Ubuntu server 12.04/dhcp
From Attie's Wiki
apt-get install isc-dhcp-server
Contents |
Control the Server
service isc-dhcp-server start
Check the config (it just fails to start if there is an error):
/usr/sbin/dhcpd -d -t
Configuring DHCP
The config file is: /etc/dhcp/dhcpd.conf
Todo:
- DDNS updates (
ddns-update-style
) - iSCSI hosts
Sample
Sample contents of /etc/dhcp/dhpcd.conf
:
# Attention: If /etc/ltsp/dhcpd.conf exists, that will be used as # configuration file instead of this file. # The ddns-updates-style parameter controls whether or not the server will # attempt to do a DNS update when a lease is confirmed. We default to the # behavior of the version 2 packages ('none', since DHCP v2 didn't # have support for DDNS.) ddns-update-style none; # Allow each client to have exactly one lease, and expire # old leases if a new DHCPDISCOVER occurs one-lease-per-client true; # Tell the server to look up the host name in DNS get-lease-hostnames true; # 10 min in seconds default-lease-time 600; # 1 hr in seconds max-lease-time 36000; authoritative; log-facility local7; # gPXE-specific encapsulated options option space gpxe; option gpxe-encap-opts code 175 = encapsulate gpxe; option gpxe.priority code 1 = signed integer 8; option gpxe.keep-san code 8 = unsigned integer 8; option gpxe.no-pxedhcp code 176 = unsigned integer 8; option gpxe.bus-id code 177 = string; option gpxe.bios-drive code 189 = unsigned integer 8; option gpxe.username code 190 = string; option gpxe.password code 191 = string; option gpxe.reverse-username code 192 = string; option gpxe.reverse-password code 193 = string; option gpxe.version code 235 = string; ### # layout: # # 1 # : 127x Static addresses # 127 # ----- # 128 # : 97x Dynamic addresses # 224 # ----- # 225 # : 30x Infrastructure addresses (router, server etc) # 254 # ### subnet 192.168.0.0 netmask 255.255.255.0 { option broadcast-address 192.168.0.255; option routers 192.168.0.254; option domain-name "attie.co.uk"; option domain-name-servers 192.168.0.149, 192.168.0.254; # try to convince clients that DHCP should tell them what thier hostname is use-host-decl-names on; # PXE configuration next-server boot.attie.co.uk; server-name "boot.attie.co.uk"; filename "./pxelinux.0"; ### # 1 # : 127x Static addresses # 127 ### pool { range dynamic-bootp 192.168.0.1 192.168.0.127; # physical machines : 1 -> 32 host baloo { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.1; } # desktop host piglet { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.2; } # phone host roo { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.3; } # laptop (wireless / common) host lan.roo { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.4; } # laptop (wired / uncommon) host gnat { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.5; } # netbook (wireless / common) host lan.gnat { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.6; } # netbook (wired / uncommon) # virtual machines : 33 -> 127 host tigger { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.33; } # tigger } ### # 128 # : 97x Dynamic addresses # 224 ### pool { option domain-name "dhcp.attie.co.uk"; range dynamic-bootp 192.168.0.192 192.168.0.224; allow unknown-clients; } ### # 225 # : 30x Infrastructure addresses (router, server etc) # 254 ### pool { range dynamic-bootp 192.168.0.225 192.168.0.254; host akela { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.251; } # atom / server host router { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.254; } # router } }
Locate a Rogue Server
You will need scapy installed, and you will need to be root.
apt-get install scapy
#!/usr/bin/env python import sys import scapy from scapy.all import * conf.verbose = 0 conf.checkIPaddr = False fam,hw = get_if_raw_hwaddr(conf.iface) dhcp_discover = Ether(dst="ff:ff:ff:ff:ff:ff")/IP(src="0.0.0.0",dst="255.255.255.255")/UDP(sport=68,dport=67)/BOOTP(chaddr=hw)/DHCP(options=[("message-type","discover"),"end"]) ans, unans = srp(dhcp_discover, multi=True, timeout=10) for p in ans: print p[1][Ether].src, p[1][IP].src