Ubuntu server 12.04/dhcp

From Attie's Wiki
Revision as of 13:51, 14 March 2013 by Attie (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Ubuntu Server 12.04

apt-get install isc-dhcp-server

Contents

Control the Server

service isc-dhcp-server start

Check the config (it just fails to start if there is an error):

/usr/sbin/dhcpd -d -t

Configuring DHCP

The config file is: /etc/dhcp/dhcpd.conf

Todo:

  • DDNS updates (ddns-update-style)
  • iSCSI hosts

Sample

Sample contents of /etc/dhcp/dhpcd.conf:

# Attention: If /etc/ltsp/dhcpd.conf exists, that will be used as
# configuration file instead of this file.
 
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;
 
# Allow each client to have exactly one lease, and expire
# old leases if a new DHCPDISCOVER occurs
one-lease-per-client true;
 
# Tell the server to look up the host name in DNS
get-lease-hostnames true;
 
# 10 min in seconds
default-lease-time 600;
# 1 hr in seconds 
max-lease-time 36000;
 
authoritative;
log-facility local7;
 
# gPXE-specific encapsulated options
option space gpxe;
option gpxe-encap-opts code 175 = encapsulate gpxe;
option gpxe.priority code 1 = signed integer 8;
option gpxe.keep-san code 8 = unsigned integer 8;
option gpxe.no-pxedhcp code 176 = unsigned integer 8;
option gpxe.bus-id code 177 = string;
option gpxe.bios-drive code 189 = unsigned integer 8;
option gpxe.username code 190 = string;
option gpxe.password code 191 = string;
option gpxe.reverse-username code 192 = string;
option gpxe.reverse-password code 193 = string;
option gpxe.version code 235 = string;
 
###
# layout:
#
#   1
#   :   127x Static addresses
#  127
# -----
#  128
#   :   97x Dynamic addresses
#  224
# -----
#  225
#   :   30x Infrastructure addresses (router, server etc)
#  254
#
###
 
subnet 192.168.0.0 netmask 255.255.255.0 {
        option broadcast-address 192.168.0.255;
 
        option routers 192.168.0.254;
        option domain-name "attie.co.uk";
        option domain-name-servers 192.168.0.149, 192.168.0.254;
 
        # try to convince clients that DHCP should tell them what thier hostname is
        use-host-decl-names on;
 
        # PXE configuration
        next-server boot.attie.co.uk;
        server-name "boot.attie.co.uk";
        filename "./pxelinux.0";
 
###
#   1
#   :   127x Static addresses
#  127
###
        pool {
                range dynamic-bootp 192.168.0.1 192.168.0.127;
 
        # physical machines   : 1 -> 32
                host baloo              { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.1;       } # desktop
                host piglet             { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.2;       } # phone
                host roo                { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.3;       } # laptop (wireless / common)
                host lan.roo            { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.4;       } # laptop (wired / uncommon)
                host gnat               { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.5;       } # netbook (wireless / common)
                host lan.gnat           { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.6;       } # netbook (wired / uncommon)
        # virtual machines    : 33 -> 127
                host tigger             { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.33;      } # tigger
        }
 
###
#  128
#   :   97x Dynamic addresses
#  224
###
        pool {
                option domain-name "dhcp.attie.co.uk";
                range dynamic-bootp 192.168.0.192 192.168.0.224;
                allow unknown-clients;
        }
 
###
#  225
#   :   30x Infrastructure addresses (router, server etc)
#  254
###
        pool {
                range dynamic-bootp 192.168.0.225 192.168.0.254;
 
                host akela              { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.251;     } # atom / server
                host router             { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.254;     } # router
        }
 
}

Locate a Rogue Server

You will need scapy installed, and you will need to be root.

apt-get install scapy
#!/usr/bin/env python
 
import sys
import scapy
from scapy.all import *
 
conf.verbose = 0
conf.checkIPaddr = False
fam,hw = get_if_raw_hwaddr(conf.iface)
dhcp_discover = Ether(dst="ff:ff:ff:ff:ff:ff")/IP(src="0.0.0.0",dst="255.255.255.255")/UDP(sport=68,dport=67)/BOOTP(chaddr=hw)/DHCP(options=[("message-type","discover"),"end"])
ans, unans = srp(dhcp_discover, multi=True, timeout=10)
for p in ans: print p[1][Ether].src, p[1][IP].src
Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox