid_lft 160sec preferred_lft 160sec inet6 fe80::20c:29ff:fe7b:6546/64 scope link noprefixroute valid_lft forever preferred_lft forever [root@localhost ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.200.254 0.0.0.0 UG 100 0 0 ens33 192.168.200.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33 [root@localhost ~]# cat /etc/resolv.conf # Generated by NetworkManager search example.org nameserver 192.168.100.1
四、脚本配置
1、DHCP服务器配置脚本
#!/bin/bash
#关闭防火墙
if systemctl is-active firewalld &>/dev/null; then
systemctl disable --now firewalld
else
echo "防火墙已关闭"
fi
iptables -F
#关闭selinux
if [ "$(getenforce)" = "Disabled" ]; then
echo "SELinux已经关闭"
else
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
fi
#配置网卡参数
nics=$(ip a | awk -F: '/ens/{print $2}' | grep -v "^$" | tr -d ' ')
echo -e "当前系统中可供配置的网卡有:\n$nics"
while true
do
read -p "请输入要配置的网卡名称:" nic
if ! echo "$nics" | grep -q "$nic"; then
continue
fi
read -p "请输入配置网络参数的方式(dhcp|static):" tp
if [ "$tp" = "dhcp" ]; then
echo "TYPE=Ethernet
BOOTPROTO=$tp
NAME=$nic
DEVICE=$nic
ONBOOT=yes" > /etc/sysconfig/network-scripts/ifcfg-$nic
ifdown $nic; ifup $nic
elif [ "$tp" = "static" ]; then
read -p "输入IP地址:" ip
read -p "输入子网掩码:" mask
read -p "输入网关:" gw
fi
done
config_dhcp(){
echo "subnet 192.168.100.0 netmask 255.255.255.0 {
range 192.168.100.2 192.168.100.253;
option domain-name-servers ns1.internal.example.org;
option domain-name \"internal.example.org\";
option routers 192.168.100.254;
option broadcast-address 192.168.100.255;
default-lease-time 600;
max-lease-time 7200;
}
host fantasia {
hardware ethernet 08:00:07:26:c0:a5;
fixed-address 192.168.100.100;
}" > /etc/dhcp/dhcpd.conf
systemctl enable --now dhcpd
}
if rpm -q dhcp &>/dev/null
then
config_dhcp
else
yum install -y dhcp-server
config_dhcp
fi
2、路由器配置脚本
#!/bin/bash
cat << EOF
请按顺序进行:
1、配置ens33网卡
2、配置ens37网卡
3、配置路由转发
4、配置中继转发
EOF
read -p "请输入你的选择:" num
case $num in
1)
# 配置ens33网卡为静态IP
# 设置为静态IP并添加IP地址和子网掩码
echo "TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.100.254
PREFIX=24" > /etc/sysconfig/network-scripts/ifcfg-ens33
echo "ens33网卡已配置为静态IP: 192.168.100.254/24"
;;
2)
# 配置ens37网卡为静态IP
# 复制并修改配置文件
cp /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-ens37
# 修改网卡名称和IP地址
sed -i 's/ens33/ens37/g' /etc/sysconfig/network-scripts/ifcfg-ens37
sed -i 's/192.168.100.254/192.168.200.254/g' /etc/sysconfig/network-scripts/ifcfg-ens37
echo "ens192网卡已配置为静态IP: 192.168.200.254/24"
;;
3)
# 配置IP转发
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
echo "已启用IPv4转发"
;;
4)
# 配置中继转发
mount /dev/sr0 /mnt
cd /mnt/Packages/
rpm -ivh dhcp-4.2.5-82.el7.centos.x86_64.rpm
systemctl restart dhcpd
systemctl enable --now dhcpd
dhcrelay 192.168.100.1
*)
echo "无效的选择,请输入1-4之间的数字"
exit 1
;;
esac