Ubuntu server 12.04/dhcp
From Attie's Wiki
(Difference between revisions)
(Created page with "Ubuntu Server 12.04 <source lang="bash"> apt-get install isc-dhcp-server </source> ==Control the Server== <source lang="text"> service isc-dhcp-server...") |
m (→Locate a Rogue Server) |
||
(4 intermediate revisions by one user not shown) | |||
Line 11: | Line 11: | ||
Check the config (it just fails to start if there is an error): | Check the config (it just fails to start if there is an error): | ||
<source lang="text"> | <source lang="text"> | ||
− | /usr/sbin/dhcpd -d - | + | /usr/sbin/dhcpd -d -t |
</source> | </source> | ||
Line 19: | Line 19: | ||
====Todo:==== | ====Todo:==== | ||
* DDNS updates (<code>ddns-update-style</code>) | * DDNS updates (<code>ddns-update-style</code>) | ||
+ | * iSCSI hosts | ||
+ | |||
+ | ====Sample==== | ||
+ | Sample contents of <code>/etc/dhcp/dhpcd.conf</code>: | ||
+ | <source lang="text"> | ||
+ | # Attention: If /etc/ltsp/dhcpd.conf exists, that will be used as | ||
+ | # configuration file instead of this file. | ||
+ | |||
+ | # The ddns-updates-style parameter controls whether or not the server will | ||
+ | # attempt to do a DNS update when a lease is confirmed. We default to the | ||
+ | # behavior of the version 2 packages ('none', since DHCP v2 didn't | ||
+ | # have support for DDNS.) | ||
+ | ddns-update-style none; | ||
+ | |||
+ | # Allow each client to have exactly one lease, and expire | ||
+ | # old leases if a new DHCPDISCOVER occurs | ||
+ | one-lease-per-client true; | ||
+ | |||
+ | # Tell the server to look up the host name in DNS | ||
+ | get-lease-hostnames true; | ||
+ | |||
+ | # 10 min in seconds | ||
+ | default-lease-time 600; | ||
+ | # 1 hr in seconds | ||
+ | max-lease-time 36000; | ||
+ | |||
+ | authoritative; | ||
+ | log-facility local7; | ||
+ | |||
+ | # gPXE-specific encapsulated options | ||
+ | option space gpxe; | ||
+ | option gpxe-encap-opts code 175 = encapsulate gpxe; | ||
+ | option gpxe.priority code 1 = signed integer 8; | ||
+ | option gpxe.keep-san code 8 = unsigned integer 8; | ||
+ | option gpxe.no-pxedhcp code 176 = unsigned integer 8; | ||
+ | option gpxe.bus-id code 177 = string; | ||
+ | option gpxe.bios-drive code 189 = unsigned integer 8; | ||
+ | option gpxe.username code 190 = string; | ||
+ | option gpxe.password code 191 = string; | ||
+ | option gpxe.reverse-username code 192 = string; | ||
+ | option gpxe.reverse-password code 193 = string; | ||
+ | option gpxe.version code 235 = string; | ||
+ | |||
+ | ### | ||
+ | # layout: | ||
+ | # | ||
+ | # 1 | ||
+ | # : 127x Static addresses | ||
+ | # 127 | ||
+ | # ----- | ||
+ | # 128 | ||
+ | # : 97x Dynamic addresses | ||
+ | # 224 | ||
+ | # ----- | ||
+ | # 225 | ||
+ | # : 30x Infrastructure addresses (router, server etc) | ||
+ | # 254 | ||
+ | # | ||
+ | ### | ||
+ | |||
+ | subnet 192.168.0.0 netmask 255.255.255.0 { | ||
+ | option broadcast-address 192.168.0.255; | ||
+ | |||
+ | option routers 192.168.0.254; | ||
+ | option domain-name "attie.co.uk"; | ||
+ | option domain-name-servers 192.168.0.149, 192.168.0.254; | ||
+ | |||
+ | # try to convince clients that DHCP should tell them what thier hostname is | ||
+ | use-host-decl-names on; | ||
+ | |||
+ | # PXE configuration | ||
+ | next-server boot.attie.co.uk; | ||
+ | server-name "boot.attie.co.uk"; | ||
+ | filename "./pxelinux.0"; | ||
+ | |||
+ | ### | ||
+ | # 1 | ||
+ | # : 127x Static addresses | ||
+ | # 127 | ||
+ | ### | ||
+ | pool { | ||
+ | range dynamic-bootp 192.168.0.1 192.168.0.127; | ||
+ | |||
+ | # physical machines : 1 -> 32 | ||
+ | host baloo { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.1; } # desktop | ||
+ | host piglet { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.2; } # phone | ||
+ | host roo { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.3; } # laptop (wireless / common) | ||
+ | host lan.roo { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.4; } # laptop (wired / uncommon) | ||
+ | host gnat { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.5; } # netbook (wireless / common) | ||
+ | host lan.gnat { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.6; } # netbook (wired / uncommon) | ||
+ | # virtual machines : 33 -> 127 | ||
+ | host tigger { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.33; } # tigger | ||
+ | } | ||
+ | |||
+ | ### | ||
+ | # 128 | ||
+ | # : 97x Dynamic addresses | ||
+ | # 224 | ||
+ | ### | ||
+ | pool { | ||
+ | option domain-name "dhcp.attie.co.uk"; | ||
+ | range dynamic-bootp 192.168.0.192 192.168.0.224; | ||
+ | allow unknown-clients; | ||
+ | } | ||
+ | |||
+ | ### | ||
+ | # 225 | ||
+ | # : 30x Infrastructure addresses (router, server etc) | ||
+ | # 254 | ||
+ | ### | ||
+ | pool { | ||
+ | range dynamic-bootp 192.168.0.225 192.168.0.254; | ||
+ | |||
+ | host akela { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.251; } # atom / server | ||
+ | host router { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.254; } # router | ||
+ | } | ||
+ | |||
+ | } | ||
+ | </source> | ||
+ | |||
+ | ==Locate a Rogue Server== | ||
+ | You will need scapy installed, and you will need to be root. | ||
+ | <source lang="bash"> | ||
+ | apt-get install scapy | ||
+ | </source> | ||
+ | |||
+ | <source lang="python"> | ||
+ | #!/usr/bin/env python | ||
+ | |||
+ | import sys | ||
+ | import scapy | ||
+ | from scapy.all import * | ||
+ | |||
+ | conf.verbose = 0 | ||
+ | conf.checkIPaddr = False | ||
+ | fam,hw = get_if_raw_hwaddr(conf.iface) | ||
+ | dhcp_discover = Ether(dst="ff:ff:ff:ff:ff:ff")/IP(src="0.0.0.0",dst="255.255.255.255")/UDP(sport=68,dport=67)/BOOTP(chaddr=hw)/DHCP(options=[("message-type","discover"),"end"]) | ||
+ | ans, unans = srp(dhcp_discover, multi=True, timeout=10) | ||
+ | for p in ans: print p[1][Ether].src, p[1][IP].src | ||
+ | </source> |
Latest revision as of 14:51, 14 March 2013
apt-get install isc-dhcp-server
Contents |
[edit] Control the Server
service isc-dhcp-server start
Check the config (it just fails to start if there is an error):
/usr/sbin/dhcpd -d -t
[edit] Configuring DHCP
The config file is: /etc/dhcp/dhcpd.conf
[edit] Todo:
- DDNS updates (
ddns-update-style
) - iSCSI hosts
[edit] Sample
Sample contents of /etc/dhcp/dhpcd.conf
:
# Attention: If /etc/ltsp/dhcpd.conf exists, that will be used as # configuration file instead of this file. # The ddns-updates-style parameter controls whether or not the server will # attempt to do a DNS update when a lease is confirmed. We default to the # behavior of the version 2 packages ('none', since DHCP v2 didn't # have support for DDNS.) ddns-update-style none; # Allow each client to have exactly one lease, and expire # old leases if a new DHCPDISCOVER occurs one-lease-per-client true; # Tell the server to look up the host name in DNS get-lease-hostnames true; # 10 min in seconds default-lease-time 600; # 1 hr in seconds max-lease-time 36000; authoritative; log-facility local7; # gPXE-specific encapsulated options option space gpxe; option gpxe-encap-opts code 175 = encapsulate gpxe; option gpxe.priority code 1 = signed integer 8; option gpxe.keep-san code 8 = unsigned integer 8; option gpxe.no-pxedhcp code 176 = unsigned integer 8; option gpxe.bus-id code 177 = string; option gpxe.bios-drive code 189 = unsigned integer 8; option gpxe.username code 190 = string; option gpxe.password code 191 = string; option gpxe.reverse-username code 192 = string; option gpxe.reverse-password code 193 = string; option gpxe.version code 235 = string; ### # layout: # # 1 # : 127x Static addresses # 127 # ----- # 128 # : 97x Dynamic addresses # 224 # ----- # 225 # : 30x Infrastructure addresses (router, server etc) # 254 # ### subnet 192.168.0.0 netmask 255.255.255.0 { option broadcast-address 192.168.0.255; option routers 192.168.0.254; option domain-name "attie.co.uk"; option domain-name-servers 192.168.0.149, 192.168.0.254; # try to convince clients that DHCP should tell them what thier hostname is use-host-decl-names on; # PXE configuration next-server boot.attie.co.uk; server-name "boot.attie.co.uk"; filename "./pxelinux.0"; ### # 1 # : 127x Static addresses # 127 ### pool { range dynamic-bootp 192.168.0.1 192.168.0.127; # physical machines : 1 -> 32 host baloo { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.1; } # desktop host piglet { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.2; } # phone host roo { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.3; } # laptop (wireless / common) host lan.roo { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.4; } # laptop (wired / uncommon) host gnat { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.5; } # netbook (wireless / common) host lan.gnat { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.6; } # netbook (wired / uncommon) # virtual machines : 33 -> 127 host tigger { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.33; } # tigger } ### # 128 # : 97x Dynamic addresses # 224 ### pool { option domain-name "dhcp.attie.co.uk"; range dynamic-bootp 192.168.0.192 192.168.0.224; allow unknown-clients; } ### # 225 # : 30x Infrastructure addresses (router, server etc) # 254 ### pool { range dynamic-bootp 192.168.0.225 192.168.0.254; host akela { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.251; } # atom / server host router { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.254; } # router } }
[edit] Locate a Rogue Server
You will need scapy installed, and you will need to be root.
apt-get install scapy
#!/usr/bin/env python import sys import scapy from scapy.all import * conf.verbose = 0 conf.checkIPaddr = False fam,hw = get_if_raw_hwaddr(conf.iface) dhcp_discover = Ether(dst="ff:ff:ff:ff:ff:ff")/IP(src="0.0.0.0",dst="255.255.255.255")/UDP(sport=68,dport=67)/BOOTP(chaddr=hw)/DHCP(options=[("message-type","discover"),"end"]) ans, unans = srp(dhcp_discover, multi=True, timeout=10) for p in ans: print p[1][Ether].src, p[1][IP].src