一、DHCP
DHCP(Dynamic Host Configuration Protocol,动态主机配置协议)用来给局域网的主机动态配置网络参数(IP地址、子网掩码、网关等),采用client/server架构
1、工作原理
①DHCP Client以广播的方式发出DHCP Discover报文。
②广播域内所有的DHCP Server都能够接收到DHCP Client发送的DHCP Discover报文并且都会向其响应一个DHCP Offer报文。
DHCP Offer报文中除了提供给DHCP Client使用的IP地址外,还会附加DHCP Server自己的IP地址(以便DHCP Client区分不同的DHCP Server)。DHCP Server在发出此报文后会存在一个已分配IP地址的纪录。
DHCP Client只能处理其中的一个DHCP Offer报文,一般的原则是处理最先收到的那个
④DHCP Client会发出一个广播的DHCP Request报文,在选项字段中会加入选中的DHCP Server的IP地址和需要的IP地址。
⑤DHCP Server收到DHCP Request报文后,判断选项字段中的IP地址是否与自己的地址相同:如果相同,就向DHCP Client响应一个DHCP ACK报文,并在选项字段中增加IP地址的使用租期信息;若不同,则不做任何处理只清除相应IP地址分配记录;
⑥DHCP Client接收到DHCP ACK报文后,检查DHCP Server分配的IP地址是否能够使用:如果可以使用,则成功获得IP地址并根据使用租期自动启动续租过程;如果发现分配的IP地址已被使用,则向DHCP Server发出DHCP Decline报文,通知其禁用这个IP地址,然后开始新的地址申请过程。
⑦DHCP Client在成功获取IP地址后,随时可以通过发送DHCP Release报文释放自己的IP地址,DHCP Server收到DHCP Release报文后,会回收相应的IP地址并重新分配。
⑧在使用租期超过50%时刻处,DHCP Client会以单播形式向DHCP Server发送DHCP Request报文来续租IP地址。如果DHCP Client成功收到DHCP Server发送的DHCP ACK报文,则按相应时间延长IP地址租期,否则继续使用这个IP地址。
2、配置DHCP
yum install dhcp
服务端:dhcpd,67/udp
客户端:dhclient,68/udp
服务脚本:/etc/rc.d/init.d/{dhcpd,dhcpd6,dhcrelay,dhcrelay6}
dhcrelay表示启动为DHCP中继代理
/var/lib/dhcpd/dhcpd.leases:租约信息
配置文件:/etc/dhcp/{dhcpd.conf,dhcpd6.conf}
service dhcpd configtest:配置文件语法测试
■dhcpd.conf 主要包括如下几部分:
global段:
default-lease-time:默认租期
max-lease-time:最长租期
可选参数:(以关键字option开头)
option domain-name:给客户端指定域名
option domain-name-servers:给客户端指定域名服务器
option broadcast-address:给客户端指定广播地址
option routers:为客户端设定网关
option ntp-server:为客户端指定ntp服务器地址
global中的参数也可放在declaration段中
declaration段:用来描述DHCP工作的子网,提供的IP地址范围等
subnet NETWORK_IP netmask NETMASK_IP { ...}
range START_IP END_IP; #IP地址池
host HOSTID { ... }
hardware 网卡类型 MAC地址; #指明要针对哪个网卡
fixed-address IP; #给指定的网卡分配一个固定的IP地址
保留地址:专用于某特定客户端的地址,不应该使用地址池中的地址,优先于地址池中的地址;
『注意』:各参数后必须以【;】结尾
示例:
subnet 192.168.30.0 netmask 255.255.255.0 {
range 192.168.30.30 192.168.30.50;
option routers 192.168.30.2;
host pc1 {
hardware ethernet 00:0C:29:40:35:9D;
fixed-address 192.168.30.10;
}
}
[root@node2 ~]# yum -y install dhcp ... Complete! [root@node2 ~]# rpm -ql dhcp /etc/dhcp /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd6.conf /etc/openldap/schema/dhcp.schema /etc/portreserve/dhcpd /etc/rc.d/init.d/dhcpd /etc/rc.d/init.d/dhcpd6 /etc/rc.d/init.d/dhcrelay /etc/rc.d/init.d/dhcrelay6 ... /var/lib/dhcpd /var/lib/dhcpd/dhcpd.leases /var/lib/dhcpd/dhcpd6.leases [root@node2 ~]# chkconfig --list dhcpd dhcpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off [root@node2 ~]# vim /etc/dhcp/dhcpd.conf # dhcpd.conf # # Sample configuration file for ISC dhcpd # # option definitions common to all supported networks... option domain-name "initial.com"; #给客户端指定域名 option domain-name-servers 8.8.8.8; #给客户端指定域名服务器地址 option routers 192.168.30.2; #给客户端指定网关。注意:这里末尾少了一个分号,造成服务无法启动 default-lease-time 360000; #默认租期 max-lease-time 720000; #最长租期 # Use this to enble / disable dynamic dns updates globally. #ddns-update-style none; # If this DHCP server is the official DHCP server for the local # network, the authoritative directive should be uncommented. #authoritative; # Use this to send dhcp log messages to a different log file (you also # have to hack syslog.conf to complete the redirection). log-facility local7; # No service will be given on this subnet, but declaring it helps the # DHCP server to understand the network topology. # This is a very basic subnet declaration. #一个基本的工作子网声明 subnet 192.168.30.0 netmask 255.255.255.0 { range 192.168.30.30 192.168.30.50; } [root@node2 ~]# service dhcpd start Starting dhcpd: [FAILED] [root@node2 ~]# service dhcpd configtest #配置文件语法测试 Internet Systems Consortium DHCP Server 4.1.1-P1 Copyright 2004-2010 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ /etc/dhcp/dhcpd.conf line 11: semicolon expected. #提示第11行行首(也就是上一行行末)需要一个分号 default-lease-time ^ Configuration file errors encountered -- exiting This version of ISC DHCP is based on the release available on ftp.isc.org. Features have been added and other changes have been made to the base software release in order to make it work better with this distribution. Please report for this software via the CentOS Bugs Database: http://bugs.centos.org/ exiting. [root@node2 ~]# vim /etc/dhcp/dhcpd.conf #修改配置文件 [root@node2 ~]# service dhcpd start Starting dhcpd: [ OK ] [root@node2 ~]# ss -unlp | grep 'dhcpd' UNCONN 0 0 *:67 *:* users:(("dhcpd",5342,7)) [root@node2 ~]# chkconfig --list dhcpd dhcpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off [root@node2 ~]# chkconfig dhcpd on #设置开机启动 [root@node2 ~]# chkconfig --list dhcpd dhcpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
打开windows xp虚拟机,将其设置为自动获得IP地址和DNS地址:
查看DHCP服务器上的租约信息:
[root@node2 ~]# tail /var/lib/dhcpd/dhcpd.leases #可以看到确实已给windows xp分配了一个IP地址 lease 192.168.30.31 { starts 4 2015/11/19 18:06:03; ends 1 2015/11/23 22:06:03; cltt 4 2015/11/19 18:06:03; binding state active; next binding state free; hardware ethernet 00:0c:29:31:3d:b7; uid "\001\000\014)1=\267"; client-hostname "microsof-70941a"; }
二、TFTP
TFTP(trivial file transfer protocol,简单文件传输协议)采用C/S架构,提供不复杂、开销不大的文件传输服务。
安装:yum install tftp tftp-server
server:69/UDP
client:使用大于1023的一个其它进程未注册使用的随机端口
session:ip:port <==> ip:port
套接字(socket):应用层通过传输层进行数据通信时,TCP和UDP会遇到同时会多个应用程序进程提供并发服务的问题。区分不同的应用程序进程间的网络通信和连接,主要有三个参数:通信的目标IP地址、使用的传输层协议(TCP或UDP)、目标端口号,这种组合称为套接字
查看一些常见服务使用的传输层协议和端口号:cat /etc/services
★tftp服务进程是一个由超级守护进程xinetd管理的瞬时守护进程(关于“守护进程”详见博客:http://9124573.blog.51cto.com/9114573/1709440)。
服务脚本:/etc/xinetd.d/tftp
配置启动:
①方式1:vim /etc/xinet.d/tftp
disable = no
方式2:chkconfig tftpd on
②启动或重启xinetd,让xinetd代为监听起来
service xinetd restart
■连接tftp服务器:
tftp TFTP_SERVER 例如tftp 192.168.30.20
[root@node2 ~]# yum -y install tftp tftp-server ... Installed: tftp.x86_64 0:0.49-7.el6 tftp-server.x86_64 0:0.49-7.el6 Dependency Installed: xinetd.x86_64 2:2.3.14-39.el6_4 #tftp基于xinetd,因此会将xinetd一并安装 [root@node2 ~]# rpm -ql tftp-server /etc/xinetd.d/tftp /usr/sbin/in.tftpd /usr/share/doc/tftp-server-0.49 /usr/share/doc/tftp-server-0.49/CHANGES /usr/share/doc/tftp-server-0.49/README /usr/share/doc/tftp-server-0.49/README.security /usr/share/doc/tftp-server-0.49/README.security.tftpboot /usr/share/man/man8/in.tftpd.8.gz /usr/share/man/man8/tftpd.8.gz /var/lib/tftpboot #可供下载或上传文件的目录 [root@node2 ~]# ls /etc/xinetd.d #该目录下都是接受xinetd管理的瞬时守护进程 chargen-dgram chargen-stream daytime-dgram daytime-stream discard-dgram discard-stream echo-dgram echo-stream rsync tcpmux-server tftp time-dgram time-stream [root@node2 ~]# chkconfig --list ... xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off #超级守护进程xinetd实际上也是一个独立守护进程 ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off xinetd based services: #基于xinetd的瞬时服务没有运行级别的概念 chargen-dgram: off chargen-stream: off daytime-dgram: off daytime-stream: off discard-dgram: off discard-stream: off echo-dgram: off echo-stream: off rsync: off tcpmux-server: off tftp: off time-dgram: off time-stream: off [root@node2 ~]# chkconfig tftp on #启用tftp [root@node2 ~]# chkconfig --list ... xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off xinetd based services: chargen-dgram: off chargen-stream: off daytime-dgram: off daytime-stream: off discard-dgram: off discard-stream: off echo-dgram: off echo-stream: off rsync: off tcpmux-server: off tftp: on #显示tftp已启用 time-dgram: off time-stream: off [root@node2 ~]# chkconfig tftp off #关闭tftp [root@node2 ~]# vim /etc/xinetd.d/tftp #试试第二种方式 # default: off # description: The tftp server serves files using the trivial file transfer \ # protocol. The tftp protocol is often used to boot diskless \ # workstations, download configuration files to network-aware printers, \ # and to start the installation process for some operating systems. service tftp { disable = no #启用tftp socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/in.tftpd server_args = -s /var/lib/tftpboot per_source = 11 cps = 100 2 flags = IPv4 } [root@node2 ~]# chkconfig --list ... xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off xinetd based services: chargen-dgram: off chargen-stream: off daytime-dgram: off daytime-stream: off discard-dgram: off discard-stream: off echo-dgram: off echo-stream: off rsync: off tcpmux-server: off tftp: on #显示tftp已启用 time-dgram: off time-stream: off [root@node2 ~]# service xinetd start #启动xinetd服务 Starting xinetd: [ OK ] [root@node2 ~]# netstat -unlp #显示已监听UDP69号端口 Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 0.0.0.0:111 0.0.0.0:* 1283/rpcbind udp 0 0 0.0.0.0:631 0.0.0.0:* 1437/cupsd udp 0 0 0.0.0.0:697 0.0.0.0:* 1369/rpc.statd udp 0 0 0.0.0.0:69 0.0.0.0:* 6688/xinetd udp 0 0 0.0.0.0:35157 0.0.0.0:* 1369/rpc.statd [root@node2 ~]# iptables -I INPUT -p udp --dport 69 -j ACCEPT #开放69号端口 [root@node2 ~]# vim /var/lib/tftpboot/a.txt hello [root@node1 ~]# yum -y install tftp #在node1上安装tftp客户端 ... [root@node1 ~]# tftp 192.168.30.20 #连接tftp服务器 tftp> help #查看帮助 tftp-hpa 0.49 Commands may be abbreviated. Commands are: connect connect to remote tftp mode set file transfer mode put send file #上传 get receive file #下载 quit exit tftp #退出 verbose toggle verbose mode trace toggle packet tracing literal toggle literal mode, ignore ':' in file name status show current status binary set mode to octet ascii set mode to netascii rexmt set per-packet transmission timeout timeout set total retransmission timeout ? print help information help print help information tftp> get a.txt tftp> quit [root@node1 ~]# cat a.txt hello
三、CentOS 7上的服务控制
服务的启动或关闭:
systemctl {start|stop|restart|status} DAEMON.service
控制服务是否开机启动:
systemctl {is-enabled|enable|disable} DAEMON.service
is-enabled:查看指定服务是否开机启动