目录
项目前准备
项目要求 1、DHCP服务器能够为两个网络分别分配IP地址。
2、内部客户机设置为固定获得某一个IP地址。
项目前准备
1、准备四台虚拟机,分为DHCP服务器、内部客户机、路由器和外部客户机
2、配置网络连接模式
DHCP服务器和内部客户机
路由器
外部客户机
一、DHCP服务器配置(Rocky8)
1,关闭防火墙、安全上下文
[root@localhost ~]# systemctl disable --now firewalld
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead) since Mon 2025-06-16 22:13:06 EDT; 36s ago
Docs: man:firewalld(1)
Process: 329610 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCC>
Main PID: 329610 (code=exited, status=0/SUCCESS)
6月 16 22:12:46 bogon systemd[1]: Starting firewalld - dynamic firewall daemon...
6月 16 22:12:46 bogon systemd[1]: Started firewalld - dynamic firewall daemon.
6月 16 22:12:46 bogon firewalld[329610]: WARNING: AllowZoneDrifting is enabled. This is considered an insecu>
6月 16 22:13:04 bogon systemd[1]: Stopping firewalld - dynamic firewall daemon...
6月 16 22:13:06 bogon systemd[1]: firewalld.service: Succeeded.
6月 16 22:13:06 bogon systemd[1]: Stopped firewalld - dynamic firewall daemon.
[root@localhost ~]# getenforce
Permissive
2、配置网卡文件
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.100.1
PREFIX=24
GATEWAY=192.168.100.254
[root@localhost ~]# systemctl restart NetworkManager
[root@localhost dhcp]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:5b:74:6c brd ff:ff:ff:ff:ff:ff
altname enp2s1
inet 192.168.100.1/24 brd 192.168.100.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe5b:746c/64 scope link
valid_lft forever preferred_lft forever
3、安装hdcp-server
[root@localhost ~]# yum install -y dhcp-server
Rocky Linux 8 - AppStream 2.7 kB/s | 4.8 kB 00:01
Rocky Linux 8 - AppStream 3.1 MB/s | 19 MB 00:05
Rocky Linux 8 - BaseOS 4.1 kB/s | 4.3 kB 00:01
Rocky Linux 8 - BaseOS 4.9 MB/s | 26 MB 00:05
Rocky Linux 8 - Extras 2.5 kB/s | 3.1 kB 00:01
Rocky Linux 8 - Extras 12 kB/s | 15 kB 00:01
依赖关系解决。
=============================================================================================================
软件包 架构 版本 仓库 大小
=============================================================================================================
安装:
dhcp-server x86_64 12:4.3.6-50.el8_10 baseos 529 k
安装依赖关系:
bind-export-libs x86_64 32:9.11.36-16.el8_10.4 baseos 1.1 M
dhcp-common noarch 12:4.3.6-50.el8_10 baseos 207 k
dhcp-libs x86_64 12:4.3.6-50.el8_10 baseos 147 k
事务概要
=============================================================================================================
安装 4 软件包
总下载:2.0 M
安装大小:4.6 M
下载软件包:
(1/4): dhcp-libs-4.3.6-50.el8_10.x86_64.rpm 381 kB/s | 147 kB 00:00
(2/4): dhcp-common-4.3.6-50.el8_10.noarch.rpm 509 kB/s | 207 kB 00:00
(3/4): dhcp-server-4.3.6-50.el8_10.x86_64.rpm 2.4 MB/s | 529 kB 00:00
(4/4): bind-export-libs-9.11.36-16.el8_10.4.x86_64.rpm 1.7 MB/s | 1.1 MB 00:00
-------------------------------------------------------------------------------------------------------------
总计 1.1 MB/s | 2.0 MB 00:01
Rocky Linux 8 - BaseOS 1.6 MB/s | 1.6 kB 00:00
导入 GPG 公钥 0x6D745A60:
Userid: "Release Engineering <[email protected]>"
指纹: 7051 C470 A929 F454 CEBE 37B7 15AF 5DAC 6D74 5A60
来自: /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
导入公钥成功
运行事务检查
事务检查成功。
运行事务测试
事务测试成功。
运行事务
准备中 : 1/1
安装 : dhcp-libs-12:4.3.6-50.el8_10.x86_64 1/4
安装 : dhcp-common-12:4.3.6-50.el8_10.noarch 2/4
安装 : bind-export-libs-32:9.11.36-16.el8_10.4.x86_64 3/4
运行脚本: bind-export-libs-32:9.11.36-16.el8_10.4.x86_64 3/4
运行脚本: dhcp-server-12:4.3.6-50.el8_10.x86_64 4/4
安装 : dhcp-server-12:4.3.6-50.el8_10.x86_64 4/4
运行脚本: dhcp-server-12:4.3.6-50.el8_10.x86_64 4/4
验证 : bind-export-libs-32:9.11.36-16.el8_10.4.x86_64 1/4
验证 : dhcp-common-12:4.3.6-50.el8_10.noarch 2/4
验证 : dhcp-libs-12:4.3.6-50.el8_10.x86_64 3/4
验证 : dhcp-server-12:4.3.6-50.el8_10.x86_64 4/4
已安装:
bind-export-libs-32:9.11.36-16.el8_10.4.x86_64 dhcp-common-12:4.3.6-50.el8_10.noarch
dhcp-libs-12:4.3.6-50.el8_10.x86_64 dhcp-server-12:4.3.6-50.el8_10.x86_64
完毕!
4、配置dhcp服务
[root@localhost ~]# cd /etc/dhcp
[root@localhost dhcp]# ls
dhclient.d dhcpd6.conf dhcpd.conf
[root@localhost dhcp]# vim dhcpd.conf
#查看路径并复制(/usr/share/doc/dhcp-server/dhcpd.conf.example)
[root@localhost dhcp]# cp /usr/share/doc/dhcp-server/dhcpd.conf.example ./
[root@localhost dhcp]# ls
dhclient.d dhcpd6.conf dhcpd.conf dhcpd.conf.example
[root@localhost dhcp]# cp dhcpd.conf.example dhcpd.conf
cp:是否覆盖'dhcpd.conf'? yes
[root@localhost dhcp]# ls
dhclient.d dhcpd6.conf dhcpd.conf dhcpd.conf.example
#多地址池配置#
[root@localhost dhcp]# vim dhcpd.conf
#找到这项最全的,更改里面的参数#
# A slightly different configuration for an internal subnet.
subnet 192.168.100.0 netmask 255.255.255.0 {
range 192.168.100.2 192.168.100.253;
option domain-name-servers 192.168.100.1;
#option domain-name "internal.example.org";
option routers 192.168.100.254;
option broadcast-address 192.168.100.255;
default-lease-time 600;
max-lease-time 7200;
}
subnet 192.168.200.0 netmask 255.255.255.0 {
range 192.168.200.2 192.168.200.253;
option domain-name-servers 192.168.100.1;
#option domain-name "internal.example.org";
option routers 192.168.200.254;
option broadcast-address 192.168.200.255;
default-lease-time 600;
max-lease-time 7200;
}
#找到此项更改,绑定单一地址#
set.host ens37(#更改成绑定单一地址的客户端的网卡名#) {
hardware ethernet 00:0c:29:7b:65:46(#找到绑定单一地址的客户端的网卡MAC,更改此MAAC地址#);
fixed-address 192.168.100.100(#更改成固定的IP地址);
}
5、重启dhcp服务
[root@localhost dhcp]# systemctl restart dhcpd
[root@localhost dhcp]# systemctl enable --now dhcpd
Created symlink /etc/systemd/system/multi-user.target.wants/dhcpd.service → /usr/lib/systemd/system/dhcpd.service.二、配置路由器
1、添加两块网卡并更改网卡配置文件
[root@bogon ~]# cd /etc/sysconfig/network-scripts/
[root@bogon network-scripts]# ls
ifcfg-ens33 ifdown-eth ifdown-post ifdown-TeamPort ifup-eth ifup-plip ifup-sit init.ipv6-global
[root@bogon Packages]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:29:e3:11 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.4/24 brd 192.168.100.255 scope global dynamic ens33
valid_lft 394sec preferred_lft 394sec
inet6 fe80::6acc:265f:ab9d:d3b6/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:29:e3:1b brd ff:ff:ff:ff:ff:ff
inet 192.168.200.254/24 brd 192.168.200.255 scope global noprefixroute ens37
valid_lft forever preferred_lft forever
inet6 fe80::e3e4:845e:bce5:e922/64 scope link noprefixroute
valid_lft forever preferred_lft forever
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:10:4b:1a brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:10:4b:1a brd ff:ff:ff:ff:ff:ff
[root@bogon network-scripts]# cp ifcfg-33 ifcfg-37
[root@bogon network-scripts]# vim ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.100.254
PREFIX=24
[root@bogon network-scripts]# vim ifcfg-ens37
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens37
DEVICE=ens37
ONBOOT=yes
IPADDR=192.168.200.254
PREFIX=24
[root@bogon network-scripts]# systemctl restart NetworkManager
[root@bogon network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:29:e3:11 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.254/24 brd 192.168.100.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.100.4/24 brd 192.168.100.255 scope global secondary dynamic ens33
valid_lft 545sec preferred_lft 545sec
inet6 fe80::6acc:265f:ab9d:d3b6/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:29:e3:1b brd ff:ff:ff:ff:ff:ff
inet 192.168.200.254/24 brd 192.168.200.255 scope global noprefixroute ens37
valid_lft forever preferred_lft forever
inet6 fe80::e3e4:845e:bce5:e922/64 scope link noprefixroute
valid_lft forever preferred_lft forever
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:10:4b:1a brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:10:4b:1a brd ff:ff:ff:ff:ff:ff
2、配置路由功能
[root@bogon ~]# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
[root@bogon ~]# sysctl -p
net.ipv4.ip_forward = 1
3、挂载本地镜像并安装dhcp服务
[root@bogon ~]#mount /dev/sr0 /mnt
[root@bogon ~]# cd /mnt/Packages/
[root@bogon Packages]# rpm -ivh dhcp-4.2.5-82.el7.centos.x86_64.rpm
警告:dhcp-4.2.5-82.el7.centos.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEY
准备中... ################################# [100%]
正在升级/安装...
1:dhcp-12:4.2.5-82.el7.centos ################################# [100%]
[root@bogon Packages]# systemctl restart dhcpd
[root@bogon Packages]# systemctl enable --now dhcpd4、配置中继转发
[root@bogon Packages]# dhcrelay 192.168.100.1
Dropped all unnecessary capabilities.
Internet Systems Consortium DHCP Relay Agent 4.2.5
Copyright 2004-2013 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/virbr0/52:54:00:10:4b:1a
Sending on LPF/virbr0/52:54:00:10:4b:1a
Listening on LPF/ens37/00:0c:29:29:e3:1b
Sending on LPF/ens37/00:0c:29:29:e3:1b
Listening on LPF/ens33/00:0c:29:29:e3:11
Sending on LPF/ens33/00:0c:29:29:e3:11
Sending on Socket/fallback三、客户端查看
验证结果
内部客户机
[root@localhost ~]# ip a
1: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:7b:65:46 brd ff:ff:ff:ff:ff:ff
altname enp2s5
inet 192.168.100.100/24 brd 192.168.200.255 scope global dynamic noprefixroute ens37
valid_lft 160sec preferred_lft 160sec
inet6 fe80::20c:29ff:fe7b:6546/64 scope link noprefixroute
valid_lft forever preferred_lft forever外部客户机
[root@localhost ~]# ip a
1: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:7b:65:46 brd ff:ff:ff:ff:ff:ff
altname enp2s5
inet 192.168.200.2/24 brd 192.168.200.255 scope global dynamic noprefixroute ens37
valid_lft 160sec preferred_lft 160sec
inet6 fe80::20c:29ff:fe7b:6546/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@localhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.200.254 0.0.0.0 UG 100 0 0 ens33
192.168.200.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
[root@localhost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search example.org
nameserver 192.168.100.1
四、脚本配置
1、DHCP服务器配置脚本
#!/bin/bash
#关闭防火墙
if systemctl is-active firewalld &>/dev/null; then
systemctl disable --now firewalld
else
echo "防火墙已关闭"
fi
iptables -F
#关闭selinux
if [ "$(getenforce)" = "Disabled" ]; then
echo "SELinux已经关闭"
else
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
fi
#配置网卡参数
nics=$(ip a | awk -F: '/ens/{print $2}' | grep -v "^$" | tr -d ' ')
echo -e "当前系统中可供配置的网卡有:\n$nics"
while true
do
read -p "请输入要配置的网卡名称:" nic
if ! echo "$nics" | grep -q "$nic"; then
continue
fi
read -p "请输入配置网络参数的方式(dhcp|static):" tp
if [ "$tp" = "dhcp" ]; then
echo "TYPE=Ethernet
BOOTPROTO=$tp
NAME=$nic
DEVICE=$nic
ONBOOT=yes" > /etc/sysconfig/network-scripts/ifcfg-$nic
ifdown $nic; ifup $nic
elif [ "$tp" = "static" ]; then
read -p "输入IP地址:" ip
read -p "输入子网掩码:" mask
read -p "输入网关:" gw
fi
done
config_dhcp(){
echo "subnet 192.168.100.0 netmask 255.255.255.0 {
range 192.168.100.2 192.168.100.253;
option domain-name-servers ns1.internal.example.org;
option domain-name \"internal.example.org\";
option routers 192.168.100.254;
option broadcast-address 192.168.100.255;
default-lease-time 600;
max-lease-time 7200;
}
host fantasia {
hardware ethernet 08:00:07:26:c0:a5;
fixed-address 192.168.100.100;
}" > /etc/dhcp/dhcpd.conf
systemctl enable --now dhcpd
}
if rpm -q dhcp &>/dev/null
then
config_dhcp
else
yum install -y dhcp-server
config_dhcp
fi2、路由器配置脚本
#!/bin/bash
cat << EOF
请按顺序进行:
1、配置ens33网卡
2、配置ens37网卡
3、配置路由转发
4、配置中继转发
EOF
read -p "请输入你的选择:" num
case $num in
1)
# 配置ens33网卡为静态IP
# 设置为静态IP并添加IP地址和子网掩码
echo "TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.100.254
PREFIX=24" > /etc/sysconfig/network-scripts/ifcfg-ens33
echo "ens33网卡已配置为静态IP: 192.168.100.254/24"
;;
2)
# 配置ens37网卡为静态IP
# 复制并修改配置文件
cp /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-ens37
# 修改网卡名称和IP地址
sed -i 's/ens33/ens37/g' /etc/sysconfig/network-scripts/ifcfg-ens37
sed -i 's/192.168.100.254/192.168.200.254/g' /etc/sysconfig/network-scripts/ifcfg-ens37
echo "ens192网卡已配置为静态IP: 192.168.200.254/24"
;;
3)
# 配置IP转发
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
echo "已启用IPv4转发"
;;
4)
# 配置中继转发
mount /dev/sr0 /mnt
cd /mnt/Packages/
rpm -ivh dhcp-4.2.5-82.el7.centos.x86_64.rpm
systemctl restart dhcpd
systemctl enable --now dhcpd
dhcrelay 192.168.100.1
*)
echo "无效的选择,请输入1-4之间的数字"
exit 1
;;
esac