| SUSE LINUX – Administration Guide Chapter 22. Linux in the Network / 22.11. DHCP | ||||
|---|---|---|---|---|
 | 22.10. NFS — Shared File Systems | 22.12. Time Synchronization with xntp |  | |
| SUSE LINUX – Administration Guide Chapter 22. Linux in the Network / 22.11. DHCP | ||||
|---|---|---|---|---|
| 22.10. NFS — Shared File Systems | 22.12. Time Synchronization with xntp | | |
The purpose of the dynamic host configuration protocol (DHCP) is to assign network settings centrally from a server rather than configuring them locally on each and every workstation. A client configured to use DHCP does not have control over its own static address. It is enabled to configure itself completely and automatically according to directions from the server.
One way to use DHCP is to identify each client using the hardware address of its network card (which is fixed in most cases) then supply that client with identical settings each time it connects to the server. DHCP can also be configured so the server assigns addresses to each interested host dynamically from an address pool set up for that purpose. In the latter case, the DHCP server tries to assign the same address to the client each time it receives a request from it, even over longer periods. This, of course, only works as long as the network does not have more hosts than addresses.
With these possibilities, DHCP can make life easier for system administrators in two ways. Any changes (even bigger ones) related to addresses and the network configuration in general can be implemented centrally by editing the server's configuration file. This is much more convenient than reconfiguring lots of client machines. Also it is much easier to integrate machines, particularly new machines, into the network, as they can be given an IP address from the pool. Retrieving the appropriate network settings from a DHCP server can be especially useful in the case of laptops regularly used in different networks.
A DHCP server supplies not only the IP address and the netmask, but also the host name, domain name, gateway, and name server addresses for the client to use. In addition to that, DHCP allows for a number of other parameters to be configured in a centralized way, for example, a time server from which clients may poll the current time or even a print server.
The following section shows how to use the DHCP server dhcpd in a network to manage its entire configuration from one central point.
Both a DHCP server and DHCP clients are available for SUSE LINUX. The DHCP server available is dhcpd (published by the Internet Software Consortium). On the client side, choose between two different DHCP client programs: dhclient (also from ISC) and the DHCP client daemon in the dhcpcd package.
SUSE LINUX installs dhcpcd by default. The program is very easy to handle and is launched automatically on each system boot to watch for a DHCP server. It does not need a configuration file to do its job and works out of the box in most standard setups. For more complex situations, use the ISC dhclient, which is controlled by means of the configuration file /etc/dhclient.conf.
The core of any DHCP system is the dynamic host configuration protocol daemon. This server leases addresses and watches how they are used, according to the settings defined in the configuration file /etc/dhcpd.conf. By changing the parameters and values in this file, a system administrator can influence the program's behavior in numerous ways. Look at the basic sample /etc/dhcpd.conf file in Example 22.30. “The Configuration File /etc/dhcpd.conf”.
Example 22.30. The Configuration File /etc/dhcpd.conf
default-lease-time 600; # 10 minutes
max-lease-time 7200; # 2 hours
option domain-name "cosmos.all";
option domain-name-servers 192.168.1.1, 192.168.1.2;
option broadcast-address 192.168.1.255;
option routers 192.168.1.254;
option subnet-mask 255.255.255.0;
subnet 192.168.1.0 netmask 255.255.255.0
{
range 192.168.1.10 192.168.1.20;
range 192.168.1.100 192.168.1.200;
}
This simple configuration file should be sufficient to get the DHCP server to assign IP addresses in the network. Make sure a semicolon is inserted at the end of each line, because otherwise dhcpd will not be started.
The above sample file can be divided into three sections. The first one defines how many seconds an IP address is leased to a requesting host by default (default-lease-time) before it should apply for renewal. The section also includes a statement of the maximum period for which a machine may keep an IP address assigned by the DHCP server without applying for renewal (max-lease-time).
In the second part, some basic network parameters are defined on a global level:
The line option domain-name defines the default domain of your network.
With the entry option domain-name-servers, specify up to three values for the DNS servers used to resolve IP addresses into host names (and vice versa). Ideally, configure a name server on your machine or somewhere else in your network before setting up DHCP. That name server should also define a host name for each dynamic address and vice versa. To learn how to configure your own name server, read 22.7. “DNS — Domain Name System”.
The line option broadcast-address defines the broadcast address to be used by the requesting host.
With option routers, tell the server where to send data packets that cannot be delivered to a host on the local network (according to the source and target host address and the subnet mask provided). In most cases, especially in smaller networks, this router is identical to the Internet gateway.
With option subnet-mask, specify the netmask assigned to clients.
The last section of the file is there to define a network, including a subnet mask. To finish, specify the address range that the DHCP daemon should use to assign IP addresses to interested clients. In this example, clients may be given any address between 192.168.1.10 and 192.168.1.20 as well as 192.168.1.100 and 192.168.1.200.
After editing these few lines, you should be able to activate the DHCP daemon with the command rcdhcpd start. It will be ready for use immediately. Use the command rcdhcpd check-syntax to perform a brief syntax check. If you encounter any unexpected problems with your configuration — the server aborts with an error or does not return done on start — you should be able to find out what has gone wrong by looking for information either in the main system log /var/log/messages or on console 10 (Ctrl-Alt-F10).
On a default SUSE LINUX system, the DHCP daemon is started in a chroot environment for security reasons. The configuration files must be copied to the chroot environment so the daemon can find them. Normally, there is no need to worry about this because the command rcdhcpd start automatically copies the files.
As mentioned above, DHCP can also be used to assign a predefined, static address to a specific host for each request. Addresses assigned explicitly always take priority over dynamic addresses from the pool. Furthermore, a static address never expires in the way a dynamic address would, for example, if there were not enough addresses available so the server needed to redistribute them among hosts.
To identify a host configured with a static address, dhcpd uses the hardware address, which is a globally unique, fixed numerical code consisting of six octet pairs for the identification of all network devices (for example 00:00:45:12:EE:F4). If the respective lines, like the ones in Example 22.31. “Additions to the Configuration File”, are added to the configuration file of Example 22.30. “The Configuration File /etc/dhcpd.conf”, the DHCP daemon always assigns the same set of data to the corresponding host under all circumstances.
Example 22.31. Additions to the Configuration File
host earth {
hardware ethernet 00:00:45:12:EE:F4;
fixed-address 192.168.1.21;
}
The name of the respective host (host hostname, here earth) is entered in the first line and the MAC address in the second line. On Linux hosts, this address can be determined with the command ifstatus followed by the network device (for example, eth0). If necessary, activate the network card first with ifup eth0. The output should contain something like
link/ether 00:00:45:12:EE:F4
In the above example, a host with a network card having the MAC address 00:00:45:12:EE:F4 is assigned the IP address 192.168.1.21 and the host name earth automatically. The type of hardware to enter is ethernet in nearly all cases, although token-ring, which is often found on IBM systems, is also supported.
To improve security, the SUSE version of the ISC's DHCP server comes with the non-root/chroot patch by Ari Edelkind applied. This enables dhcpd to run with the user ID nobody and run in a chroot environment (/var/lib/dhcp. To make this possible, the configuration file dhcpd.conf must be located in /var/lib/dhcp/etc. The init script automatically copies the file to this directory when starting.
The server's behavior with regard to this feature can be controlled by means of entries in the file /etc/sysconfig/dhcpd. To run dhcpd without the chroot environment, set the variable DHCPD_RUN_CHROOTED in /etc/sysconfig/dhcpd to “no”.
To enable dhcpd to resolve host names even from within the chroot environment, some other configuration files must be copied as well:
/etc/localtime
/etc/host.conf
/etc/hosts
/etc/resolv.conf
These files are copied to /var/lib/dhcp/etc/ when starting the init script. These copies must be taken into account for any changes that they require, if they are dynamically modified by scripts like /etc/ppp/ip-up. However, there should be no need to worry about this if the configuration file only specifies IP addresses (instead of host names).
If your configuration includes additional files that should be copied into the chroot environment, specify these under the variable DHCPD_CONF_INCLUDE_FILES in the file etc/sysconfig/dhcpd. To make sure the DHCP logging facility keeps working even after a restart of the syslog daemon, it is necessary to add the option "-a /var/lib/dhcp/dev/log" under SYSLOGD_PARAMS in the file /etc/sysconfig/syslog.
The YaST DHCP module allows you to set up your own DHCP server for the local network. The module can work in two different modes:
When starting the module for the first time, you will be prompted to make just a few basic decisions concerning the server administration. After completing this initial setup, the server is ready to go with a configuration that should be suitable for most basic scenarios.
This expert mode lets you configure more advanced settings, such as those related to dynamic DNS, TSIG management, and others.
![[Tip]](admon/tip.png) | Navigating in the Expert Module and Displaying Help Texts |
|---|---|
All dialogs of the DHCP module have a similar layout. The left part of the dialog window displays a tree view for accessing the individual configuration steps. The selected configuration dialog is displayed to the right. To get help for the current dialog, click the life preserver icon at the bottom left of the window. To close the help window and go back to the tree, click the icon depicting a tree structure. | |
After launching the module for the first time, YaST starts a four-part configuration wizard. You can set up a basic DHCP server by completing this wizard.
In the first step, YaST looks for the network interfaces available on your system then displays them in a list. From the list, select the interface on which the DHCP server should listen and select to open the firewall for this interface. See Figure 22.30. “DHCP Server: Selecting the Network Interface”.
In the entry fields, provide the network specifics for all clients the DHCP server should manage. These specifics are the domain name, the address of a time server, the addresses of the primary and the secondary name server, the addresses of a print and a WINS server (in case you have a mixed network with both Windows and Linux clients), the gateway address, and the lease time. See Figure 22.31. “DHCP Server: Global Settings”.
In this step, configure how dynamic IP addresses should be assigned to clients. To do so, specify an IP range from which the server can assign addresses to DHCP clients. All these addresses must be covered by the same netmask. Also specify the lease time during which a client may keep its IP address without needing to request an extension of the lease. Optionally, specify the maximum lease time — the period during which the server reserves an IP address for a particular client (see Figure 22.32. “DHCP Server: Dynamic DHCP”).
After the third part of the configuration wizard, a last dialog is shown in which to define how the DHCP server should be started. Here, determine whether to start the DHCP server automatically when the system is booted or to start it manually (e.g., for test purposes) when needed. Click to complete the configuration of the server. See Figure 22.33. “DHCP Server: Start-Up”.
More information about DHCP is available at the web site of the Internet Software Consortium (http://www.isc.org/products/DHCP/). Information is also available in the manual pages of dhcpd, dhcpd.conf, dhcpd.leases, and dhcp-options.
