RHEL8.10上搭建dhcp-relay服务

日期：2024.11.17
目的：在rhel8上搭建dhcp-relay服务，让搭建在lan网段（10.31.0.0/24）中的DHCP服务器rocky9（10.31.0.1/24），可以给dmz网段（172.31.0.0/24）中的主机提供服务
参照：

• 鸟哥Linux私房菜
  https://linux.vbird.org/linux_server/rocky9/0220dhcp_ntp.php#9.3
• 3.13. 设置 DHCP 转发代理
  https://docs.redhat.com/zh_hans/documentation/red_hat_enterprise_linux/9/html/managing_networking_infrastructure_services/setting-up-a-dhcp-relay-agent_providing-dhcp-services
• 3.9. 为没有直接连接到 DHCP 服务器的子网设置 DHCP 服务
  https://docs.redhat.com/zh_hans/documentation/red_hat_enterprise_linux/9/html/managing_networking_infrastructure_services/setting-up-the-dhcp-service-for-subnets-that-are-not-directly-connected-to-the-dhcp-server_providing-dhcp-services

在rhel8上安装dhcp-relay

[root@RHEL8 ~]# dnf info dhcp-relay
Updating Subscription Management repositories.
Last metadata expiration check: 1:10:16 ago on Sat 16 Nov 2024 11:42:54 PM CST.
Available Packages
Name         : dhcp-relay
Epoch        : 12
Version      : 4.3.6
Release      : 50.el8_10
Architecture : x86_64
Size         : 237 k
Source       : dhcp-4.3.6-50.el8_10.src.rpm
Repository   : rhel-8-for-x86_64-baseos-rpms
Summary      : Provides the ISC DHCP relay agent
URL          : http://isc.org/products/DHCP/
License      : ISC
Description  : DHCP (Dynamic Host Configuration Protocol) is a protocol which allows: individual devices on an IP network to get their own network: configuration information (IP address, subnetmask, broadcast address,: etc.) from a DHCP server. The overall purpose of DHCP is to make it: easier to administer a large network.: : This package provides the ISC DHCP relay agent.[root@RHEL8 ~]# rpm -q dhcp-relay || yum install -y dhcp-relay

查询相关文件

[root@RHEL8 ~]# rpm -ql dhcp-relay
/usr/lib/.build-id
/usr/lib/.build-id/50
/usr/lib/.build-id/50/104a15d354826167bfb890dccf00f8dcaf9e4a
/usr/lib/systemd/system/dhcrelay.service
/usr/sbin/dhcrelay
/usr/share/man/man8/dhcrelay.8.gz

查看man帮助

[root@RHEL8 ~]# man dhcrelay-i ifnameListen for DHCPv4/BOOTP traffic on interface ifname.  Multiple interfaces may be specified by using more  than  one-i  option.   If  no  interfaces  are specified on the command line, dhcrelay will identify all network interfaces,eliminating non-broadcast interfaces if possible, and attempt to listen on all of them.-iu ifnameSpecifies an upstream network interface: an interface from which replies from servers and other relay  agents  willbe accepted.  Multiple interfaces may be specified by using more than one -iu option.  This argument isintended to be used in conjunction with one or more -i or -id arguments.指定上行网络接口，接收dhcp服务器端的回复-id ifnameSpecifies a downstream network interface: an interface from which requests from clients and other relay agents willbe accepted.  Multiple interfaces may be specified by using more than one -id option.  This argument is intended tobe used in conjunction with one or more -i or -iu arguments.指定下行网络接口，接收dhcp客户端的请求

参照红帽官方文档安装流程：将 /lib/systemd/system/dhcrelay.service 文件复制到 /etc/systemd/system/ 目录中并编辑
按照man手册的写法指出上行和下行端口，参考鸟哥教程把日志独立出来方便调试

[root@RHEL8 ~]# cp /lib/systemd/system/dhcrelay.service /etc/systemd/system/
[root@RHEL8 ~]# vim /etc/systemd/system/dhcrelay.service
[root@RHEL8 ~]# cat /etc/systemd/system/dhcrelay.service
[Unit]
Description=DHCP Relay Agent Daemon
Documentation=man:dhcrelay(8)
Wants=network-online.target
After=network-online.target[Service]
Type=notify
ExecStart=/usr/sbin/dhcrelay -d --no-pid -id enp2s0 -iu enp3s0 10.31.0.1
StandardError=journal
StandardOutput=journal
SyslogFacility=local6[Install]
WantedBy=multi-user.target

配置syslog指定dhcp-relay日志文件的路径，启动服务，查看日志

[root@RHEL8 ~]# echo 'local6.*    /var/log/dhcprelay.log' > /etc/rsyslog.d/dhcprelay.conf
[root@RHEL8 ~]# cat /etc/rsyslog.d/dhcprelay.conf
local6.*    /var/log/dhcprelay.log
[root@RHEL8 ~]# systemctl restart rsyslog.service 
[root@RHEL8 ~]# systemctl daemon-reload 
[root@RHEL8 ~]# systemctl enable --now dhcrelay.service
Created symlink /etc/systemd/system/multi-user.target.wants/dhcrelay.service → /etc/systemd/system/dhcrelay.service.
[root@RHEL8 ~]# cat /var/log/dhcprelay.log
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Requesting: enp2s0 as upstream: N downstream: Y
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Requesting: enp3s0 as upstream: Y downstream: N
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Dropped all unnecessary capabilities.
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Internet Systems Consortium DHCP Relay Agent 4.3.6
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Copyright 2004-2017 Internet Systems Consortium.
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: All rights reserved.
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: For info, please visit https://www.isc.org/software/dhcp/
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Listening on LPF/enp3s0/52:54:00:00:31:10
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Sending on   LPF/enp3s0/52:54:00:00:31:10
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Listening on LPF/enp2s0/52:54:00:00:31:72
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Sending on   LPF/enp2s0/52:54:00:00:31:72
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Sending on   Socket/fallback
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Dropped all capabilities.

在rocky9上编辑DHCP配置文件，为172.31.0.0/24网段提供dhcp服务。
编辑完后，检测无语法错误，重启服务

[root@ROCKY9 ~]# cat /etc/dhcp/dhcpd.conf
#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp-server/dhcpd.conf.example
#   see dhcpd.conf(5) man page
#
log-facility local6;
default-lease-time 60000;
max-lease-time 600000;
option domain-name-servers 218.2.2.2, 218.4.4.4;shared-network dmz{subnet 172.31.0.0 netmask 255.255.255.0 {range 172.31.0.100 172.31.0.199;option routers 172.31.0.254;}
}subnet 10.31.0.0 netmask 255.255.255.0 {range 10.31.0.100 10.31.0.199;option routers 10.31.0.254;
}
[root@ROCKY9 ~]# dhcpd -t -cf /etc/dhcp/dhcpd.conf
Internet Systems Consortium DHCP Server 4.4.2b1
Copyright 2004-2019 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
ldap_gssapi_principal is not set,GSSAPI Authentication for LDAP will not be used
Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
Config file: /etc/dhcp/dhcpd.conf
Database file: /var/lib/dhcpd/dhcpd.leases
PID file: /var/run/dhcpd.pid
Source compiled to use binary-leases
[root@ROCKY9 ~]# systemctl restart dhcpd.service 

在dmz网段（172.31.0.0/24）中安装一台centos6，通过vnc登录后启动网卡，默认通过dhcp获取地址成功

rhel8上dhcp-relay的日志

[root@RHEL8 ~]# tail -f /var/log/dhcprelay.log
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Internet Systems Consortium DHCP Relay Agent 4.3.6
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Copyright 2004-2017 Internet Systems Consortium.
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: All rights reserved.
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: For info, please visit https://www.isc.org/software/dhcp/
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Listening on LPF/enp3s0/52:54:00:00:31:10
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Sending on   LPF/enp3s0/52:54:00:00:31:10
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Listening on LPF/enp2s0/52:54:00:00:31:72
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Sending on   LPF/enp2s0/52:54:00:00:31:72
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Sending on   Socket/fallback
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Dropped all capabilities.
Nov 19 00:46:00 RHEL8 dhcrelay[1513]: Forwarded BOOTREQUEST for 52:54:00:72:31:a0 to 10.31.0.1
Nov 19 00:46:01 RHEL8 dhcrelay[1513]: Forwarded BOOTREPLY for 52:54:00:72:31:a0 to 172.31.0.100
Nov 19 00:46:01 RHEL8 dhcrelay[1513]: Forwarded BOOTREQUEST for 52:54:00:72:31:a0 to 10.31.0.1
Nov 19 00:46:01 RHEL8 dhcrelay[1513]: Forwarded BOOTREPLY for 52:54:00:72:31:a0 to 172.31.0.100

rocky9上dhcp的日志

[root@ROCKY9 ~]# tail /var/log/dhcp.log -f
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: Internet Systems Consortium DHCP Server 4.4.2b1
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: Copyright 2004-2019 Internet Systems Consortium.
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: All rights reserved.
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: For info, please visit https://www.isc.org/software/dhcp/
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: Source compiled to use binary-leases
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: Wrote 0 leases to leases file.
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: Listening on LPF/enp1s0/52:54:00:10:31:01/10.31.0.0/24
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: Sending on   LPF/enp1s0/52:54:00:10:31:01/10.31.0.0/24
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: Sending on   Socket/fallback/fallback-net
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: Server starting service.
Nov 19 00:46:01 ROCKY9 dhcpd[1989]: DHCPDISCOVER from 52:54:00:72:31:a0 via 172.31.0.254
Nov 19 00:46:02 ROCKY9 dhcpd[1989]: DHCPOFFER on 172.31.0.100 to 52:54:00:72:31:a0 via 172.31.0.254
Nov 19 00:46:02 ROCKY9 dhcpd[1989]: DHCPREQUEST for 172.31.0.100 (10.31.0.1) from 52:54:00:72:31:a0 via 172.31.0.254
Nov 19 00:46:02 ROCKY9 dhcpd[1989]: DHCPACK on 172.31.0.100 to 52:54:00:72:31:a0 via 172.31.0.254

rocky9上udp67端口的监听结果

[root@ROCKY9 ~]# tcpdump -v udp port 67
dropped privs to tcpdump
tcpdump: listening on enp1s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
00:46:01.439322 IP (tos 0x0, ttl 64, id 438, offset 0, flags [DF], proto UDP (17), length 328)_gateway.bootps > ROCKY9.bootps: BOOTP/DHCP, Request from 52:54:00:72:31:a0 (oui Unknown), length 300, hops 1, xid 0xd6260e35, Flags [none]Gateway-IP 172.31.0.254Client-Ethernet-Address 52:54:00:72:31:a0 (oui Unknown)Vendor-rfc1048 ExtensionsMagic Cookie 0x63825363DHCP-Message (53), length 1: DiscoverParameter-Request (55), length 13: Subnet-Mask (1), BR (28), Time-Zone (2), Classless-Static-Route (121)Domain-Name (15), Domain-Name-Server (6), Hostname (12), YD (40)YS (41), NTP (42), MTU (26), Unknown (119)Default-Gateway (3)
00:46:02.440770 IP (tos 0x0, ttl 64, id 35258, offset 0, flags [DF], proto UDP (17), length 328)ROCKY9.bootps > 172.31.0.254.bootps: BOOTP/DHCP, Reply, length 300, hops 1, xid 0xd6260e35, Flags [none]Your-IP 172.31.0.100Gateway-IP 172.31.0.254Client-Ethernet-Address 52:54:00:72:31:a0 (oui Unknown)Vendor-rfc1048 ExtensionsMagic Cookie 0x63825363DHCP-Message (53), length 1: OfferServer-ID (54), length 4: ROCKY9Lease-Time (51), length 4: 60000Subnet-Mask (1), length 4: 255.255.255.0Domain-Name-Server (6), length 8: dns1.ctcdma.com,dns2.ctcdma.comDefault-Gateway (3), length 4: 172.31.0.254
00:46:02.441569 IP (tos 0x0, ttl 64, id 1154, offset 0, flags [DF], proto UDP (17), length 328)_gateway.bootps > ROCKY9.bootps: BOOTP/DHCP, Request from 52:54:00:72:31:a0 (oui Unknown), length 300, hops 1, xid 0xd6260e35, Flags [none]Gateway-IP 172.31.0.254Client-Ethernet-Address 52:54:00:72:31:a0 (oui Unknown)Vendor-rfc1048 ExtensionsMagic Cookie 0x63825363DHCP-Message (53), length 1: RequestServer-ID (54), length 4: ROCKY9Requested-IP (50), length 4: 172.31.0.100Parameter-Request (55), length 13: Subnet-Mask (1), BR (28), Time-Zone (2), Classless-Static-Route (121)Domain-Name (15), Domain-Name-Server (6), Hostname (12), YD (40)YS (41), NTP (42), MTU (26), Unknown (119)Default-Gateway (3)
00:46:02.444524 IP (tos 0x0, ttl 64, id 35260, offset 0, flags [DF], proto UDP (17), length 328)ROCKY9.bootps > 172.31.0.254.bootps: BOOTP/DHCP, Reply, length 300, hops 1, xid 0xd6260e35, Flags [none]Your-IP 172.31.0.100Gateway-IP 172.31.0.254Client-Ethernet-Address 52:54:00:72:31:a0 (oui Unknown)Vendor-rfc1048 ExtensionsMagic Cookie 0x63825363DHCP-Message (53), length 1: ACKServer-ID (54), length 4: ROCKY9Lease-Time (51), length 4: 60000Subnet-Mask (1), length 4: 255.255.255.0Domain-Name-Server (6), length 8: dns1.ctcdma.com,dns2.ctcdma.comDefault-Gateway (3), length 4: 172.31.0.254

rocky9上的dhcp租约文件

[root@ROCKY9 ~]# cat /var/lib/dhcpd/dhcpd.leases
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.4.2b1# authoring-byte-order entry is generated, DO NOT DELETE
authoring-byte-order little-endian;server-duid "\000\001\000\001.\316/hRT\000\0201\001";lease 10.31.0.100 {starts 1 2024/11/18 17:04:26;ends 2 2024/11/19 09:44:26;cltt 1 2024/11/18 17:04:26;binding state active;next binding state free;rewind binding state free;hardware ethernet 52:54:00:10:31:a0;client-hostname "ubuntu16";
}
lease 172.31.0.100 {starts 1 2024/11/18 17:07:11;ends 2 2024/11/19 09:47:11;cltt 1 2024/11/18 17:07:11;binding state active;next binding state free;rewind binding state free;hardware ethernet 52:54:00:72:31:a0;
}

脚本自动化

[root@centos7 ~]# cat rhel8dhcprelay.sh 
#rhel8dhcprelay.sh
#Date: 2024-11-19
#!/bin/bash#安装dhcp-relay服务
rpm -q dhcp-relay || yum install -y dhcp-relay#复制进程配置文件至启动路径
cp /lib/systemd/system/dhcrelay.service /etc/systemd/system/#编辑dhcp-relay进程启动文件参数
#指定下行dhcp客户端网卡，上行dhcp服务器网卡，dhcp服务器地址
sed -Ei.bak 's/^(ExecStart=\/usr\/sbin\/dhcrelay -d --no-pid)$/\1 -id enp2s0 -iu enp3s0 10.31.0.1/' /etc/systemd/system/
#将错误输出和标准输出写入日志，日志使用local6保存
sed -Ei 's/^(StandardError=)null$/\1journal/' /etc/systemd/system/
sed -Ei '/^StandardError=[[:alpha:]]+$/aStandardOutput=journal\nSyslogFacility=local6' /etc/systemd/system/#指定日志文件路径
echo 'local6.*    /var/log/dhcprelay.log' > /etc/rsyslog.d/dhcprelay.conf#重启日志文件服务
systemctl restart rsyslog.service#启动dhcp-relay服务
systemctl daemon-reload
systemctl enable --now dhcrelay.service