RHEL8.10上搭建dhcp-relay服務

李蔚發表於2024-11-19

日期:2024.11.17
目的:在rhel8上搭建dhcp-relay服務,讓搭建在lan網段(10.31.0.0/24)中的DHCP伺服器rocky9(10.31.0.1/24),可以給dmz網段(172.31.0.0/24)中的主機提供服務
參照:

  • 鳥哥Linux私房菜
    https://linux.vbird.org/linux_server/rocky9/0220dhcp_ntp.php#9.3
  • 3.13. 設定 DHCP 轉發代理
    https://docs.redhat.com/zh_hans/documentation/red_hat_enterprise_linux/9/html/managing_networking_infrastructure_services/setting-up-a-dhcp-relay-agent_providing-dhcp-services
  • 3.9. 為沒有直接連線到 DHCP 伺服器的子網設定 DHCP 服務
    https://docs.redhat.com/zh_hans/documentation/red_hat_enterprise_linux/9/html/managing_networking_infrastructure_services/setting-up-the-dhcp-service-for-subnets-that-are-not-directly-connected-to-the-dhcp-server_providing-dhcp-services

在rhel8上安裝dhcp-relay

[root@RHEL8 ~]# dnf info dhcp-relay
Updating Subscription Management repositories.
Last metadata expiration check: 1:10:16 ago on Sat 16 Nov 2024 11:42:54 PM CST.
Available Packages
Name         : dhcp-relay
Epoch        : 12
Version      : 4.3.6
Release      : 50.el8_10
Architecture : x86_64
Size         : 237 k
Source       : dhcp-4.3.6-50.el8_10.src.rpm
Repository   : rhel-8-for-x86_64-baseos-rpms
Summary      : Provides the ISC DHCP relay agent
URL          : http://isc.org/products/DHCP/
License      : ISC
Description  : DHCP (Dynamic Host Configuration Protocol) is a protocol which allows
             : individual devices on an IP network to get their own network
             : configuration information (IP address, subnetmask, broadcast address,
             : etc.) from a DHCP server. The overall purpose of DHCP is to make it
             : easier to administer a large network.
             : 
             : This package provides the ISC DHCP relay agent.

[root@RHEL8 ~]# rpm -q dhcp-relay || yum install -y dhcp-relay

查詢相關檔案

[root@RHEL8 ~]# rpm -ql dhcp-relay
/usr/lib/.build-id
/usr/lib/.build-id/50
/usr/lib/.build-id/50/104a15d354826167bfb890dccf00f8dcaf9e4a
/usr/lib/systemd/system/dhcrelay.service
/usr/sbin/dhcrelay
/usr/share/man/man8/dhcrelay.8.gz

檢視man幫助

[root@RHEL8 ~]# man dhcrelay
       -i ifname
              Listen for DHCPv4/BOOTP traffic on interface ifname.  Multiple interfaces may be specified by using more  than  one
              -i  option.   If  no  interfaces  are specified on the command line, dhcrelay will identify all network interfaces,
              eliminating non-broadcast interfaces if possible, and attempt to listen on all of them.

       -iu ifname
              Specifies an upstream network interface: an interface from which replies from servers and other relay  agents  will
              be accepted.  Multiple interfaces may be specified by using more than one -iu option.  This argument is
               intended to be used in conjunction with one or more -i or -id arguments.
              指定上行網路介面,接收dhcp伺服器端的回覆

       -id ifname
              Specifies a downstream network interface: an interface from which requests from clients and other relay agents will
              be accepted.  Multiple interfaces may be specified by using more than one -id option.  This argument is intended to
              be used in conjunction with one or more -i or -iu arguments.
              指定下行網路介面,接收dhcp客戶端的請求

參照紅帽官方文件安裝流程:將 /lib/systemd/system/dhcrelay.service 檔案複製到 /etc/systemd/system/ 目錄中並編輯
按照man手冊的寫法指出上行和下行埠,參考鳥哥教程把日誌獨立出來方便除錯

[root@RHEL8 ~]# cp /lib/systemd/system/dhcrelay.service /etc/systemd/system/
[root@RHEL8 ~]# vim /etc/systemd/system/dhcrelay.service
[root@RHEL8 ~]# cat /etc/systemd/system/dhcrelay.service
[Unit]
Description=DHCP Relay Agent Daemon
Documentation=man:dhcrelay(8)
Wants=network-online.target
After=network-online.target

[Service]
Type=notify
ExecStart=/usr/sbin/dhcrelay -d --no-pid -id enp2s0 -iu enp3s0 10.31.0.1
StandardError=journal
StandardOutput=journal
SyslogFacility=local6

[Install]
WantedBy=multi-user.target

配置syslog指定dhcp-relay日誌檔案的路徑,啟動服務,檢視日誌

[root@RHEL8 ~]# echo 'local6.*    /var/log/dhcprelay.log' > /etc/rsyslog.d/dhcprelay.conf
[root@RHEL8 ~]# cat /etc/rsyslog.d/dhcprelay.conf
local6.*    /var/log/dhcprelay.log
[root@RHEL8 ~]# systemctl restart rsyslog.service 
[root@RHEL8 ~]# systemctl daemon-reload 
[root@RHEL8 ~]# systemctl enable --now dhcrelay.service
Created symlink /etc/systemd/system/multi-user.target.wants/dhcrelay.service → /etc/systemd/system/dhcrelay.service.
[root@RHEL8 ~]# cat /var/log/dhcprelay.log
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Requesting: enp2s0 as upstream: N downstream: Y
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Requesting: enp3s0 as upstream: Y downstream: N
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Dropped all unnecessary capabilities.
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Internet Systems Consortium DHCP Relay Agent 4.3.6
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Copyright 2004-2017 Internet Systems Consortium.
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: All rights reserved.
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: For info, please visit https://www.isc.org/software/dhcp/
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Listening on LPF/enp3s0/52:54:00:00:31:10
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Sending on   LPF/enp3s0/52:54:00:00:31:10
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Listening on LPF/enp2s0/52:54:00:00:31:72
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Sending on   LPF/enp2s0/52:54:00:00:31:72
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Sending on   Socket/fallback
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Dropped all capabilities.

在rocky9上編輯DHCP配置檔案,為172.31.0.0/24網段提供dhcp服務。
編輯完後,檢測無語法錯誤,重啟服務

[root@ROCKY9 ~]# cat /etc/dhcp/dhcpd.conf
#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp-server/dhcpd.conf.example
#   see dhcpd.conf(5) man page
#
log-facility local6;
default-lease-time 60000;
max-lease-time 600000;
option domain-name-servers 218.2.2.2, 218.4.4.4;

shared-network dmz{
    subnet 172.31.0.0 netmask 255.255.255.0 {
    range 172.31.0.100 172.31.0.199;
    option routers 172.31.0.254;
    }
}

subnet 10.31.0.0 netmask 255.255.255.0 {
    range 10.31.0.100 10.31.0.199;
    option routers 10.31.0.254;
}
[root@ROCKY9 ~]# dhcpd -t -cf /etc/dhcp/dhcpd.conf
Internet Systems Consortium DHCP Server 4.4.2b1
Copyright 2004-2019 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
ldap_gssapi_principal is not set,GSSAPI Authentication for LDAP will not be used
Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
Config file: /etc/dhcp/dhcpd.conf
Database file: /var/lib/dhcpd/dhcpd.leases
PID file: /var/run/dhcpd.pid
Source compiled to use binary-leases
[root@ROCKY9 ~]# systemctl restart dhcpd.service

在dmz網段(172.31.0.0/24)中安裝一臺centos6,透過vnc登入後啟動網路卡,預設透過dhcp獲取地址成功

rhel8上dhcp-relay的日誌

[root@RHEL8 ~]# tail -f /var/log/dhcprelay.log
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Internet Systems Consortium DHCP Relay Agent 4.3.6
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Copyright 2004-2017 Internet Systems Consortium.
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: All rights reserved.
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: For info, please visit https://www.isc.org/software/dhcp/
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Listening on LPF/enp3s0/52:54:00:00:31:10
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Sending on   LPF/enp3s0/52:54:00:00:31:10
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Listening on LPF/enp2s0/52:54:00:00:31:72
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Sending on   LPF/enp2s0/52:54:00:00:31:72
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Sending on   Socket/fallback
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Dropped all capabilities.
Nov 19 00:46:00 RHEL8 dhcrelay[1513]: Forwarded BOOTREQUEST for 52:54:00:72:31:a0 to 10.31.0.1
Nov 19 00:46:01 RHEL8 dhcrelay[1513]: Forwarded BOOTREPLY for 52:54:00:72:31:a0 to 172.31.0.100
Nov 19 00:46:01 RHEL8 dhcrelay[1513]: Forwarded BOOTREQUEST for 52:54:00:72:31:a0 to 10.31.0.1
Nov 19 00:46:01 RHEL8 dhcrelay[1513]: Forwarded BOOTREPLY for 52:54:00:72:31:a0 to 172.31.0.100

rocky9上dhcp的日誌

[root@ROCKY9 ~]# tail /var/log/dhcp.log -f
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: Internet Systems Consortium DHCP Server 4.4.2b1
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: Copyright 2004-2019 Internet Systems Consortium.
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: All rights reserved.
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: For info, please visit https://www.isc.org/software/dhcp/
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: Source compiled to use binary-leases
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: Wrote 0 leases to leases file.
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: Listening on LPF/enp1s0/52:54:00:10:31:01/10.31.0.0/24
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: Sending on   LPF/enp1s0/52:54:00:10:31:01/10.31.0.0/24
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: Sending on   Socket/fallback/fallback-net
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: Server starting service.
Nov 19 00:46:01 ROCKY9 dhcpd[1989]: DHCPDISCOVER from 52:54:00:72:31:a0 via 172.31.0.254
Nov 19 00:46:02 ROCKY9 dhcpd[1989]: DHCPOFFER on 172.31.0.100 to 52:54:00:72:31:a0 via 172.31.0.254
Nov 19 00:46:02 ROCKY9 dhcpd[1989]: DHCPREQUEST for 172.31.0.100 (10.31.0.1) from 52:54:00:72:31:a0 via 172.31.0.254
Nov 19 00:46:02 ROCKY9 dhcpd[1989]: DHCPACK on 172.31.0.100 to 52:54:00:72:31:a0 via 172.31.0.254

rocky9上udp67埠的監聽結果

[root@ROCKY9 ~]# tcpdump -v udp port 67
dropped privs to tcpdump
tcpdump: listening on enp1s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
00:46:01.439322 IP (tos 0x0, ttl 64, id 438, offset 0, flags [DF], proto UDP (17), length 328)
    _gateway.bootps > ROCKY9.bootps: BOOTP/DHCP, Request from 52:54:00:72:31:a0 (oui Unknown), length 300, hops 1, xid 0xd6260e35, Flags [none]
	  Gateway-IP 172.31.0.254
	  Client-Ethernet-Address 52:54:00:72:31:a0 (oui Unknown)
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message (53), length 1: Discover
	    Parameter-Request (55), length 13: 
	      Subnet-Mask (1), BR (28), Time-Zone (2), Classless-Static-Route (121)
	      Domain-Name (15), Domain-Name-Server (6), Hostname (12), YD (40)
	      YS (41), NTP (42), MTU (26), Unknown (119)
	      Default-Gateway (3)
00:46:02.440770 IP (tos 0x0, ttl 64, id 35258, offset 0, flags [DF], proto UDP (17), length 328)
    ROCKY9.bootps > 172.31.0.254.bootps: BOOTP/DHCP, Reply, length 300, hops 1, xid 0xd6260e35, Flags [none]
	  Your-IP 172.31.0.100
	  Gateway-IP 172.31.0.254
	  Client-Ethernet-Address 52:54:00:72:31:a0 (oui Unknown)
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message (53), length 1: Offer
	    Server-ID (54), length 4: ROCKY9
	    Lease-Time (51), length 4: 60000
	    Subnet-Mask (1), length 4: 255.255.255.0
	    Domain-Name-Server (6), length 8: dns1.ctcdma.com,dns2.ctcdma.com
	    Default-Gateway (3), length 4: 172.31.0.254
00:46:02.441569 IP (tos 0x0, ttl 64, id 1154, offset 0, flags [DF], proto UDP (17), length 328)
    _gateway.bootps > ROCKY9.bootps: BOOTP/DHCP, Request from 52:54:00:72:31:a0 (oui Unknown), length 300, hops 1, xid 0xd6260e35, Flags [none]
	  Gateway-IP 172.31.0.254
	  Client-Ethernet-Address 52:54:00:72:31:a0 (oui Unknown)
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message (53), length 1: Request
	    Server-ID (54), length 4: ROCKY9
	    Requested-IP (50), length 4: 172.31.0.100
	    Parameter-Request (55), length 13: 
	      Subnet-Mask (1), BR (28), Time-Zone (2), Classless-Static-Route (121)
	      Domain-Name (15), Domain-Name-Server (6), Hostname (12), YD (40)
	      YS (41), NTP (42), MTU (26), Unknown (119)
	      Default-Gateway (3)
00:46:02.444524 IP (tos 0x0, ttl 64, id 35260, offset 0, flags [DF], proto UDP (17), length 328)
    ROCKY9.bootps > 172.31.0.254.bootps: BOOTP/DHCP, Reply, length 300, hops 1, xid 0xd6260e35, Flags [none]
	  Your-IP 172.31.0.100
	  Gateway-IP 172.31.0.254
	  Client-Ethernet-Address 52:54:00:72:31:a0 (oui Unknown)
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message (53), length 1: ACK
	    Server-ID (54), length 4: ROCKY9
	    Lease-Time (51), length 4: 60000
	    Subnet-Mask (1), length 4: 255.255.255.0
	    Domain-Name-Server (6), length 8: dns1.ctcdma.com,dns2.ctcdma.com
	    Default-Gateway (3), length 4: 172.31.0.254

rocky9上的dhcp租約檔案

[root@ROCKY9 ~]# cat /var/lib/dhcpd/dhcpd.leases
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.4.2b1

# authoring-byte-order entry is generated, DO NOT DELETE
authoring-byte-order little-endian;

server-duid "\000\001\000\001.\316/hRT\000\0201\001";

lease 10.31.0.100 {
  starts 1 2024/11/18 17:04:26;
  ends 2 2024/11/19 09:44:26;
  cltt 1 2024/11/18 17:04:26;
  binding state active;
  next binding state free;
  rewind binding state free;
  hardware ethernet 52:54:00:10:31:a0;
  client-hostname "ubuntu16";
}
lease 172.31.0.100 {
  starts 1 2024/11/18 17:07:11;
  ends 2 2024/11/19 09:47:11;
  cltt 1 2024/11/18 17:07:11;
  binding state active;
  next binding state free;
  rewind binding state free;
  hardware ethernet 52:54:00:72:31:a0;
}
指令碼自動化 
[root@centos7 ~]# cat rhel8dhcprelay.sh 
#rhel8dhcprelay.sh
#Date: 2024-11-19
#!/bin/bash

#安裝dhcp-relay服務
rpm -q dhcp-relay || yum install -y dhcp-relay

#複製程序配置檔案至啟動路徑
cp /lib/systemd/system/dhcrelay.service /etc/systemd/system/

#編輯dhcp-relay程序啟動檔案引數
#指定下行dhcp客戶端網路卡,上行dhcp伺服器網路卡,dhcp伺服器地址
sed -Ei.bak 's/^(ExecStart=\/usr\/sbin\/dhcrelay -d --no-pid)$/\1 -id enp2s0 -iu enp3s0 10.31.0.1/' /etc/systemd/system/
#將錯誤輸出和標準輸出寫入日誌,日誌使用local6儲存
sed -Ei 's/^(StandardError=)null$/\1journal/' /etc/systemd/system/
sed -Ei '/^StandardError=[[:alpha:]]+$/aStandardOutput=journal\nSyslogFacility=local6' /etc/systemd/system/

#指定日誌檔案路徑
echo 'local6.*    /var/log/dhcprelay.log' > /etc/rsyslog.d/dhcprelay.conf

#重啟日誌檔案服務
systemctl restart rsyslog.service

#啟動dhcp-relay服務
systemctl daemon-reload
systemctl enable --now dhcrelay.service

相關文章