DHCP Kea - Security und Firewall Labor: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
 
(18 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 1: Zeile 1:
 
=Installation=
 
=Installation=
 
* Damit Hosts im LAN automatisch eine IP-Adresse erlangen, konfigurieren wir nun einen DHCP Server (Befehle ab hier finden auf der '''Firewall''' statt!)
 
* Damit Hosts im LAN automatisch eine IP-Adresse erlangen, konfigurieren wir nun einen DHCP Server (Befehle ab hier finden auf der '''Firewall''' statt!)
 +
;Debian
 +
* '''apt install -y kea'''
 +
;Rocky
 
* '''dnf install -y kea'''
 
* '''dnf install -y kea'''
 +
 
=Konfiguration=
 
=Konfiguration=
 
* '''vim ''/etc/kea/kea-dhcp4.conf'' '''
 
* '''vim ''/etc/kea/kea-dhcp4.conf'' '''
Zeile 8: Zeile 12:
 
   "Dhcp4": {
 
   "Dhcp4": {
 
     "interfaces-config": {
 
     "interfaces-config": {
       "interfaces": ["enp0s9"]
+
       "interfaces": [ "enp0s9" ]
 
     },
 
     },
 +
    "lease-database": {
 +
      "type": "memfile",
 +
      "persist": true,
 +
      "name": "/var/lib/kea/kea-leases4.csv"
 +
    },
 +
    "valid-lifetime": 600,
 +
    "max-valid-lifetime": 7200,
 
     "option-data": [
 
     "option-data": [
       { "name": "domain-name", "data": "it2xx.int" },
+
       { "name": "domain-name-servers", "data": "10.88.2XX.21" },
       { "name": "domain-name-servers", "data": "10.88.2xx.21" }
+
       { "name": "domain-name", "data": "it2XX.int" },
 +
      { "name": "domain-search", "data": "it2XX.int" }
 
     ],
 
     ],
    "valid-lifetime": 7200,
 
 
     "subnet4": [
 
     "subnet4": [
 
       {
 
       {
         "subnet": "172.26.2xx.0/24",
+
        "id": 1,
         "pools": [{ "pool": "172.26.2xx.50 - 172.26.2xx.70" }],
+
         "subnet": "172.26.2XX.0/24",
         "option-data": [
+
         "pools": [ { "pool": "172.26.2XX.50 - 172.26.2XX.100" } ],
          { "name": "routers", "data": "172.26.2xx.1" }
+
         "option-data": [ { "name": "routers", "data": "172.26.2XX.1" } ],
 +
        "reservations": [
 +
          { "hw-address": "aa:bb:cc:dd:ee:ff", "ip-address": "172.26.2XX.10", "hostname": "client" }  
 
         ]
 
         ]
 +
      }
 +
    ],
 +
    "loggers": [
 +
      {
 +
        "name": "kea-dhcp4",
 +
        "output_options": [ { "output": "/var/log/kea/kea-dhcp4.log" } ],
 +
        "severity": "INFO"
 
       }
 
       }
 
     ]
 
     ]
Zeile 27: Zeile 47:
 
}
 
}
 
</syntaxhighlight>
 
</syntaxhighlight>
* '''systemctl enable --now kea-dhcp4.service'''
+
* '''systemctl enable --now kea-dhcp4-server.service'''
  
 
=Status=
 
=Status=
* systemctl status kea-dhcp4.service
+
* systemctl status kea-dhcp4-server.service
 
<pre>
 
<pre>
 
● kea-dhcp4.service - Kea IPv4 DHCP daemon
 
● kea-dhcp4.service - Kea IPv4 DHCP daemon
Zeile 36: Zeile 56:
 
     Active: active (running) since Wed 2025-04-16 09:27:35 CEST; 29min ago
 
     Active: active (running) since Wed 2025-04-16 09:27:35 CEST; 29min ago
 
</pre>
 
</pre>
 
=Mac vom Client rausfinden=
 
;anfügen - nicht ersetzen
 
* cat /var/lib/kea/kea-leases4.csv
 
 
=Fixe IP=
 
* vi /etc/kea/kea-dhcp4.conf
 
<syntaxhighlight lang="json">
 
"reservations": [
 
  {
 
    "hw-address": "08:00:27:c7:35:47",
 
    "ip-address": "172.17.2xx.49"
 
  }
 
]
 
</syntaxhighlight>
 
;Die Reservations-Sektion gehört innerhalb des <code>subnet4</code>-Blocks
 
  
 
=Den DHCP neustarten=
 
=Den DHCP neustarten=
* systemctl restart kea-dhcp4.service
+
* systemctl restart kea-dhcp4-server.service
 
+
=Debugging=
=Client neustarten=
+
*systemctl status kea-dhcp4-server
* sudo reboot
+
*journalctl -n 20 -fu kea-dhcp4-server
;testen ob die IP-Adresse passt
+
*tail -f /var/log/kea/kea-dhcp4.log
 +
*ss -lnup | grep 67

Aktuelle Version vom 20. Mai 2026, 12:25 Uhr

Installation

  • Damit Hosts im LAN automatisch eine IP-Adresse erlangen, konfigurieren wir nun einen DHCP Server (Befehle ab hier finden auf der Firewall statt!)
Debian
  • apt install -y kea
Rocky
  • dnf install -y kea

Konfiguration

  • vim /etc/kea/kea-dhcp4.conf 
{
  "Dhcp4": {
    "interfaces-config": {
      "interfaces": [ "enp0s9" ]
    },
    "lease-database": {
      "type": "memfile",
      "persist": true,
      "name": "/var/lib/kea/kea-leases4.csv"
    },
    "valid-lifetime": 600,
    "max-valid-lifetime": 7200,
    "option-data": [
      { "name": "domain-name-servers", "data": "10.88.2XX.21" },
      { "name": "domain-name", "data": "it2XX.int" },
      { "name": "domain-search", "data": "it2XX.int" }
    ],
    "subnet4": [
      {
        "id": 1,
        "subnet": "172.26.2XX.0/24",
        "pools": [ { "pool": "172.26.2XX.50 - 172.26.2XX.100" } ],
        "option-data": [ { "name": "routers", "data": "172.26.2XX.1" } ],
        "reservations": [ 
          { "hw-address": "aa:bb:cc:dd:ee:ff", "ip-address": "172.26.2XX.10", "hostname": "client" } 
        ]
      }
    ],
    "loggers": [
      {
        "name": "kea-dhcp4",
        "output_options": [ { "output": "/var/log/kea/kea-dhcp4.log" } ],
        "severity": "INFO"
      }
    ]
  }
}
  • systemctl enable --now kea-dhcp4-server.service

Status

  • systemctl status kea-dhcp4-server.service
● kea-dhcp4.service - Kea IPv4 DHCP daemon
     Loaded: loaded (/usr/lib/systemd/system/kea-dhcp4.service; enabled)
     Active: active (running) since Wed 2025-04-16 09:27:35 CEST; 29min ago

Den DHCP neustarten

  • systemctl restart kea-dhcp4-server.service

Debugging

  • systemctl status kea-dhcp4-server
  • journalctl -n 20 -fu kea-dhcp4-server
  • tail -f /var/log/kea/kea-dhcp4.log
  • ss -lnup | grep 67
Abgerufen von „http://www.xinux.net/index.php?title=DHCP_Kea_-_Security_und_Firewall_Labor&oldid=70287