Difference between revisions of "Dhcp"
m (→IPv6) |
(→IPv6) |
||
| Line 3: | Line 3: | ||
==IPv6== | ==IPv6== | ||
| − | [[IPv6]] addresses can | + | [[IPv6]] addresses can be advertised by the radvd (often on your ISP's router). These are based on the MAC address of the client or pseudo randomly generated. For more control over the addresses you can run a dhcp server. When the [https://www.isc.org/dhcp/ ISC dhcp server] is used you need separate instances for the IPv4 and the IPv6 server. |
Sample configuration file (/etc/dhcp/dhcpd6.conf). | Sample configuration file (/etc/dhcp/dhcpd6.conf). | ||
| Line 23: | Line 23: | ||
} | } | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| − | + | Hosts for fixed addresses are found by their DUID. Only way I know to find it on the server is from the logfile (/var/log/syslog). On the client it is in /var/lib/dhcp/dhclient6.leases. | |
| + | |||
| + | The firewall on the client needs to be open on the Link Local address (in the FE80::/10) range on port 546 | ||
==IPv4== | ==IPv4== | ||
Latest revision as of 09:48, 20 December 2020
Dynamic Host Configuration Protocol
IPv6
IPv6 addresses can be advertised by the radvd (often on your ISP's router). These are based on the MAC address of the client or pseudo randomly generated. For more control over the addresses you can run a dhcp server. When the ISC dhcp server is used you need separate instances for the IPv4 and the IPv6 server.
Sample configuration file (/etc/dhcp/dhcpd6.conf).
log-facility local7;
default-lease-time 86400;
max-lease-time 604800;
subnet6 your:site:ipv6:prefix::/64 {
# range6 your:ipv6:prefix:address:1::f000 your:ipv6:prefix:address:1::ffff;
option dhcp6.domain-search "local.domain.tld";
option dhcp6.name-servers <name-server-address>;
option ntp-servers ntp.domain.tld;
host host1name {
host-identifier option dhcp6.client-id 00:a4:00:01:45:26:4d:8e:98:8e:76:d1:09:32;
fixed-address6 <full ipv6-address>;
}
Hosts for fixed addresses are found by their DUID. Only way I know to find it on the server is from the logfile (/var/log/syslog). On the client it is in /var/lib/dhcp/dhclient6.leases.
The firewall on the client needs to be open on the Link Local address (in the FE80::/10) range on port 546
IPv4
Sample configuration file (/etc/dhcp/dhcpd.conf).
#
ddns-update-style none;
# option definitions common to all supported networks.
option domain-name "domain.tld";
option domain-name-servers 192.168.1.2, 208.67.222.222;
option routers 192.168.1.254;
option broadcast-address 192.168.1.255;
option ntp-servers 192.168.1.4;
# 1 day (fine for home networks, e.g. hotspots should have far shorter lease times)
default-lease-time 86400;
# 1 week
max-lease-time 604800;
authoritative;
log-facility local7;
# Known hosts get fixed IP address defined in DNS-server
group {
deny unknown-clients;
# One week, these are sort of fixed addresses.
default-lease-time 604800;
host host1name {
hardware ethernet ff:ff:ff:ff:ff:ff;
fixed-address host1name.domain.tld;
}
host host2name {
hardware ethernet ff:ff:ff:ff:ff:ff;
fixed-address host2name.domain.tld;
}
}
# All other get an address from the range
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.199;
}
The leases are kept track of in /var/lib/dhcp/dhcpd.leases An ordinary entry looks like: tstp and cltt are for the failover protocol, most other entries are self-explaining I think.
lease 192.168.1.133 {
starts 6 2021/03/18 11:22:00;
ends 0 2021/03/19 11:22:00;
tstp 0 2021/03/19 11:22:00;
cltt 6 2021/03/19 11:22:00;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet ff:ff:ff:ff:ff:ff;
client-hostname "host3name";
}
Traffic check
- tcpdump -i eth0 port 547
- Check on server side
- tcpdump -i eth0 port 546
- Check on client side