728x90
테스트 환경
- 알마리눅스 8.9 OS 사용
- 공유기를 사용하고 있기 때문에 192.168.1.x/24 대역은 사용할 수 없음
- 공유기가 DHCP서버를 하고 있기 때문에 DHCP가 두개 되어 그러다 보면 IP충돌이 일어날수 있음
- 새로운 서브넷을 형성 해서 DHCP를 구현해야함.
1. DHCP 구성하기
대역대 : 10.0.0.x / 24 로 진행
1-1 DHCP 서버 패키지 설치
[root@localhost ~]# dnf install dhcp-server
AlmaLinux 8 - BaseOS 1.4 MB/s | 5.1 MB 00:03
AlmaLinux 8 - AppStream 1.7 MB/s | 12 MB 00:06
AlmaLinux 8 - Extras 23 kB/s | 20 kB 00:00
Dependencies resolved.
==============================================================================================================================================================================================================
Package Architecture Version Repository Size
==============================================================================================================================================================================================================
Installing:
dhcp-server x86_64 12:4.3.6-49.el8 baseos 529 k
Installing dependencies:
bind-export-libs x86_64 32:9.11.36-11.el8_9 baseos 1.1 M
dhcp-common noarch 12:4.3.6-49.el8 baseos 206 k
dhcp-libs x86_64 12:4.3.6-49.el8 baseos 147 k
Transaction Summary
==============================================================================================================================================================================================================
Install 4 Packages
Total download size: 2.0 M
Installed size: 4.6 M
Is this ok [y/N]: y
Downloading Packages:
(1/4): dhcp-libs-4.3.6-49.el8.x86_64.rpm 709 kB/s | 147 kB 00:00
(2/4): dhcp-common-4.3.6-49.el8.noarch.rpm 340 kB/s | 206 kB 00:00
(3/4): dhcp-server-4.3.6-49.el8.x86_64.rpm 1.0 MB/s | 529 kB 00:00
(4/4): bind-export-libs-9.11.36-11.el8_9.x86_64.rpm 934 kB/s | 1.1 MB 00:01
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 1.0 MB/s | 2.0 MB 00:01
AlmaLinux 8 - BaseOS 511 kB/s | 5.0 kB 00:00
Importing GPG key 0xC21AD6EA:
Userid : "AlmaLinux <packager@almalinux.org>"
Fingerprint: E53C F5EF 91CE B0AD 1812 ECB8 51D6 647E C21A D6EA
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
Is this ok [y/N]: y
Key imported successfully
Importing GPG key 0xCED7258B:
Userid : "AlmaLinux OS 8 <packager@almalinux.org>"
Fingerprint: BC5E DDCA DF50 2C07 7F15 8288 2AE8 1E8A CED7 258B
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
Is this ok [y/N]: y
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : dhcp-libs-12:4.3.6-49.el8.x86_64 1/4
Installing : dhcp-common-12:4.3.6-49.el8.noarch 2/4
Installing : bind-export-libs-32:9.11.36-11.el8_9.x86_64 3/4
Running scriptlet: bind-export-libs-32:9.11.36-11.el8_9.x86_64 3/4
Running scriptlet: dhcp-server-12:4.3.6-49.el8.x86_64 4/4
Installing : dhcp-server-12:4.3.6-49.el8.x86_64 4/4
Running scriptlet: dhcp-server-12:4.3.6-49.el8.x86_64 4/4
Verifying : bind-export-libs-32:9.11.36-11.el8_9.x86_64 1/4
Verifying : dhcp-common-12:4.3.6-49.el8.noarch 2/4
Verifying : dhcp-libs-12:4.3.6-49.el8.x86_64 3/4
Verifying : dhcp-server-12:4.3.6-49.el8.x86_64 4/4
Installed:
bind-export-libs-32:9.11.36-11.el8_9.x86_64 dhcp-common-12:4.3.6-49.el8.noarch dhcp-libs-12:4.3.6-49.el8.x86_64 dhcp-server-12:4.3.6-49.el8.x86_64
Complete!1-2. DHCP서버 IP설정하기
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-enp1s0f1
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-enp1s0f1
# Generated by parse-kickstart
TYPE="Ethernet"
BOOTPROTO="static"
NAME="enp1s0f1"
DEVICE="enp1s0f1"
ONBOOT="yes"
IPADDR="10.0.0.1"
NETMASK="255.255.255.0"스크립트 설정 후 네트워크 재시작 & 확인
[root@localhost ~]# systemctl restart NetworkManager
[root@localhost ~]# ifconfig
enp1s0f0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.151 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::225:90ff:fe1d:e52c prefixlen 64 scopeid 0x20<link>
ether 00:25:90:1d:e5:2c txqueuelen 1000 (Ethernet)
RX packets 45217 bytes 40742937 (38.8 MiB)
RX errors 0 dropped 1 overruns 0 frame 0
TX packets 15264 bytes 1139637 (1.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device memory 0xfbc60000-fbc7ffff
enp1s0f1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.1 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::225:90ff:fe1d:e52d prefixlen 64 scopeid 0x20<link>
ether 00:25:90:1d:e5:2d txqueuelen 1000 (Ethernet)
RX packets 319 bytes 19140 (18.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 37 bytes 4579 (4.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device memory 0xfbce0000-fbcfffff1-3.DHCP 셋팅하기
- /etc/dhcp/dhcpd.conf파일 수정하기
[root@localhost ~]# vi /etc/dhcp/dhcpd.conf
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp-server/dhcpd.conf.example
# see dhcpd.conf(5) man page
#
subnet 10.0.0.0 netmask 255.255.255.0 {
range 10.0.0.100 10.0.0.200;
option routers 10.0.0.1;
option domain-name-servers 8.8.8.8;
}
dhcpd.conf파일의 옵션은 많이 존재 합니다.
| 예시 | 설명 |
| subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.100 192.168.1.200; option routers 192.168.1.1; option domain-name-servers 192.168.1.10, 192.168.1.11; next-server 192.168.1.20; # TFTP 서버의 주소 filename "pxelinux.0"; # 클라이언트에서 실행할 PXE 부트로더 파일 host mydevice { hardware ethernet 00:11:22:33:44:55; fixed-address 192.168.1.50; } } |
subnet 블록은 특정 서브넷에 대한 설정을 정의하는곳 - 서브넷의 IP주소범위 - 기본 게이트 웨이 - DNS 서버 - PXE 부트로더 관련 옵션 등... |
| range 192.168.1.100 192.168.1.200; | 클라이언트에게 할당할 IP주소 범위 |
| option routers 192.168.1.1; option domain-name-servers 192.168.1.10, 192.168.1.11; |
option 블록은 클라이언트에게 제공되는 옵션 설정 - 게이트웨이 주소 - DNS서버 주소 등.. |
| next-server 192.168.1.20; | TFTP 서버의 주소 |
| filename "pxelinux.0"; | 클라이언트에서 실행할 PXE 부트로더 파일 |
| host mydevice { hardware ethernet 00:11:22:33:44:55; fixed-address 192.168.1.50; } |
host 블록 특정 장치에 대한 설정을 지정 - 클라이언트 장치의 MAC 주소 - 고정IP 주소 할당 - 호스트 이름 등 ... |
| hardware ethernet 00:11:22:33:44:55; | 클라이언트 MAC주소 |
| fixed-address 192.168.1.50; | 해당 MAC주소가 요청시 고정IP 설정 |
1-4. DHCP 패키지 실행
[root@localhost ~]# systemctl start dhcpd
[root@localhost ~]# systemctl status dhcpd
● dhcpd.service - DHCPv4 Server Daemon
Loaded: loaded (/usr/lib/systemd/system/dhcpd.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2024-01-23 12:41:46 KST; 5s ago
Docs: man:dhcpd(8)
man:dhcpd.conf(5)
Main PID: 39948 (dhcpd)
Status: "Dispatching packets..."
Tasks: 1 (limit: 306781)
Memory: 4.9M
CGroup: /system.slice/dhcpd.service
└─39948 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid
Jan 23 12:41:46 localhost.localdomain dhcpd[39948]:
Jan 23 12:41:46 localhost.localdomain dhcpd[39948]: No subnet declaration for enp1s0f0 (192.168.1.151).
Jan 23 12:41:46 localhost.localdomain dhcpd[39948]: ** Ignoring requests on enp1s0f0. If this is not what
Jan 23 12:41:46 localhost.localdomain dhcpd[39948]: you want, please write a subnet declaration
Jan 23 12:41:46 localhost.localdomain dhcpd[39948]: in your dhcpd.conf file for the network segment
Jan 23 12:41:46 localhost.localdomain dhcpd[39948]: to which interface enp1s0f0 is attached. **
Jan 23 12:41:46 localhost.localdomain dhcpd[39948]:
Jan 23 12:41:46 localhost.localdomain systemd[1]: Started DHCPv4 Server Daemon.
Jan 23 12:41:46 localhost.localdomain dhcpd[39948]: Sending on Socket/fallback/fallback-net
Jan 23 12:41:46 localhost.localdomain dhcpd[39948]: Server starting service.2. 클라이언트에서 테스트 하기
2-1 클라이언트 IP할당
- 네트워크 스크립트 수정하기
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-enp1s0f0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=eui64
NAME=enp1s0f0
UUID=39cc74c1-6575-48cf-a79f-61b67449a378
DEVICE=enp1s0f0
ONBOOT=yes
[root@localhost ~]# systemctl restart NetworkManager- SSH접속
[root@localhost ~]# ssh root@10.0.0.100
root@10.0.0.100's password:
Activate the web console with: systemctl enable --now cockpit.socket
Last login: Tue Jan 23 00:57:01 2024
[root@localhost ~]# ifconfig
enp1s0f0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.100 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::225:90ff:fe1d:ea64 prefixlen 64 scopeid 0x20<link>
ether 00:25:90:1d:ea:64 txqueuelen 1000 (Ethernet)
RX packets 139 bytes 22631 (22.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 125 bytes 16994 (16.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device memory 0xfbc60000-fbc7ffff
enp1s0f1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 00:25:90:1d:ea:65 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device memory 0xfbce0000-fbcfffff
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:34:e9:3c txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 02-2. 클라이언트가 외부망(공인망)사용할수 있게 하기
NAT설정 하기
🎈 DHCP서버
✔ firewalld 방화벽 실행중인지 확인
[root@localhost ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: active (running) since Fri 2024-02-02 11:06:17 KST; 1s ago
Docs: man:firewalld(1)
Main PID: 3393 (firewalld)
Tasks: 2 (limit: 306781)
Memory: 38.2M
CGroup: /system.slice/firewalld.service
└─3393 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid✔ SELinux 끄기
- 혹시모르니깐 Selinux는 꺼줍니다.
[root@localhost ~]# setenforce 0
[root@localhost ~]# getenforce
Permissive✔ 방화벽 정책 편집하기
[root@localhost ~]#firewall-cmd --zone=public --add-interface=enp1s0f1 --permanent
[root@localhost ~]#firewall-cmd --zone=internal --add-interface=enp1s0f1 --permanent
[root@localhost ~]#firewall-cmd --add-masquerade --permanent
[root@localhost ~]#firewall-cmd --reload✔ 적용되었는지 확인
- internal = 내부랑 연결된 통로
- public = 외부랑 연결된 통로
[root@localhost ~]# firewall-cmd --get-active-zones
internal
interfaces: enp1s0f1
public
interfaces: enp1s0f0- 제 환경같은경우 지금 enp1s0f1의 네트워크 카드는 내부망(사설IP) 10.0.0.x 대역이 연결되어있고, enp1s0f0의 네트워크카드는 외부망(공인IP)와 연결되어있습니다.
- 그러니깐 내부망에 있는 PC들이 enp1s0f1네트워크 카드를 통해 DHCP서버로 들어와 IP가 변경된후 외부망으로 나가게 되는겁니다.
✔ IPv4 포워딩 활성화 명령어
- net.ipv4.ip_forward=0인 경우, 커널은 IPv4 포워딩을 비활성화하고, 시스템은 라우팅된 패킷을 무시합니다. 이는 일반적으로 라우터로 사용되지 않는 시스템에서 기본값
- net.ipv4.ip_forward=1인 경우, 커널은 IPv4 포워딩을 활성화하고, 시스템은 라우팅된 패킷을 전달합니다. 이는 라우터로 사용되는 시스템에서 필요한 설정
✔ 일시적인 방법
[root@localhost ~]# sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
✔ 영구적인 방법
/etc/sysctl.conf 설정 파일에서 net.ipv4.ip_forward=1 한줄을 추가 해줍니다.
설정파일을 수정후에는 적용하기 위해 'sysctl -p' 명령어를 실행해주어야합니다.
[root@localhost ~]# cat /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_forward=1
[root@localhost ~]# sysctl -p🎈 클라이언트에서 테스트
✔ 10.0.0.100클라이언트에 접속
[root@localhost ~]# ssh 10.0.0.100
root@10.0.0.100's password:
Activate the web console with: systemctl enable --now cockpit.socket
Last login: Wed Jan 31 17:00:04 2024 from 10.0.0.1
[root@localhost ~]#✔ DNS와 통신이 일단 되는지 확인
[root@localhost ~]# ping google.co.kr
PING google.co.kr (142.250.76.131) 56(84) bytes of data.
64 bytes from kix07s06-in-f3.1e100.net (142.250.76.131): icmp_seq=1 ttl=56 time=36.8 ms
64 bytes from kix07s06-in-f3.1e100.net (142.250.76.131): icmp_seq=2 ttl=56 time=34.9 ms
^C
--- google.co.kr ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 34.854/35.839/36.825/1.003 ms
[root@localhost ~]# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=56 time=32.6 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=56 time=33.3 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=56 time=29.3 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=56 time=32.9 ms
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 29.346/32.030/33.326/1.588 ms✔ dnf를 이용하여 패키지가 잘 설치 되는지 확인
[root@localhost ~]# dnf -y install mc
AlmaLinux 8 - BaseOS 1.5 MB/s | 5.2 MB 00:03
AlmaLinux 8 - AppStream 1.8 MB/s | 12 MB 00:06
AlmaLinux 8 - Extras 24 kB/s | 20 kB 00:00
Package mc-1:4.8.19-9.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!- 설치도 잘 됩니다.
💢 만약 공인망과 통신이 되지 않는다면, SELinux, 방화벽, 라우터설정을 확인 해보시기 바랍니다.
728x90
'리눅스 > 서버운영' 카테고리의 다른 글
| [리눅스] NFS 서버 구성하기 (1) | 2024.01.31 |
|---|---|
| [리눅스] TFTP, VSFTP서버 구성하기 (0) | 2024.01.29 |
| [리눅스] KickStart (1) | 2024.01.23 |
| [리눅스] 파티션 복사 실습⑧ (완결편) (0) | 2024.01.19 |
| [리눅스]SELinux (0) | 2024.01.10 |
댓글