Difference between revisions of "Dhcp"

From wiki
Jump to navigation Jump to search
 
Line 3: Line 3:
 
==IPv6==
 
==IPv6==
  
[[IPv6]] addresses can beadvertised by the radvd (often on your ISP's router). These are based on the MAC address of the client or pseudo randomly generated. For more control over the addresses you can run a dhcp server. When the [https://www.isc.org/dhcp/ ISC dhcp server] is used you need separate instances for the IPv4 and the IPv6 server.
+
[[IPv6]] addresses can be advertised by the radvd (often on your ISP's router). These are based on the MAC address of the client or pseudo randomly generated. For more control over the addresses you can run a dhcp server. When the [https://www.isc.org/dhcp/ ISC dhcp server] is used you need separate instances for the IPv4 and the IPv6 server.
  
 
Sample configuration file (/etc/dhcp/dhcpd6.conf).
 
Sample configuration file (/etc/dhcp/dhcpd6.conf).
Line 23: Line 23:
 
   }
 
   }
 
</syntaxhighlight>
 
</syntaxhighlight>
Host for fixed addresses are found by their DUID. Only way I know to find it on the server is from the logfile (/var/log/syslog). On the client it is in /var/lib/dhcp/dhclient6.leases.
+
Hosts for fixed addresses are found by their DUID. Only way I know to find it on the server is from the logfile (/var/log/syslog). On the client it is in /var/lib/dhcp/dhclient6.leases.
 +
 +
The firewall on the client needs to be open on the Link Local address (in the FE80::/10) range on port 546
  
 
==IPv4==
 
==IPv4==

Latest revision as of 07:48, 20 December 2020

Dynamic Host Configuration Protocol

IPv6

IPv6 addresses can be advertised by the radvd (often on your ISP's router). These are based on the MAC address of the client or pseudo randomly generated. For more control over the addresses you can run a dhcp server. When the ISC dhcp server is used you need separate instances for the IPv4 and the IPv6 server.

Sample configuration file (/etc/dhcp/dhcpd6.conf).

log-facility local7;
default-lease-time 86400;
max-lease-time 604800;

subnet6 your:site:ipv6:prefix::/64 {
#  range6 your:ipv6:prefix:address:1::f000 your:ipv6:prefix:address:1::ffff;

  option dhcp6.domain-search "local.domain.tld";
  option dhcp6.name-servers <name-server-address>;
  option ntp-servers ntp.domain.tld;

  host host1name {
   host-identifier option dhcp6.client-id 00:a4:00:01:45:26:4d:8e:98:8e:76:d1:09:32;
   fixed-address6 <full ipv6-address>;
  }

Hosts for fixed addresses are found by their DUID. Only way I know to find it on the server is from the logfile (/var/log/syslog). On the client it is in /var/lib/dhcp/dhclient6.leases.

The firewall on the client needs to be open on the Link Local address (in the FE80::/10) range on port 546

IPv4

Sample configuration file (/etc/dhcp/dhcpd.conf).

#
ddns-update-style none;

# option definitions common to all supported networks.
option domain-name "domain.tld";
option domain-name-servers 192.168.1.2, 208.67.222.222;
option routers 192.168.1.254;
option broadcast-address 192.168.1.255;
option ntp-servers 192.168.1.4;

# 1 day (fine for home networks, e.g. hotspots should have far shorter lease times) 
default-lease-time 86400;
# 1 week
max-lease-time 604800;

authoritative;

log-facility local7;

# Known hosts get fixed IP address defined in DNS-server
group {
 deny unknown-clients;
 # One week, these are sort of fixed addresses.
 default-lease-time 604800;

 host host1name {
  hardware ethernet ff:ff:ff:ff:ff:ff;
  fixed-address host1name.domain.tld;
 }
 host host2name {
  hardware ethernet ff:ff:ff:ff:ff:ff;
  fixed-address host2name.domain.tld;
 }
}
# All other get an address from the range
subnet 192.168.1.0 netmask 255.255.255.0 {
 range 192.168.1.100 192.168.1.199;
}

The leases are kept track of in /var/lib/dhcp/dhcpd.leases An ordinary entry looks like: tstp and cltt are for the failover protocol, most other entries are self-explaining I think.

lease 192.168.1.133 {
  starts 6 2021/03/18 11:22:00;
  ends 0 2021/03/19 11:22:00;
  tstp 0 2021/03/19 11:22:00;
  cltt 6 2021/03/19 11:22:00;
  binding state active;
  next binding state free;
  rewind binding state free;
  hardware ethernet ff:ff:ff:ff:ff:ff;
  client-hostname "host3name";
}

Traffic check

tcpdump -i eth0 port 547
Check on server side
tcpdump -i eth0 port 546
Check on client side