dhcp and bootup server

-
There is currently a howto on configuring a DHCP server but it is three years old, however the DHCP server version 2-0 or later from the Internet Software Consortium comes with good documentation. There may be some quirks in the install depending on your system and what you are trying to do. My installation is Redhat 6.1 and I will mainly cover that, but will give alternatives that should cover most Linux versions.

Pre-installation and Kernel setup

Before you do an install, or configuration for DHCP you need the following kernel options installed.
  1. TCP/IP networking enabled
  2. MULTICAST enabled - To check to see if MULTICAST is enabled, type "ifconfig -a". You should see "MULTICAST" listed in your outputs for your ethernet devices.
  3. CONFIG_PACKET=y
  4. CONFIG_FILTER=y
If you need to re-compile your kernel, follow the instructions on the section or the howto on the kernel. If you make the CONFIG_PACKET and CONFIG_FILTER options modular, you will need to add lines in your /etc/rc.d/rc.local file to load these two modules.

Installation
If you have a relatively modern Linux version, you should already have the dchpd server program installed on your system. To tell type "whereis dhcpd" and if you get a dchpd program listed usually in /usr/sbin, you should be set for the configuration. If you don't have a modern Linux version, kernel 2.1.x or later, go get one since support for dhcp can be very hard to do and has bugs on older systems. Also there is better networking support in many areas with newer Linux versions and kernels.
Steps to install:
  1. Download the source file from the internet software consortium at httpd:\\www.isc.org.
  2. Put the file on your system in /usr/local/src.
  3. Enter the command "tar xvzf dhcp-2.0.tar.gz" (modify the command for your filename/version). See the section on "Package Installation".
  4. Type "cd dhcp-2.0" or the proper name of your directory created by tar.
  5. Type "./configure".
  6. Type "make". You may want to check the symbolic link file "usr/include/asm" to be sure it is point to the correct location for the kernel asm headers. On Redhat 6.1 that location is /usr/srclinux/include/asm. This should be seen in the file as: 
    lrwxrwxrwx  1 root   root   24 Dec 17 05:07 /usr/include/asm -> ../src/linux/include/asm
    You may need to delete the file and recreate it with the "ln" command with the following commands:
    1. cd /usr/include
    2. rm src
    3. ln -s ../src/linux/include/asm asm

  7. Type "make install". This copies the man pages and binaries to their correct locations.

Configuration

In my configuration, I used my second network interface (eth1) to provide DHCP services to a subnet. You will most likely use eth0, but you will need to substitute your correct network interface in the example.
  1. To get the DHCP server to work for windows clients and possible other clients you must add a route to your route table to enable the sending of packets to the IP destination address 255.255.255.255. There are two ways to do this as follows: (pick one)
    1. Modify your /etc/sysconfig/static-routes file and add the following line:
      eth1 net 255.255.255.255 netmask 255.255.255.255
      Notes:
      • With this entry in static-routes, it does not show up in the Redhat "netconf" configuration tool. I think it is because there is no gateway specified. You could set it up in netconf under "Routing and gateways", "routes to alternate local nets" and set the network to 255.255.255.255, the netmask to the same, with the interface as eth1 (or eth0 or whatever device you are using). It shows up in the static routes file as "any-net 255.255.255.255 netmask 255.255.255.255 gw eth1". However, I'm not sure setting it this way with nettool will work.
      • To implement this change you will need to do one of the following:
        • Reboot
        • Type "/etc/rc.d/init.d/network restart"
        • Type "route add -host 255.255.255.255 dev eth1"

    2. Add the following command to your /etc/rc.d/rc.local file:
      route add -host 255.255.255.255 dev eth1
      Then reboot or type the same command on the command line.

  2. Much documentation says you need to issue the command:
    echo 1 >/proc/sys/net/ipv4/ip_bootp_agent
    This command does not work for me on Redhat 6.1. This is because the permissions on the /proc files and in particular the /proc/sys directory will not allow write permission, even to root. This may be because kernel variables are stored here. I think this command is only needed for version 2.1.x kernels and is not needed for 2.2 version or higher kernels. My system works without it and I run kernel 2.2.14.

  3. Issue the command "touch /var/state/dhcp/dhcpd.leases". This will create an empty leases file which is required to run the dhcpd program.

  4. Create a /etc/dhcpd.conf file similar to the following: 
    subnet 192.168.199.0 netmask 255.255.255.0 {
# --- default gateway
 option routers   192.168.199.1;
 option subnet-mask  255.255.255.0;

 option nis-domain  "mynet.net";
 option domain-name  "mynet.net";
 option domain-name-servers 192.168.199.1;

 option time-offset  -5; # Eastern Standard Time
# option ntp-servers  192.168.199.1;
# option netbios-name-servers 192.168.199.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
# option netbios-node-type 2;

 default-lease-time 1209600;  # 2 weeks
 max-lease-time 1814400;  # 3 weeks

 range 192.168.199.10 192.168.199.250;

 # we want the nameserver to appear at a fixed address
 host nameserver {
  next-server nameserver.mynet.net;
  hardware ethernet 00:10:4b:ca:db:b5;
  fixed-address 192.168.199.1;
 }
}
    You can use this file or use the example file in /usr/doc/dhcp-2.0/dhcpd.conf.sample. In my setup my network is 192.168.199.0 with a netmask of 255.255.255.255. My nameserver and gateway is 192.168.199.1. My domain is called "mynet.net".

  5. According to the documentation, if your DHCP packets must go through a firewall you will need to allow packets from IP address 0.0.0.0 through 255.255.255.255 on UDP ports 67 and 68. I think this would be correct but you would need to allow packets on IP addresses 0.0.0.0 and 255.255.255.255, along with any packets that involve your network. For example if your network and subnets are covered under the numbers 10.1.x.x, you would need to allow any packets on 10.1.x.x, 0.0.0.0, and 255.255.255.255 on ports 67 and 68.

  6. You need to start the dhcp server one of the following ways.
    1. Use linuxconf in "control panel", "control service activity", select dhcpd, select "start", then select the "enabled" box.
    2. Type "/etc/rc.d/init.d/dhcpd start" to begin the service. You can add this line to your /etc/rc.d/rc.local script but usually you want to add a link to it from one of your runlevel startup directories such as /etc/rc.d/rc3.d/S65dhcpd. You may also want to add a link in the file /etc/rc.d/rc5.d to run on bootups to X. If you do this you'll also want to add kill links to it in the shutdown runlevels such as K35dhcpd in /etc/rc.d/rc0.d, rc1.d, rc2.d, and rc6.d.

  7. If you get errors, one thing to check is to be sure you are not also running a BOOTP server at the same time. Also check your /etc/dhcpd.conf file.

  8. Why doesn't my DHCP server update my DNS entries? This function is not yet implemented in version 2.0, but the ISC is working on implementing it in version 3.0. There is an issue from a security standpoint of who owns the DNS records. Specifically the A record and to a certain extent the PTR record. According to the ISC, it is likely the server will update the records initially whether it be the "right thing to do" or not.

Configuration File Options

The configuration file is /etc/dhcpd.conf. Its options are:
  • option broadcast-address - Broadcast address in my case would be "option broadcast-address 192.168.199.255;".
  • option dhcp-client-identifier - String rather than hardware address used to identify DHCP clients.
  • option domain-name - The name of the domain the DHCP server is serving.
  • option domain-name-servers - The address(es) of the DNS servers on the domain. Ex: "option domain-name-servers 192.168.199.1, 192.168.199.5;" The names are separated by a comma and whitespace with a semicolon ending the line.
  • option host-name - The client's host name.
  • option lpr-servers - Lists print server addresses.
  • option nntp-server - Network News Transfer Protocol (NNTP) server address
  • option pop-server - Mail server address.
  • option routers - The default router address.
  • option smtp-server - The SMTP e-mail server address(es).
  • option subnet-mask - The subnet mask is not necessary since the subnet statement (see example file) contains a netmask value.
  • option time-offset - The difference between your time zone and the Coordinated Universal Time.
  • option netbios-name-servers - Define the address of the NBNS name server for samba services.

BOOTP Server

Installing BOOTP is a step back from installing DHCP but it can offer capabilities independent of DHCP such as remote booting specific client computers.

BOOTP Installation

  1. Get bootpd-2.4.tar.gz and put it in a appropriate directory such as "/usr/local".
  2. Type: "tar xvzf bootbd-2.4.tar.gz" which will make a directory "bootpd-2.4" full of files.
  3. Read the README and README-linux files then type "make install".
  4. Copy the executables to the "/usr/sbin" directory.
  5. Copy the man pages to their appropriate directories by typing "cp *.8 /usr/man/man8" and "cp *.5 /usr/man/man5".
  6. Read the manual on bootp, and bootptab.

Configuration

  1. You can invoke bootp services in redhat linux as an independent daemon by doing (choice A) below or from the internet super daemon by doing (choice B). Choice A:
    1. Using linuxconf set the bootparamd service to active.
    2. Modify the "bootparamd" file in the directory "/etc/rc.d/init.d" so that everywhere "rpc.bootparamd" occurs, you substitute "bootpd –d".
    3. Reboot your system or type "/etc/rc.d/init.d/bootparamd restart".
    Choice B:
    1. With bootparamd services off, add the following line in the file "/etc/inetd.conf": bootps dgram udp wait root /usr/sbin/tcpd bootpd -d
    2. Type "killall -HUP inetd".
  2. Make the file "/etc/bootptab" as shown below: 
    global.prof:\
 :sm=255.255.0.0:\
 :ds=10.1.0.100:\
 :gw=10.1.0.1:\
 :ht=ethernet:\
 :bf=dosimage:
dos1:td=/tftpboot:hd=/bootfiles:tc=global.prof:ha=006097baa5a2:ip=10.1.0.101
    This makes the name of the machine "dos1" with an IP address of "10.1.0.101" and the bootfile to load in "/tftpboot/bootfiles/dosimage".
  3. Add the machine's name and address to the following files:
    1. /etc/hosts
    2. /var/named/db.mycompany.com.hosts
    3. /var/named/db.10.1.hosts

Comments

Post a Comment

Popular posts from this blog

Running web ssh client on port 443 /80 with nginx as reverse proxy

-
Package used         : shellinabox , nginx Repository used        : epel-release Linux distro used    : Centos 7.6 nginx reverse proxy server ip : 192.168.1.65 shellinabox web ssh server ip : 192.168.1.111 login to web ssh server first install epel-repo # yum install epel-release -y install shellinabox package # yum -y install shellinabox start and enable shellinaboxd service # systemctl enable shellinaboxd && systemctl start shellinaboxd By default shellinaboxd service starts with ssl port 4200 for us to run this in a reverse proxy environment need to make this as insecure hence the encryption will be done by nginx to end user. edit file /etc/sysconfig/shellinabox  like bellow- USER=shellinabox GROUP=shellinabox CERTDIR=/var/lib/shellinabox PORT=4200 OPTS="--disable-ssl-menu -s /:LOGIN" OPTS="-t -s /:SSH:192.168.1.111" save file exit and restart service # systemctl restart shellinaboxd Now open firewall for listening port 4200 from nginx proxy server only #
Read more

Running cockpit behind nginx reverse proxy with nginx ssl and cockpit non ssl

-
Domain for web access to cockpit : cockpit.mylab.local cockpit server ip : 192.168.1.61 nginx server ip   : 192.168.1.65 Linux distro using is Centos 7.6 Login to cockpit server Create a file [root@repo ~]# vim /etc/cockpit/cockpit.conf content will be like [WebService] Origins = https://cockpit.mylab.local wss://cockpit.mylab.local ProtocolHeader = X-Forwarded-Proto AllowUnencrypted = true save and restart cockpit # systemctl restart cockpit now  login to your nginx webserver and install nginx # yum install nginx -y create a new file vim /etc/nginx/conf.d/cockpit.conf paste content as bellow server {     listen         80;     listen         443 ssl http2;     server_name    cockpit.mylab.local;     ssl_certificate /etc/ssl/certs/cockpit-selfsigned.crt;     ssl_certificate_key  /etc/ssl/private/cockpit-selfsigned.key;     location / {         proxy_pass http://192.168.1.61:9090;         proxy_set_header Host $host;         proxy_http_version 1.1;
Read more

Setup VOD streaming server with nginx using RTMP on Ubuntu 18.04

-
Install required packages for source code nginx build # apt-get install -y build-essential ca-certificates wget curl libpcre3 libpcre3-dev autoconf unzip automake libtool tar git libssl-dev zlib1g-dev uuid-dev lsb-release vim htop sysstat ufw fail2ban makepasswd libgd-dev libgeoip-dev -y create a directory # mkdir /usr/local/src/nginx/ # cd /usr/local/src/nginx/ download and extract nginx tar # wget -qO- http://nginx.org/download/nginx-1.14.2.tar.gz | tar zxf - clone nginx rtmp module # git clone https://github.com/arut/nginx-rtmp-module Download other modules - PCRE version 8.42 # wget https://ftp.pcre.org/pub/pcre/pcre-8.42.tar.gz && tar xzvf pcre-8.42.tar.gz - zlib version 1.2.11 # wget https://www.zlib.net/zlib-1.2.11.tar.gz && tar xzvf zlib-1.2.11.tar.gz - OpenSSL version 1.1.0h # wget https://www.openssl.org/source/openssl-1.1.0h.tar.gz && tar xzvf openssl-1.1.0h.tar.gz # cd nginx-1.14.2/ configure  nginx with modules and options # ./configure --add-modu
Read more