Principle and configuration of DHCP in Linux network

1. DHCP service

1. DHCP (Dynamic Host Configuration Protocol)

(1) Designed and developed by the Internet task force
(2) A protocol specially used for self-distribution of ТСР/IP parameters for computers in a TCP/IP network

2. The benefits of using DHCP

(1) Reduce the workload of the administrator
(2) Avoid the possibility of input errors
(3) Avoid IP address conflicts
(4) When changing the IP address range, there is no need to reconfigure each user's IP address
(5) Increase the IP Utilization of addresses
(6) to facilitate client configuration

2. DHCP lease process

1. The process by which the client obtains an IP address from the DHCP server is called the DHCP lease process
2. It is divided into four steps

1. The client searches for the server in the network

When a DHCP client is started, the client does not yet have an IP address, so the client must obtain a legal address through DHCP.
At this time, the DHCP client broadcasts the DHCP Discover information to find the DHCP server

2. The server responds to the client

When the DHCP server receives the information requesting the IP address from the client, it searches its own IP address pool to find out whether there is a legal IP address provided to the client.
If so, the DHCP server will mark the IP address, add it to the DHCP Offer message, and then broadcast a DHCP Offer message

3. The client selects the IP address

The DHCP client extracts the IP address from the first DHCP Offer message it receives, and the DHCP server that issued the IP address reserves the address so that the address can no longer be assigned to another DHCP client.

4. The server determines the lease

After receiving the DHCP Request message, the DHCP server broadcasts a successful confirmation to the client in the form of a DHCP ACK message, which contains a valid lease of the IP address and other configurable information.
When the client receives the DHCP ACK message, configure the IP address , Complete the initialization of TCP/IP

5. Log in again

Each time the DHCP client logs on to the network again, it does not need to send DHCP Discover information, but directly sends the DHCP Request request information containing the IP address assigned the previous time.

6. Renew the lease

When the lease period of the IP address leased by the DHCP server to the client reaches 50%, the lease must be renewed. The
client directly sends a DHCP Request packet to the server that provides the lease, requesting to renew the existing address lease.

Three, use DHCP to dynamically configure the host address

1. DHCP service

(1) Automatically allocate addresses for a large number of clients and provide centralized management
(2) Reduce management and maintenance costs, and improve network configuration efficiency

2. The address information that can be allocated mainly includes

(1) The IP address and subnet mask of the network card
(2) The corresponding network address and broadcast address
(3) Default gateway address
(4) DNS server address

Fourth, install the DHCP server

1. DHCP server software

(1) dhcp-4.2.5-47.el7.centos.x86_64.rpm in the CentOS CD
(2) The main file of the DHCP software package
Main configuration file: /etc/dhcpd.conf
Executive program: /usr/sbin/dhcpd , /Usr/sbin/dhcrelay

2. The main configuration file: the content of dhcpd.conf

ddns-update-style  interim;     #全局配置参数
......
subnet  192.168.0.0  netmask  255.255.255.0 {       #网段声明
   option routers 192.168.0.1;       #配置选项
   ......
   default-lease-time 21600;   #配置参数
   host ns {
      ......    
      fixed-address 207.175.42.254;    #主机声明
   }
}        

3. The main configuration file: global settings, acting on the entire DHCP server

ddns-update-style    none;
default-lease-time    21600;
max-lease-time        43200;
option  domain-name  "domain.org"；
option  domain-name-servers  202.106.0.20;

Five, configure the DHCP server steps

在ensp中配置DHCP中继-------
dhcp enable         #开启DHCP功能
#
interface vlanif10 
 ip address 192.168.1.254 255.255.255.0
 dhcp select relay                         #开启DHCP中继功能
 dhcp relay server-ip 192.168.80.10       #指向DHCP服务器的地址    
# 
interface vlanif20
 ip address 192.168.2.254  255.255.255.0
 dhcp select relay
 dhcp relay server-ip 192.168.80.10
# 
interface Vlanif100
 ip address 192.168.80.254 255.255.255.0
 dhcp select relay
 dhcp relay server-ip 192.168.80.10

----在centos 虚拟机中配置-----
yum install  -y  dhcp

cd  /etc/dhcp/
ls
less  dhcpd.conf

cd   /usr/share/doc/dhcp-4.2.5/
ls
less  dhcpd. conf.example

cp   /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example   /etc/dhcp/dhcpd. conf

vim  /etc/dhcp/dhcpd. conf        
------设置全局配置参数------
default-lease-time  21600;         # 默认租约为6小时,单位为秒
max-lease-time    43200;           #最大租约为12小时,单位为秒
option  domain-name  "xxxx.com";           #指定默认域名
option domain-name-servers  202.106.0.20,  202.106.148.1;         #指定DNS服务器地址
ddns-update-style  none;                  #禁用DNS动态更新

----subnet网段声明(作用于整个子网段，部分配置参数优先级高于全局配置参数）
subnet  192.168.80.0  netmask  255.255.255.0 {             #声明要分配的网段地址
     range 192.168.80.100   192.168.80.200;                    #设置地址池
     option routers 192.168.80.254;                                   #指定默认网关地址
}

subnet 192.168.1.0  netmask 255.255.255.0 {
   range 192.168.1.100  192.168.1.200;
   option  routers  192.168.1.254;
}
   
subnet 192.168.2.0  netmask  255.255.255.0 {
   range 192.168.2.100  192.168.2.200;
   option routers 192.168.2.254;
}   

-------host主机声明(给单机分配固定的IP地址)------
host  hostname {                          #指定需要分配固定IP地址的客户机名称
  hardware ethernet 00:c0:c3:22:46:81;    #指定该主机的MAC地址  
  fixed-address 192.168.80.100；          #指定保留给该主机的IP地址  
}

---------关闭防火墙并开启服务------------
systemctl   start  dhcp
systemctl  stop   firewalld
setenforce 0

netstat -anpu | grip “: 67”

-----如果DHCP服务启动失败,可以查看日志文件来排查错误------
tail -f /var/log/messages

Six, FTP file transfer

FTP service-----the protocol used to transfer files The
FTP server uses TCP protocol port 20 and 21 to communicate with the client by default. Port
20 is used to establish data connections and transfer file data.
Port 21 is used to establish control connections and Transfer FTP control commands
FTP data connection is divided into active mode and passive mode.
Active mode: the server actively initiates the data connection.
Passive mode: the server passively waits for the data connection.

yum install -y vsftpd
cd /etc/vsftpd/
cp vsftpd.conf vsftpd.conf.bak

设置匿名用户访问的FTP服务(最大权限)
----修改配置文件----
vim /etc/vsftpd/vsftpd.conf
anonymous enable=YES             #开启匿名用户访问,默认已开启
write_enable=YES                 #开放服务器的写权限(若要上传,必须开启) ，默认已开启
anon_umask=022                  #设置匿名用户所上传数据的权限掩码(反掩码)，默认已开启
anon_upload_enable=YES          #允许匿名用户上传文件。默认已注释,需取消注释
anon_mkdir_write_enable=YES     #允许匿名用户创建(上传)目录。默认已注释,需取消注释
anon_other_write_enable=YES     #允许删除、重命名、覆盖等操作。需添加

----为匿名访问ftp的根目录下的 pub子目录设置最大权限,以便匿名用户上传数据-----
chmod 777  /var/ftp/pub/

----开启服务,关闭防火墙和增强型安全功能-----
systemctl start vsftpd
systemctl stop firewalld
setenforce 0

----匿名访问测试----
在windows系统打开 "开始" 菜单,输入 cmd 命令打开  命令提示符
----建立ftp连接------
ftp 192.168.80.10
----匿名访问，用户名为ftp，密码为空，直接回车即可完成登录
ftp> pwd        #匿名访问ftp的根目录为Linux系统的/var/ftp/目录
ftp> ls         #查看当前目录
ftp> cd pub     #切换到pub目录
ftp> get 文件名   #下载文件到当前windows本地目录
ftp> put文件名   #上传文件到ftp目录
ftp> quit        #退出

设置本地用户验证访问 ftp，并禁止切换到ftp以外的目录（默认登录的根目录为本地用户的家目录）
----修改配置文件-----
vim  /etc/vsftpd/vsftpd.conf
local_enable=Yes      #启用本地用户
anonymous_enable=NO   #关闭匿名用户访问
write_enable=YES      #开放服务器的写权限(若要上传,必须开启)
anon_umask=077        #可设置仅宿主用户拥有被上传的文件的权限(反掩码)
chroot_local_user=YES  #将访问禁锢在用户的宿主目录中
allow_writeable_chroot=YES     #允许被限制的用户主目录具有写权限

---重启服务-----
systemctl restart vsftpd

----修改匿名用户、本地用户登录的默认根目录------
anon_root=/var/www/html   #anon_root  针对匿名用户
local_root=/var/www/html  #local_root  针对系统用户