Posts Servidor DHCP
Post
Cancel

Servidor DHCP

Preparación del escenario

Crea un escenario usando Vagrant que defina las siguientes máquinas:

  • Servidor: Tiene dos tarjetas de red: una pública y una privada que se conectan a la red local.
  • nodo_lan1: Un cliente conectado a la red local.

Tarea 1:

SELECTING:

El cliente DHCP envía un paquete DHCPDISCOVER a la dirección 255.255.255.255 con el propósito de localizar servidores DHCP disponibles e informar sobre su petición. Todos los servidores DHCP que escuchan peticiones en el puerto 67 responden a la solicitud del cliente con un paquete DHCPOFFER, que contiene una dirección IP libre. El cliente DHCP espera entre 1 y 10 segundos hasta volver a enviar un nuevo DHCPDISCOVER

REQUESTING:

Después de enviar este mensaje el cliente pasa a un estado SELECTING en el que deberá aceptar un paquete DHCPOFFER enviado por el servidor. El cliente envía una paquete DHCPREQUESTS para elegir su servidor DHCP, y este le contesta con un mensaje DHCPACK.

Si le da una ip duplicada, el cliente envia DHCPDECLINE y vuelve al INIT

Si el cliente acepta el paquete, pasa al estado BOUND y recibe:

  • T1 es el temporizador de renovación de alquiler.
  • T2 es el temporizador de reenganche.
  • T3 es la duración del alquiler.

Cuando haya transcurrido el 50% del periodo T3, el cliente solicitará una renovación del mismo (Estado RENEWING) y si no renueva la ip, le envia DHCPNACK y vuelve a INIT para obtener una nueva IP.

Si el tiempo de reenganche (T2) termina, el cliente pasa al estado de REBINDING, donde enviará DHCPREQUEST de nuevo. Si no hay respuesta el cliente pasará al estado INIT de nuevo.

Cuando iniciamos un equipo de nuevo, se le asignará la misma IP si la concesión no ha caducado, por lo contrario, el cliente solicitará una nueva.

Tarea 2:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# -*- mode: ruby -*-
# vi: set ft=ruby :

# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
  # The most common configuration options are documented and commented below.
  # For a complete reference, please see the online documentation at
  # https://docs.vagrantup.com.

  # Every Vagrant development environment requires a box. You can search for
  # boxes at https://vagrantcloud.com/search.
# -*- mode: ruby -*-
# vi: set ft=ruby :

  config.vm.define :servidor do |servidor|
    servidor.vm.box = "debian/buster64" 
    servidor.vm.hostname = "Servidor" 
    servidor.vm.network "public_network",:bridge=>"eth0" 
    servidor.vm.network "private_network", ip: "192.168.100.1",
      virtualbox__intnet: "redinterna" 
  end
  config.vm.define :nodo_lan1 do |nodo_lan1|
    nodo_lan1.vm.box = "debian/buster64" 
    nodo_lan1.vm.hostname = "nodolan1" 
    nodo_lan1.vm.network "private_network", type: "dhcp",
      virtualbox__intnet: "redinterna" 
  end
end

Tarea 3:

Instalamos y configuramos el servidor dhcp en el máquina servidor.

vagrant@Servidor:~$ sudo apt-get install isc-dhcp-server

  • Muestra el fichero de configuración del servidor
1
2
3
4
5
6
7
8
9
10
vagrant@Servidor:~$ sudo nano /etc/default/isc-dhcp-server
# Defaults for dhcp initscript
# sourced by /etc/init.d/dhcp
# installed at /etc/default/isc-dhcp-server by the maintainer scripts
#
# This is a POSIX shell fragment
#
# On what interfaces showld the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eh0 eth1".
INTERFACES="eth2"
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
vagrant@Servidor:~$ sudo nano /etc/dhcp/dhcpd.conf

# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#

# option definitions common to all supported networks...
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;

default-lease-time 21600;
max-lease-time 43200;

# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

option subnet-mask 255.255.255.0;
option broadcast-address 192.168.100.255;
option routers 192.168.100.1;
option domain-name-servers 192.168.100.1;

subnet 192.168.100.0 netmask 255.255.255.0 {
 range 192.168.100.2 192.168.100.253;
}

Reiniciamos el servicio con:

1
root@Servidor:/home/vagrant# service isc-dhcp-server restart

Vemos el estado con

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
root@Servidor:/home/vagrant# service isc-dhcp-server status

● isc-dhcp-server.service - LSB: DHCP server
   Loaded: loaded (/etc/init.d/isc-dhcp-server; generated)
   Active: active (running) since Tue 2019-10-01 08:56:23 GMT; 3min 4s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 1527 ExecStart=/etc/init.d/isc-dhcp-server start (code=exited, status=0/SUCCESS)
    Tasks: 1 (limit: 545)
   Memory: 4.9M
   CGroup: /system.slice/isc-dhcp-server.service
           └─1539 /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth2

Oct 01 08:56:21 Servidor dhcpd[1536]: All rights reserved.
Oct 01 08:56:21 Servidor dhcpd[1536]: For info, please visit https://www.isc.org/software/dhcp/
Oct 01 08:56:21 Servidor dhcpd[1539]: Internet Systems Consortium DHCP Server 4.4.1
Oct 01 08:56:21 Servidor dhcpd[1539]: Copyright 2004-2018 Internet Systems Consortium.
Oct 01 08:56:21 Servidor dhcpd[1539]: All rights reserved.
Oct 01 08:56:21 Servidor dhcpd[1539]: For info, please visit https://www.isc.org/software/dhcp/
Oct 01 08:56:21 Servidor dhcpd[1539]: Wrote 0 leases to leases file.
Oct 01 08:56:21 Servidor dhcpd[1539]: Server starting service.
Oct 01 08:56:23 Servidor isc-dhcp-server[1527]: Starting ISC DHCPv4 server: dhcpd.
Oct 01 08:56:23 Servidor systemd[1]: Started LSB: DHCP server.
  • La lista de concesiones
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
root@Servidor:/home/vagrant# cat /var/lib/dhcp/dhcpd.leases

# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.4.1

# authoring-byte-order entry is generated, DO NOT DELETE
authoring-byte-order little-endian;

lease 192.168.100.2 {
  starts 2 2019/10/01 09:01:57;
  ends 2 2019/10/01 09:11:57;
  tstp 2 2019/10/01 09:11:57;
  cltt 2 2019/10/01 09:01:57;
  binding state active;
  next binding state free;
  rewind binding state free;
  hardware ethernet 08:00:27:78:3f:89;
  uid "\377'x?\211\000\001\000\001%%\306j\010\000'x?\211";
  client-hostname "nodolan1";
}
server-duid "\000\001\000\001%%\3215\010\000' \342\254";

lease 192.168.100.2 {
  starts 2 2019/10/01 09:06:02;
  ends 2 2019/10/01 15:06:02;
  cltt 2 2019/10/01 09:06:02;
  binding state active;
  next binding state free;
  rewind binding state free;
  hardware ethernet 08:00:27:78:3f:89;
  uid "\377'x?\211\000\001\000\001%%\306j\010\000'x?\211";
  client-hostname "nodolan1";
}
lease 192.168.100.3 {
  starts 2 2019/10/01 09:06:41;
  ends 2 2019/10/01 15:06:41;
  cltt 2 2019/10/01 09:06:41;
  binding state active;
  next binding state free;
  rewind binding state free;
  hardware ethernet 08:00:27:78:3f:89;
  client-hostname "nodolan1";
}
  • La modificación en la configuración que has hecho en el cliente para que tome la configuración de forma automática
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
vagrant@nodolan1:~$ nano /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp
#VAGRANT-BEGIN
# The contents below are automatically generated by Vagrant. Do not modify.
auto eth1
iface eth1 inet dhcp
    post-up ip route del default dev $IFACE || true
#VAGRANT-END
  • Muestra la salida del comando ip address.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
vagrant@nodolan1:~$ ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:8d:c0:4d brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic eth0
       valid_lft 84879sec preferred_lft 84879sec
    inet6 fe80::a00:27ff:fe8d:c04d/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:78:3f:89 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.2/24 brd 192.168.100.255 scope global dynamic eth1
       valid_lft 599sec preferred_lft 599sec
    inet6 fe80::a00:27ff:fe78:3f89/64 scope link 
       valid_lft forever preferred_lft forever

Tarea 4:

Para que el servidor funcione como router configuramos el siguiente fichero

1
2
3
4
vagrant@Servidor:~$ sudo nano /etc/sysctl.conf

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

A continuación ponemos la regla NAT:

1
vagrant@Servidor:~$ sudo iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -o eth1 -j MASQUERADE

Configuramos las tablas de enrutamiento:

  • En el servidor:
1
root@Servidor:/home/vagrant# ip r add default via 172.22.0.1
  • En el cliente:
1
root@nodolan1:/home/vagrant# ip r add default via 192.168.100.1 dev eth1

Tarea 5:

Instalamos tcpdump en el servidor y hacemos la captura:

1
root@Servidor:/home/vagrant# tcpdump -i eth2 -vv > filtro.log

Salida del comando redirigido a filtro.log:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
09:26:21.162753 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length$
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 08:00:27$
          Client-Ethernet-Address 08:00:27:78:3f:89 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Requested-IP Option 50, length 4: 192.168.100.100
            Hostname Option 12, length 8: "nodolan1" 
            Parameter-Request Option 55, length 13:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Option 119, Hostname
              Netbios-Name-Server, Netbios-Scope, MTU, Classless-Static-Route
              NTP
09:26:21.163123 IP (tos 0x0, ttl 64, id 1639, offset 0, flags [DF], proto ICMP (1), length $
    192.168.100.1 > 192.168.100.5: ICMP echo request, id 62340, seq 0, length 28
09:26:22.164757 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length$
    192.168.100.1.bootps > 192.168.100.5.bootpc: [udp sum ok] BOOTP/DHCP, Reply, length 300$
          Your-IP 192.168.100.5
          Client-Ethernet-Address 08:00:27:78:3f:89 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Offer
            Server-ID Option 54, length 4: 192.168.100.1
            Lease-Time Option 51, length 4: 60
            Subnet-Mask Option 1, length 4: 255.255.255.0
            BR Option 28, length 4: 192.168.200.255
            Default-Gateway Option 3, length 4: 192.168.200.1
            Domain-Name-Server Option 6, length 8: papion-dns.gonzalonazareno.org,dns.google
09:26:22.166429 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length$
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 08:00:27$
          Client-Ethernet-Address 08:00:27:78:3f:89 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Offer
            Server-ID Option 54, length 4: 192.168.100.1
            Lease-Time Option 51, length 4: 60
            Subnet-Mask Option 1, length 4: 255.255.255.0
            BR Option 28, length 4: 192.168.200.255
            Default-Gateway Option 3, length 4: 192.168.200.1
            Domain-Name-Server Option 6, length 8: papion-dns.gonzalonazareno.org,dns.google
09:26:22.166429 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length$
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 08:00:27$
          Client-Ethernet-Address 08:00:27:78:3f:89 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Request
            Server-ID Option 54, length 4: 192.168.100.1
            Requested-IP Option 50, length 4: 192.168.100.5
            Hostname Option 12, length 8: "nodolan1" 
            Parameter-Request Option 55, length 13:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Option 119, Hostname
              Netbios-Name-Server, Netbios-Scope, MTU, Classless-Static-Route
              NTP
09:26:22.168782 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length$
    192.168.100.1.bootps > 192.168.100.5.bootpc: [udp sum ok] BOOTP/DHCP, Reply, length 300$
          Your-IP 192.168.100.5
          Client-Ethernet-Address 08:00:27:78:3f:89 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: ACK
            Server-ID Option 54, length 4: 192.168.100.1
        Lease-Time Option 51, length 4: 60
            Subnet-Mask Option 1, length 4: 255.255.255.0
            BR Option 28, length 4: 192.168.200.255
            Default-Gateway Option 3, length 4: 192.168.200.1
            Domain-Name-Server Option 6, length 8: papion-dns.gonzalonazareno.org,dns.google
09:26:26.408918 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.100.5 tell 192$
09:26:26.409454 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.100.5 is-at 08:00:27:78:$
09:26:50.349568 IP (tos 0x0, ttl 64, id 59023, offset 0, flags [DF], proto UDP (17), length$
    192.168.100.5.bootpc > 192.168.100.1.bootps: [udp sum ok] BOOTP/DHCP, Request from 08:0$
          Client-IP 192.168.100.5
          Client-Ethernet-Address 08:00:27:78:3f:89 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Request
            Hostname Option 12, length 8: "nodolan1" 
            Parameter-Request Option 55, length 13:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
Domain-Name, Domain-Name-Server, Option 119, Hostname
              Netbios-Name-Server, Netbios-Scope, MTU, Classless-Static-Route
              NTP
09:26:50.351986 IP (tos 0x0, ttl 64, id 22479, offset 0, flags [DF], proto UDP (17), length$
    192.168.100.1.bootps > 192.168.100.5.bootpc: [bad udp cksum 0x4a9d -> 0x3dd7!] BOOTP/DH$
          Client-IP 192.168.100.5
          Your-IP 192.168.100.5
          Client-Ethernet-Address 08:00:27:78:3f:89 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: ACK
            Server-ID Option 54, length 4: 192.168.100.1
            Lease-Time Option 51, length 4: 60
            Subnet-Mask Option 1, length 4: 255.255.255.0
            BR Option 28, length 4: 192.168.200.255
            Default-Gateway Option 3, length 4: 192.168.200.1
            Domain-Name-Server Option 6, length 8: papion-dns.gonzalonazareno.org,dns.google
09:26:55.554363 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.100.1 tell 192$
09:26:55.554398 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.100.1 is-at 08:00:27:20:$

En el servidor activamos los servicios y en el cliente hacemos una petición:

1
root@nodolan1:/home/vagrant# dhclient eth1

“DISCOVER” mensaje que el cliente envía al broadcast para comprobar si hay algún servidor DHCP disponible.

1
0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 08:00:27$

“DHCPOFFER” ofrece una dirección IP a nuestro cliente, dentro del rango, esta caso la 192.168.100.5.

1
2
09:26:22.164757 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length$
    192.168.100.1.bootps > 192.168.100.5.bootpc: [udp sum ok] BOOTP/DHCP, Reply, length 300$

“REQUEST” respuesta de nuestro cliente al servidor.

1
0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 08:00:27$

“ACK “ El cliente acepta la dirección IP que nos ofrece el servidor.

1
192.168.100.1.bootps > 192.168.100.5.bootpc: [udp sum ok] BOOTP/DHCP, Reply, length 300$

Tarea 6:

Cambiamos el tiempo de concesión:

1
2
3
4
5
6
7
8
9
10
11
12
13
root@Servidor:/home/vagrant# nano /etc/dhcp/dhcpd.conf

# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#

# option definitions common to all supported networks...
#option domain-name "example.org";
#option domain-name-servers ns1.example.org, ns2.example.org;

default-lease-time 30;
max-lease-time 60;

Paramos los servicios:

1
root@Servidor:/home/vagrant# /etc/init.d/isc-dhcp-server stop

Vemos la ip del cliente antes y despues de parar los servicios para ver la ip que nos ha dado:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
vagrant@nodolan1:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:8d:c0:4d brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic eth0
       valid_lft 86244sec preferred_lft 86244sec
    inet6 fe80::a00:27ff:fe8d:c04d/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:78:3f:89 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.2/24 brd 192.168.100.255 scope global dynamic eth1
       valid_lft 21463sec preferred_lft 21463sec
    inet6 fe80::a00:27ff:fe78:3f89/64 scope link 
       valid_lft forever preferred_lft forever

Una vez finalizado el tiempo de concesión el cliente se queda sin ip.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
vagrant@nodolan1:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:8d:c0:4d brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic eth0
       valid_lft 86285sec preferred_lft 86285sec
    inet6 fe80::a00:27ff:fe8d:c04d/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:78:3f:89 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::a00:27ff:fe78:3f89/64 scope link 
       valid_lft forever preferred_lft forever
vagrant@nodolan1:~$ 

En Windows:

Apagamos los servidos dhcp y nos dará una ip:

Tarea 7:

Configuramos el rango de dhcp:

1
root@Servidor:/home/vagrant# nano /etc/dhcp/dhcpd.conf

Cambiamos el rango de ip a la siguiente:

1
2
3
4
5
6
7
8
9
10
11
12
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

option subnet-mask 255.255.255.0;
option broadcast-address 192.168.100.255;
option routers 192.168.100.1;
option domain-name-servers 192.168.102.2, 8.8.8.8;

subnet 192.168.100.0 netmask 255.255.255.0 {
 range 192.168.100.30 192.168.100.253;
}

Reiniciamos el servicio y una vez que se acabe el tiempo de concesión, nos dará la ip del nuevo rango en el cliente.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
vagrant@nodolan1:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:8d:c0:4d brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic eth0
       valid_lft 85229sec preferred_lft 85229sec
    inet6 fe80::a00:27ff:fe8d:c04d/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:78:3f:89 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.30/24 brd 192.168.100.255 scope global dynamic eth1
       valid_lft 48sec preferred_lft 48sec
    inet6 fe80::a00:27ff:fe78:3f89/64 scope link 
       valid_lft forever preferred_lft forever
vagrant@nodolan1:~$ 

Desde Windows:

Tarea 8:

Editamos el fichero de configuración para reservar la ip a uno de nuestros dos cliente, en este caso el linux:

1
root@Servidor:/home/vagrant# nano /etc/dhcp/dhcpd.conf

Ponemos la MAC del cliente y la ip que queremos reservar:

1
2
3
4
host nodolan1 {
hardware ethernet 08:00:27:78:3f:89;
fixed-address 192.168.100.100;
}

Reiniciamos el servicio:

1
2
3
root@Servidor:/home/vagrant# /etc/init.d/isc-dhcp-server restart
[ ok ] Restarting isc-dhcp-server (via systemctl): isc-dhcp-server.servic.
root@Servidor:/home/vagrant# 

Antes:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
vagrant@nodolan1:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:8d:c0:4d brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic eth0
       valid_lft 84710sec preferred_lft 84710sec
    inet6 fe80::a00:27ff:fe8d:c04d/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:78:3f:89 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.30/24 brd 192.168.100.255 scope global dynamic eth1
       valid_lft 55sec preferred_lft 55sec
    inet6 fe80::a00:27ff:fe78:3f89/64 scope link 
       valid_lft forever preferred_lft forever

Despues:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
vagrant@nodolan1:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:8d:c0:4d brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic eth0
       valid_lft 84574sec preferred_lft 84574sec
    inet6 fe80::a00:27ff:fe8d:c04d/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:78:3f:89 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.100/24 brd 192.168.100.255 scope global dynamic eth1
       valid_lft 51sec preferred_lft 51sec
    inet6 fe80::a00:27ff:fe78:3f89/64 scope link 
       valid_lft forever preferred_lft forever
vagrant@nodolan1:~$ 

Ya tendremos el cliente con la ip que hemos reservado previamente

Tarea 9:

Vagrantfile:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# -*- mode: ruby -*-
# vi: set ft=ruby :

# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
  # The most common configuration options are documented and commented below.
  # For a complete reference, please see the online documentation at
  # https://docs.vagrantup.com.

  # Every Vagrant development environment requires a box. You can search for
  # boxes at https://vagrantcloud.com/search.
# -*- mode: ruby -*-
# vi: set ft=ruby :

  config.vm.define :servidor do |servidor|
    servidor.vm.box = "debian/buster64" 
    servidor.vm.hostname = "Servidor" 
    servidor.vm.network "public_network",:bridge=>"wlan0" 
    servidor.vm.network "private_network", ip: "192.168.100.1",
      virtualbox__intnet: "redinterna" 
    servidor.vm.network "private_network", ip: "192.168.200.1",
      virtualbox__intnet: "redinterna2" 
  end
  config.vm.define :nodo_lan1 do |nodo_lan1|
    nodo_lan1.vm.box = "debian/buster64" 
    nodo_lan1.vm.hostname = "nodolan1" 
    nodo_lan1.vm.network "private_network", type: "dhcp",
      virtualbox__intnet: "redinterna" 
  end
  config.vm.define :nodo_lan2 do |nodo_lan2|
    nodo_lan2.vm.box = "debian/buster64" 
    nodo_lan2.vm.hostname = "nodolan2" 
    nodo_lan2.vm.network "private_network", type: "dhcp",
      virtualbox__intnet: "redinterna2" 
  end

Tarea 10:

1
root@Servidor:/home/vagrant# nano /etc/default/isc-dhcp-server
1
2
3
4
5
6
7
8
9
# Defaults for dhcp initscript
# sourced by /etc/init.d/dhcp
# installed at /etc/default/isc-dhcp-server by the maintainer scripts
#
# This is a POSIX shell fragment
#
# On what interfaces showld the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eh0 eth1".
INTERFACES="eth2 eth3"

Modificamos el fichero de configuración y ponemos el nuevo tiempo de concesión.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
root@Servidor:/home/vagrant# nano /etc/dhcp/dhcpd.conf

# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#

# option definitions common to all supported networks...
#option domain-name "example.org";
#option domain-name-servers ns1.example.org, ns2.example.org;

default-lease-time 600;
max-lease-time 43200;

# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

option subnet-mask 255.255.255.0;
option broadcast-address 192.168.100.255;
option routers 192.168.100.1;
option domain-name-servers 192.168.102.2, 8.8.8.8;

subnet 192.168.100.0 netmask 255.255.255.0 {
 range 192.168.100.5 192.168.100.10;
}

host nodolan1 {
hardware ethernet 08:00:27:78:3f:89;
fixed-address 192.168.100.100;
}

option subnet-mask 255.255.255.0;
option broadcast-address 192.168.200.255;
option routers 192.168.200.1;
option domain-name-servers 192.168.202.2, 8.8.8.8;

subnet 192.168.200.0 netmask 255.255.255.0 {
 range 192.168.200.5 192.168.200.10;
 }

Reiniciamos los servicios

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
root@Servidor:/home/vagrant# /etc/init.d/isc-dhcp-server restart

root@nodolan2:/home/vagrant# dhclient eth1

root@nodolan2:/home/vagrant# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:8d:c0:4d brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic eth0
       valid_lft 81938sec preferred_lft 81938sec
    inet6 fe80::a00:27ff:fe8d:c04d/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:b3:93:42 brd ff:ff:ff:ff:ff:ff
    inet 192.168.200.5/24 brd 192.168.200.255 scope global dynamic eth1
       valid_lft 599sec preferred_lft 599sec
    inet6 fe80::a00:27ff:feb3:9342/64 scope link 
       valid_lft forever preferred_lft forever

Tarea 11:

1
2
3
4
root@nodolan2:/home/vagrant# ip r
default via 10.0.2.2 dev eth0 
10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.15 
192.168.200.0/24 dev eth1 proto kernel scope link src 192.168.200.5 

Borramos la de por defecto

1
2
3
4
5
root@nodolan2:/home/vagrant# ip r del default 

root@nodolan2:/home/vagrant# ip r
10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.15 
192.168.200.0/24 dev eth1 proto kernel scope link src 192.168.200.5 

Añadimos la nueva, que saldrá por eth1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
root@nodolan2:/home/vagrant# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:8d:c0:4d brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic eth0
       valid_lft 85668sec preferred_lft 85668sec
    inet6 fe80::a00:27ff:fe8d:c04d/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:b3:93:42 brd ff:ff:ff:ff:ff:ff
    inet 192.168.200.5/24 brd 192.168.200.255 scope global dynamic eth1
       valid_lft 50sec preferred_lft 50sec
    inet6 fe80::a00:27ff:feb3:9342/64 scope link 
       valid_lft forever preferred_lft forever

Añadimos la ruta del servidor:

1
root@nodolan2:/home/vagrant# ip r add default via 192.168.200.1 dev eth1

A continuación ponemos la regla NAT en el servidor:

1
root@Servidor:/home/vagrant# iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -o eth1 -j MASQUERADE

Y ya tendremos acceso a internet en nuestra máquina

1
2
3
4
5
6
7
8
9
root@nodolan2:/home/vagrant# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=51 time=204 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=51 time=48.3 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=51 time=45.0 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 45.014/99.046/203.788/74.076 ms
This post is licensed under CC BY 4.0 by the author.