CentOS DHCP Server (SYS 255) - Chromosom3/TechNotes GitHub Wiki

CentOS DHCP Server

Instilation & Configuration:

To install the DHCP server on a CentOS system we need to use the yum command. Yum is a package manager just like apt. The command to install the DHCP server using yum is yum install dhcp. From there you will see the package begin to install. Once the package is installed you will need to configure it. To configure the DHCP server you need to edit the config file located at /etc/dhcp/dhcpd.conf. You can use any text editor to edit this file such as nano or vi, just make sure you have write privileges to the file (sudo or root user). You will want to configure the server similarly to the config below.

#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.example
# see dhcpd.conf(5) man page
#
subnet 10.0.5.0 netmask 255.255.255.0 {
    option routers 10.0.5.2;    #The default gateway you want to use.
    option subnet-mask 255.255.255.0; #Subnet mask for the network.
    option domain-name “dylan.local”; #Domain name for the network.
    option domain-name-servers 10.0.5.5,1.1.1.1; #DNS server(s) for the network.
    range 10.0.5.100 10.0.5.150; #Address range for the DHCP server to give out.
    default-lease-time 3600; #Default lease time in seconds. This is 1 hour.
    max-lease-time 14400; #Max lease time in seconds. This is 4 hours.
}

Starting & Enabling the Service:

Now that the DHCP server is configured we will want to start it. To start a service you can use the systemctl start command with the service name (Note you will have to have permissions to do so, sudo or root). For example, we can start the DHCP server by running systemctl start dhcpd. This will only start the service once. Since this CentOS machine is going to be a permanent DHCP server we will want to make sure it always starts when the machine does. To do this we will again use the systemclt command but this time we will do enable instead of start like so systemctl enable dhcpd. This will make sure the service runs on startup.

Configuring the Firewall

By default, the CentOS firewall will not allow connections for DHCP. To change this we will work with the firewall-cmd command. Some use cases of the firewall-cmd command are shown below.

  • firewall-cmd --list-all: Shows all the current firewall rules.
  • firewall-cmd --add-service=dhcp: Adds the DHCP service to the firewall temporarily.
  • firewall-cmd --add-service=dhcp --permanent: Adds the DHCP service to the firewall permanently.
  • firewall-cmd --reload: Reloads the firewall. Need to do this when making changes for them to take effect.

Testing and Troubleshooting:

We are going to want to test that our server is working and assigning addresses in the desired scope. To do this we are going to need a client on the network to test this with. Below are the steps for using a Windows client to test the DHCP server. You can also check the DHCP logs found in /var/log/messages using the grep command. An example of that would be sudo cat /var/log/message | grep dhcpd.

Testing With Windows:

  1. Logon to the system.
  2. Open an administrative command prompt.
  3. Run the command ipconfig /all and look for DHCP Enabled.
  4. If DHCP is not enabled you will need to enable it.
    1. Run the command netsh interface ip set address "Ethernet0" dhcp. Note Ehternet0 should be replaced with your network adapter name.
  5. Now we can run ipconfig /release and ipconfig /renew to release any current DHCP lease and acquire a new one.
  6. To check if the DHCP server provided you with a lease run ipconfig /all and check to see an IP address and note the IP of your DHCP server. It should match the server you are setting up.

DHCP RFC (RFC-2131)

Terminology

  • DHCP Client: The DCHP Client is the internet host (system)that is using DHCP to obtain configuration.
  • DHCP Server: The DHCP Server is the internet host (system) that returns a configuration to DHCP clients.
  • Boot Relay Agent: The Boot Relay Agent is an internet host (system) that passes a DHCP message between the clients and the servers.
  • Binding: Binding is a collection of configuration parameters (at least an IP) associated with (or bound to) a DHCP client. Bindings are managed by the DHCP server.

Client-Server Interaction (DORA)

  • DHCP (D)iscover: DHCP Client broadcast to find available DHCP servers.
  • DHCP (O)ffer: DHCP Server sends DHCP Client response to the DHCP Discover request. The response contains configuration parameters the client can use.
  • DHCP (R)equest: DHCP Client requests the configuration offered in the DHCP Offer. A DHCP Request can also occur if the DHCP Client wants to confirm or extend a previously offered configuration.
  • DHCP (A)CK: DHCP Server sends client configuration parameters, including the committed network address.

Some other Client-Server Interactions:

  • DHCP NAK: DHCP Server tells the DHCP client that their configuration is incorrect (the client is on the wrong subnet) or the lease has expired.
  • DHCP Decline: DHCP Client declines the offer and tells the DHCP server the address is in use.
  • DHCP Release: DHCP Client to DHCP server releasing the configuration and canceling the lease.
  • DHCP Inform: DHCP Client to DHCP Server asking for local configuration, the client already has a configured IP from an external source (e.g. static).

DHCP MAC Address Filtering

For more security, you can enable MAC address filtering. This will allow you to specify what MAC addresses are allowed (whitelisted) to get IP addresses or which MAC addresses are explicitly denied (blacklisted) from getting IP addresses.

DHCP Static Address

You can associate a MAC address with an IP address on the DHCP server. This means that the host with that MAC address will always be assigned the IP address you associate with the MAC.