防火墙上配置DHCP(双网卡),配置了内部的用户用DHCP，求助！

小红帽

我在我的防火墙上配置DHCP(双网卡),我只想配置了内部的用户用DHCP，下面是我的启动错误提示，请帮忙解决一下,谢谢
Starting dhcpd: Internet Software Consortium DHCP Server 2.0pl5
Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium.
All rights reserved.

Please contribute if you find this software useful.
For info, please visit http://www.isc.org/dhcp-contrib.html

marvin.redhat.com: no A record associated with address
marvin.redhat.com: no A record associated with address
Listening on Socket/eth1/192.168.1.0
Sending on   Socket/eth1/192.168.1.0
No subnet declaration for eth0 (210.83.***.***).
Please write a subnet declaration in your dhcpd.conf file for the
network segment to which interface eth0 is attached.
exiting.
[FAILED]

athlontb

dhcpd.conf文件有问题，发一个上来

xchen

如果是两个网段的话，必须为两个网段都配一个dhcp。

你可以测试一下，把eth0改为192.168.1.x或是禁止eth0，就不会有任何提示。
其实给210.83.0.0配一个dhcp也没什么影响，看你自己的网络需要了。

应该可以只配一个，目前还没有找到方法。

小红帽

问题我已经解决了
看看这个就知道了
http://www.ccert.edu.cn/faq/show.php?handle=50


HCP的安装和配置

考虑大多数的情况，Linux作为DHCP服务器而windows 95/98作为DHCP客户。
Linux也可以作为DHCP客户,即你要安装dhcpcd  rpm 软件包 ，Linux作为DHCP服务器，
只需要安装dhcpd rpm 包 （以Redhat 6.1为例）

一．DHCP服务器工作的前提条件：
为了使DHCP服务器为windows机器服务，你可能需要创建一个到地址255.255.255.255
的路由，加这条路由命令到/etc/rc.d/rc.local使得每次启动后自动运行。
#route add -host 255.255.255.255 dev eth0
如果报告错误消息：
255.255.255.255： Unkown host
试着加下面的入口到/etc/hosts文件
255.255.255.255 dhcp, then try:
#route add -host dhcp dev eth0

二．DHCPd后台程序总是读取配置文件/etc/dhcpd.conf, 下面给出一个DHCP配置文件的例子：
#Sample /etc/dhcpd.conf
default-lease-time 1200;
max-lease-time 9200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.254;
option domain-name-servers 192.168.1.1,192.168.1.2;
option domain-name "mydomain.org";

subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.100;
range 192.168.1.150 192.168.1.200;
}
这将允许DHCP服务器分配两段地址范围给客户 192.168.1.10-100或者192.168.1.150-200
如果客户不继续请求DHCP地址则1200秒后释放IP地址，否则最大允许租用的时间为9200秒。
服务器发送下面的参数给DHCP客户机：
用255.255.255.0作为子网掩码，用192.168.1.255作为广播地址，用192.168.1.254作为
默认网关，用192.168.1.1 and 192.168.1.2作为DNS服务器
如果你要为windows客户指定一个WINS服务器，你需要包括下面的选项到dhcpd.conf文件中：
option netbios-name-servers 192.168.1.1;

三.你也能为某块网卡指定固定的IP地址，无论何时，这块网卡将总是从DHCP服务器获得
固定的IP地址：加下面的语句到/etc/dhcpd.conf:

host haagen {
hardware ethernet 08:00:2b:4c:59:23;
fixed-address 192.168.1.222;
}

也可连写为一行：
host Jephe  {hardware ethernet 00:a0:c9:a6:96:33;fixed-address 192.168.1.12;}

你也可为某台机器指定不同的网关地址，名服务器等：
host Jephe  {hardware ethernet 00:a0:c9:a6:96:33;fixed-address 192.168.1.12;option
routers 192.168.11.5;}

四. 大多数情况下，DHCP的安装不创建一个dhcpd.leases 文件，在你启动DHCP服务器之前，
你必须创建空文件 dhcpd.leases

#touch /var/state/dhcp/dhcpd.leases
为启动DHCP服务器，简单地打入 /usr/sbin/dhcpd 或者用#ntsysv把DHCP服务自动启动

这将启动dhcpd在eth0设备上，如果你想在eth1设备上启动dhcpd，则
#/usr/sbin/dhcpd eth1

如果为了调试DHCP，则用#/usr/sbin/dhcpd -d  -f

五．两块网卡的情况：
有时你需要在一台安装了两块网卡（作防火墙或网关）的机器上安装DHCP服务，下面的例子
指出一台防火墙机器上的一种DHCP设置，因为对外的网卡（internet）不需要提供DHCP服务：
因此这样设置如下：
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.2 192.168.1.4;
default-lease-time 86400;
max-lease-time 259200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.254;
option domain-name-servers 192.168.1.254;
}
subnet 202.102.34.102 netmask 255.255.255.255 {
}
六． FAQ
a. 为MAC机器固定IP地址？
当设置MAC机用DHCP功能获得IP地址后，如不知得到何地址，可在MAC机上发送一邮件出去，
收信者可通过mail header检查发送者IP地址，而后ping 该IP地址再利用arp命令检查arp
缓存中的该IP地址的对应物理地址。
b. 若LAN上有windows机器装上了某DHCP功能的软件，如sygate, wingate之类，则可能
其他windows客户会优先去寻找windows DHCP服务器，而不是Linux DHCP服务器

参考材料：
http://www.linuxgazette.com/issue48/pollman.html



附录：
在Redhat 5.2中的DHCP配置 （http://www.pcquest.com/linux/dhcp.asp ）
Configuring DHCP And DNS Services

Set up Linux to allocate IP address and act as a name server

Setting up DHCP on Red Hat

If your network has a large number of clients, manually configuring every machine
with a static IP address is a tough job. The Dynamic Host Configuration Protocol
(DHCP) lets you automatically assign an IP address to a machine on the network
from a pool or range of IP addresses it has.

To configure a DHCP server on your Linux machine, you need to create a file called
dhcpd.conf in the /etc directory. This file contains all the information that the
daemon needs while starting up. This file is in the following format (the line
numbers are not part of the file, they're for the explanation that follows):

subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.250;
default-lease-time 86400;
max-lease-time 259200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.1;
option domain-name-servers 192.168.1.1;
option domain-name "abc.com";
}
Lets look at these lines a bit more closely. The first line specifies the (sub)
network that the DHCP server is to manage or maintain. Within this network, we
have to configure different parameters (written within the curly braces).

The next line contains the range from which the server picks up IP addresses to
allocate. The starting and ending IP addresses are entered here. Line 3 contains
the default lease time. A lease is the amount of time that a particular machine
can hold an IP address before having to renew the lease with the server. The value
is given in number of seconds, so 86400 stands for one day. The next line,
max-lease-time, specifies the maximum amount of time that a machine can hold on to
a specific IP address.

Then come other options that will also be transmitted to the machine. These include
the subnet mask, the router, the domain name server, and the domain name.

Once this is done, you need to create a file called dhcpd.leases, also in the
/etc/ directory, which will contain information about which IP address has been
allocated to which machine. Since all this will be done by the server, all you need
to do is create a 0 byte file with the command, touch /etc/dhcpd.leases.

The next step requires you to add a broadcast route. Do this by appending the line
/sbin/route add -host 255.255.255.255 dev eth0 to /etc/rc.d/rc.local.

Finally, make sure DHCP is started at bootup. You can do this by running Setup,
choosing ntsysv, and enabling dhcpd. Restart the machine, by giving the command sync,
followed by reboot.

Your DHCP server will be up and running after the machine starts up. Any machine
that logs on the network will receive an IP address and all other parameters
automatically. If it's a Win 95 client, you can check all the settings by running
winipcfg in the Run dialog box.

There may be cases when you need to assign a particular machine the same IP address
always. You can either hardwire the information in the computer or add the following
lines to the dhcpd.conf file.

host mynotebook {
hardware ethernet 00:80:C8:85:B52;
fixed-address 192.168.1.20;
option host-name "mynotebook";
}

This specifies the ethernet address, which will be unique, the IP address that will always
be allocated to that machine, and a host name.

With DHCP, the network administrator's nightmare of correctly setting up IP addresses
on machines simply vanishes. You'll never need to manually configure another machine
ever again.

yxheyong

dhcpd.conf配置为：
ddns-update-style interim;
ignore client-updates;
                                                                                
subnet 192.168.1.0 netmask 255.255.255.0 {
        option routers                  192.168.1.1;
        option subnet-mask              255.255.255.0;
                                                                                
#       option nis-domain               "domain.org";
        option domain-name              "domain.org";
        option domain-name-servers      61.139.2.69;
        option broadcast-address        192.168.1.1;
                                                                                
#       option time-offset              -18000;
        range                            192.168.1.2 192.168.1.254;
        default-lease-time 21600;
        max-lease-time 43200;
}
subnet 10.0.0.3 netmask 255.255.255.255 {
}

启动后报错：
[root@server root]# dhcpd start
Internet Software Consortium DHCP Server V3.0pl1
Copyright 1995-2001 Internet Software Consortium.
All rights reserved.
For info, please visit http://www.isc.org/products/DHCP
Wrote 0 leases to leases file.
                                                                                
No subnet declaration for start (0.0.0.0).
** Ignoring requests on start.  If this is not what
   you want, please write a subnet declaration
   in your dhcpd.conf file for the network segment
   to which interface start is attached. **
                                                                                
                                                                                
Not configured to listen on any interfaces!
                                                                                
If you did not get this software from ftp.isc.org, please
get the latest from ftp.isc.org and install that before
requesting help.
                                                                                
If you did get this software from ftp.isc.org and have not
yet read the README, please read it before requesting help.
If you intend to request help from the dhcp-server@isc.org
mailing list, please read the section on the README about
submitting bug reports and requests for help.

Please do not under any circumstances send requests for
help directly to the authors of this software - please
send them to the appropriate mailing list as described in
the README file.

exiting.

请帮我看看是什么地方的问题！！！谢谢！

tower

试试看这个
这个有吗?

四. 大多数情况下，DHCP的安装不创建一个dhcpd.leases 文件，在你启动DHCP服务器之前，
你必须创建空文件 dhcpd.leases
#touch /var/state/dhcp/dhcpd.leases


subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.2 192.168.1.254;
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;

# option nis-domain "domain.org";
option domain-name "domain.org";
option domain-name-servers 61.139.2.69;
option broadcast-address 192.168.1.1;
broadcast 不可能是1吧，用255

# option time-offset -18000;

default-lease-time 21600;
max-lease-time 43200;
}

aniuge128

red hat 7.3 exist /var/lib/dhcpd.leases

gaoty

五．两块网卡的情况：
有时你需要在一台安装了两块网卡（作防火墙或网关）的机器上安装DHCP服务，下面的例子
指出一台防火墙机器上的一种DHCP设置，因为对外的网卡（internet）不需要提供DHCP服务：
因此这样设置如下：
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.2 192.168.1.4;
default-lease-time 86400;
max-lease-time 259200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.254;
option domain-name-servers 192.168.1.254;
}
subnet 202.102.34.102 netmask 255.255.255.255 {
}
中的最后一行，得IP 是什么？

yxheyong

dhcpd.lesaes 我有了啊。但还是上不去啊。
我用的是Radhat90

seablue

她说你的最后一行没有声明:

1. 
   
2. subnet 202.102.34.102 netmask 255.255.255.255 {
   
3. }

复制代码