Advanced analysis of Linux network principles and configuration of DHCP and FTP in Linux

1. DHCP concept

1. DHCP (Dynamic Host Configuration Protocol, dynamic host configuration protocol)

• Designed and developed by the Internet Task Force
• A protocol dedicated to self-distribution of ТСР/IP parameters for computers in a TCP/IP network
  

2. The benefits of using DHCP

• Reduce the workload of administrators
• Avoid the possibility of input errors
• Avoid IP address conflicts
• When changing the IP address segment, there is no need to reconfigure each user's IP address
• Improved utilization of IP addresses
• Convenient client configuration

3. DHCP allocation method

(1) Use DHCP service to assign addresses

• Automatically allocate addresses for a large number of clients and provide centralized management
• Reduce management and maintenance costs and improve network configuration efficiency

(2) The address information that can be allocated mainly includes

• IP address and subnet mask of the network card
• Corresponding network address, broadcast address
• Default gateway address
• DNS server address

(3) Three distribution methods

• Automatic allocation: the client is permanently used after being allocated an IP address from the DHCP server
• Manual allocation: the IP address is specified by the DHCP server administrator
• Dynamic allocation: release the IP after the client is finished using it for other clients

4. DHCP lease process

• The process by which the client obtains an IP address from the DHCP server is called the DHCP lease process
• In general, it is divided into four steps
  

(1) The client searches for the server in the network

• When a DHCP client is started, the client does not yet have an IP address, so the client must obtain a legal address through DHCP.
• At this time, the DHCP client broadcasts the DHCP Discover to find the DHCP server

(2) The server responds to the client

• When the DHCP server receives the information requesting the IP address from the client, it searches its own IP address pool to find out whether there is a legal IP address provided to the client.
• If so, the DHCP server will mark the IP address, add it to the DHCP Offer message, and then broadcast a DHCP Offer message

(3) Client chooses IP address

• The DHCP client extracts the IP address from the first DHCP Offer message received, and the DHCP server that issued the IP address reserves the address so that the address cannot be allocated to another DHCP client.

(4) The server confirms the lease

• After receiving the DHCP Request message, the DHCP server broadcasts a successful confirmation to the client in the form of a DHCP ACK message, which contains a valid lease of the IP address and other configurable information
• When the client receives the DHCP ACK message, configure the IP address and complete the initialization of TCP/IP

(5) Log in again

• Each time the DHCP client logs on to the network again, it does not need to send DHCP Discover information, but directly sends the DHCP Request request information containing the IP address assigned the previous time.

(6) Renew the lease

• When the IP address leased by the DHCP server to the client reaches 50%, the lease must be renewed
• The client directly sends a DHCP Request packet to the server providing the lease, requesting to renew the existing address lease

Two, install the DHCP server

1. Configure DHCP relay in ensp

dhcp enable									#开启DHCP功能

interface Vlanif10
 ip address 192.168.10.254 255.255.255.0
 dhcp select relay							#开启DHCP中继功能
 dhcp relay server-ip 192.168.100.253			#指向DHCP服务器的地址

interface Vlanif20
 ip address 192.168.20.254 255.255.255.0
 dhcp select relay
 dhcp relay server-ip 192.168.100.253

interface Vlanif100
 ip address 192.168.100.254 255.255.255.0
 dhcp select relay
 dhcp relay server-ip 192.168.100.253

2. Configure the DHCP server

• Dhcp-4.2.5-58.el7.centos.x86_64.rpm in the CentOS 7 CD
• The main files of the DHCP software package
  • Main configuration file: /etc//dhcp/dhcpd.conf
  • Execution program: /usr/sbin/dhcpd, /usr/sbin/dhcrelay

yum install -y dhcp
cat /etc/dhcp/dhcpd.conf    #查看主配置文件
cat /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example  #查看示例配置文件

3. Configure the content of the main configuration file

cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf

vim /etc/dhcp/dhcpd.conf   #设置全局配置参数
default-lease-time 600;	 #默认租约为 10分钟，单位为秒
max-lease-time 7200;	 #最大租约为 1 小时，单位为秒
option domain-name "example.org";  #指定默认域名
option domain-name-servers 8.8.8.8; #指定 DNS 服务器地址
ddns-update-style none;  #禁用 DNS 动态更新

#subnet网段声明（作用于整个子网段，部分配置参数优先级高于全局配置参数）
subnet 192.168.100.0 netmask 255.255.255.0 {    	#声明要分配的网段地址
   range 192.168.100.1 192.168.100.128;     #设置地址池
  option routers 192.168.100.254；      #指定默认网关地址
}
subnet 192.168.10.0 netmask 255.255.255.0 {
  range 192.168.10.1 192.168.10.128;
  option routers 192.168.10.254;
}
subnet 192.168.20.0 netmask 255.255.255.0 {
  range 192.168.20.1 192.168.20.128;
  option routers 192.168.20.254;
}

#host主机声明（给单机分配固定的 IP 地址）
host hostname {										#指定需要分配固定 IP地址的客户机名称
  hardware ethernet 00:c0:c3:22:46:81;				#指定该主机的 MAC地址
  fixed-address 192.168.10.100;						#指定保留给该主机的 IP地址
}

#后面内容可都删除

#关上防火墙
systemctl start dhcpd
systemctl stop firewalld
setenforce 0

netstat -anpu | grep ":67"

#如果DHCP服务启动失败，可以查看日志文件
tail -f /var/log/messages

4. Linux client uses DHCP to dynamically obtain IP

#方法一：
vim /etc/sysconfig/network-scripts/ifcfg-ens33
DEVICE=ens33
ONBOOT=yes
BOOTPROTO=dhcp

ifdown ens33 ; ifup ens33

#方法二：
dhclient -d ens33

查看租约文件 
less /var/lib/dhcpd/dhcpd.lease

Three, DHCP distribution experiment

1. First configure the network model in ensp

(1) Cloud server configuration
Here you must first set up your own virtual network card. Some may have their own DHCP service, which needs to be turned off, otherwise it will conflict.

(2) DHCP relay configuration

(3) Layer 2 switch configuration

2. Operations on the virtual machine

(1) Configure the network card, and reload the network card configuration


(2) Install dhcp, view and copy the configuration file

View the main configuration file and


configuration template file Overwrite the configuration template file with the main configuration file

(3) Modify the main configuration file, don’t forget to configure it wq save

(4) modify the virtual machine network type

(5) turn off the firewall


(6) test
PC1


PC2 in ensp

3. Fix the IP address for the PC

The address that should not be changed here is the same as the previously set address to prevent address conflicts.


Obtain the MAC address from the virtual machine win10

Four, FTP file transfer experiment

• FTP service-protocol used to transfer files
• The FTP server uses TCP port 20 and 21 to communicate with the client by default
  • Port 20 is used to establish a data connection and transfer file data
  • Port 21 is used to establish a control connection and transmit FTP control commands
• FTP data connection is divided into active mode and passive mode
  • Active mode: the server actively initiates a data connection
  • Passive mode: server passively waits for data connection

1. Install the software package

yum install -y vsftpd
cd /etc/vsftpd/
cp vsftpd.conf vsftpd.conf.bak

2. Set up the FTP service accessed by anonymous users (maximum permissions)

#修改配置文件
vim /etc/vsftpd/vsftpd.conf
anonymous_enable=YES            #开启匿名用户访问。默认已开启
write_enable=YES                #开放服务器的写权限（若要上传，必须开启）。默认已开启
anon_umask=022                  #设置匿名用户所上传数据的权限掩码（反掩码）。默认已开启
anon_upload_enable=YES          #允许匿名用户上传文件。默认已注释，需取消注释
anon_mkdir_write_enable=YES     #允许匿名用户创建（上传）目录。默认已注释，需取消注释
anon_other_write_enable =YES    #允许删除、重命名、覆盖等操作。需添加

#为匿名访问ftp的根目录下的 pub子目录设置最大权限，以便匿名用户上传数据
chmod 777 /var/ftp/pub/

#开启服务，关闭防火墙和增强型安全功能
systemctl start vsftpd
systemctl stop firewalld
setenforce 0

3. Anonymous access test

在Windows系统打开 开始 菜单，输入 cmd 命令打开命令提示符
#建立ftp连接
ftp 192.168.163.20
#匿名访问，用户名为ftp，密码为空，直接回车即可完成登录
ftp> pwd			#匿名访问ftp的根目录为Linux系统的/var/ftp/目录
ftp> ls				#查看当前目录
ftp> cd pub			#切换到pub 目录
ftp> get 文件名		#下载文件到当前Windows本地目录
ftp> put 文件名		#上传文件到ftp目录
ftp> quit			#退出

First operate the operation on the

win10 computer on linux

4. Set up local user authentication to access ftp, and prohibit switching to directories other than ftp (the root directory of the default login is the home directory of the local user)

#修改配置文件
vim /etc/vsftpd/vsftpd.conf
local_enable=Yes        		 #启用本地用户
anonymous_enable=NO     		 #关闭匿名用户访问
write_enable=YES        		 #开放服务器的写权限（若要上传，必须开启）
anon_umask=077          		 #可设置仅宿主用户拥有被上传的文件的权限（反掩码）
chroot_local_user=YES   		 #将访问禁锢在用户的宿主目录中
allow_writeable_chroot=YES		 #允许被限制的用户主目录具有写权限

重启服务
systemctl restart vsftpd


修改匿名用户、本地用户登录的默认根目录（这个在配置文件里填上即可，这就不演示了）
anon_root=/var/www/html			#anon_root 针对匿名用户
local_root=/var/www/html		#local_root 针对系统用户

Modify the configuration file and



restart the service

under win10. Users are restricted and are not allowed to access directories other than the host's home directory.