Skip to content

IPFire Orange DHCP

Verschoben Linux
1 1 1.1k
  • Wenn man mit IPFire eine DMZ (orange) betreibt, muss man sich um DNS und DHCP selber kümmern.

    Um IP-Adressen zu verteilen, braucht man einen DHCP-Dienst. Warum braucht man das? Wenn man die ROCKPro64 nicht in sein LAN hängen will, müssen sie in die DMZ. Da aber alle Images so eingestellt sind, das sie sich beim Starten per DHCP eine IP-Adresse besorgen, gibt das beim Starten dann Probleme. Somit habe ich mir einen DHCP-Server in die DMZ gestellt und das Problem ist gelöst.

    Beispiel

    • Netz 192.168.5.0/24
    • IP-Range 192.168.5.2 bis 192.168.5.20
    • Gateway 192.168.5.1
    • DNS-Server 1.1.1.1, 8.8.8.8

    Installation

    apt install isc-dhcp-server
    

    Konfiguration

    Es gibt zwei wichtige Dateien. Einmal die Datei isc-dhcp-server

    nano /etc/default/isc-dhcp-server 
    

    Inhalt der Datei

    # Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
    
    # Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
    DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
    #DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
    
    # Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
    #DHCPDv4_PID=/var/run/dhcpd.pid
    #DHCPDv6_PID=/var/run/dhcpd6.pid
    
    # Additional options to start dhcpd with.
    #       Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
    #OPTIONS=""
    
    # On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
    #       Separate multiple interfaces with spaces, e.g. "eth0 eth1".
    INTERFACESv4="eth0"
    #INTERFACESv6=""
    

    Und einmal die Datei dhcpd.conf

    nano /etc/dhcp/dhcpd.conf
    

    Inhalt der Datei

    # dhcpd.conf
    #
    # Sample configuration file for ISC dhcpd
    #
    
    # option definitions common to all supported networks...
    option domain-name "meinnetz.local";
    option domain-name-servers 1.1.1.1, 8.8.8.8;
    
    default-lease-time 600;
    max-lease-time 7200;
    
    # The ddns-updates-style parameter controls whether or not the server will
    # attempt to do a DNS update when a lease is confirmed. We default to the
    # behavior of the version 2 packages ('none', since DHCP v2 didn't
    # have support for DDNS.)
    ddns-update-style none;
    
    # If this DHCP server is the official DHCP server for the local
    # network, the authoritative directive should be uncommented.
    authoritative;
    
    # Use this to send dhcp log messages to a different log file (you also
    # have to hack syslog.conf to complete the redirection).
    #log-facility local7;
    
    # No service will be given on this subnet, but declaring it helps the
    # DHCP server to understand the network topology.
    
    #subnet 192.168.5.0 netmask 255.255.255.0 {
    #}
    
    # This is a very basic subnet declaration.
    
    subnet 192.168.5.0 netmask 255.255.255.0 {
      range 192.168.5.2 192.168.5.20;
      option routers 192.168.5.1;
    }
    
    # This declaration allows BOOTP clients to get dynamic addresses,
    # which we don't really recommend.
    
    #subnet 10.254.239.32 netmask 255.255.255.224 {
    #  range dynamic-bootp 10.254.239.40 10.254.239.60;
    #  option broadcast-address 10.254.239.31;
    #  option routers rtr-239-32-1.example.org;
    #}
    
    # A slightly different configuration for an internal subnet.
    #subnet 10.5.5.0 netmask 255.255.255.224 {
    #  range 10.5.5.26 10.5.5.30;
    #  option domain-name-servers ns1.internal.example.org;
    #  option domain-name "internal.example.org";
    #  option routers 10.5.5.1;
    #  option broadcast-address 10.5.5.31;
    #  default-lease-time 600;
    #  max-lease-time 7200;
    #}
    
    # Hosts which require special configuration options can be listed in
    # host statements.   If no address is specified, the address will be
    # allocated dynamically (if possible), but the host-specific information
    # will still come from the host declaration.
    
    #host passacaglia {
    #  hardware ethernet 0:0:c0:5d:bd:95;
    #  filename "vmunix.passacaglia";
    #  server-name "toccata.example.com";
    #}
    
    # Fixed IP addresses can also be specified for hosts.   These addresses
    # should not also be listed as being available for dynamic assignment.
    # Hosts for which fixed IP addresses have been specified can boot using
    # BOOTP or DHCP.   Hosts for which no fixed address is specified can only
    # be booted with DHCP, unless there is an address range on the subnet
    # to which a BOOTP client is connected which has the dynamic-bootp flag
    # set.
    #host fantasia {
    #  hardware ethernet 08:00:07:26:c0:a5;
    #  fixed-address fantasia.example.com;
    #}
    
    # You can declare a class of clients and then do address allocation
    # based on that.   The example below shows a case where all clients
    # in a certain class get addresses on the 10.17.224/24 subnet, and all
    # other clients get addresses on the 10.0.29/24 subnet.
    
    #class "foo" {
    #  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
    #}
    
    #shared-network 224-29 {
    #  subnet 10.17.224.0 netmask 255.255.255.0 {
    #    option routers rtr-224.example.org;
    #  }
    #  subnet 10.0.29.0 netmask 255.255.255.0 {
    #    option routers rtr-29.example.org;
    #  }
    #  pool {
    #    allow members of "foo";
    #    range 10.17.224.10 10.17.224.250;
    #  }
    #  pool {
    #    deny members of "foo";
    #    range 10.0.29.10 10.0.29.230;
    #  }
    #}
    

    Neustart des Dienstes

    /etc/init.d/isc-dhcp-server start
    
  • Rest-Server v0.13.0 released

    Restic rest-server restic linux
    2
    0 Stimmen
    2 Beiträge
    401 Aufrufe
    FrankMF
    Download Rest-Server und installieren Im Github Repository den aktuellen Release suchen. Hier am Beispiel der aktuellen Version 0.13.0 (27.07.2024) Datei herunterladen wget https://github.com/restic/rest-server/releases/download/v0.13.0/rest-server_0.13.0_linux_amd64.tar.gz Die Datei entpacken tar -xf rest-server_0.13.0_linux_amd64.tar.gz Ins Verzeichnis wechseln cd rest-server_0.13.0_linux_amd64 Wenn der Rest-Server läuft, dann muss man diesen erst mal stoppen. systemctl stop rest-server Danach kopiert man das File nach bin. Wer mag sichert vorher das alte File. cp rest-server /usr/local/bin Danach kann man den Rest-Server wieder starten. systemctl start rest-server Versionskontrolle root@rest-server:~# rest-server -v rest-server version rest-server 0.13.0 compiled with go1.22.5 on linux/amd64 Die Hilfe vom Rest-Server root@rest-server:~# rest-server -h Run a REST server for use with restic Usage: rest-server [flags] Flags: --append-only enable append only mode --cpu-profile string write CPU profile to file --debug output debug messages -h, --help help for rest-server --htpasswd-file string location of .htpasswd file (default: "<data directory>/.htpasswd)" --listen string listen address (default ":8000") --log filename write HTTP requests in the combined log format to the specified filename (use "-" for logging to stdout) --max-size int the maximum size of the repository in bytes --no-auth disable .htpasswd authentication --no-verify-upload do not verify the integrity of uploaded data. DO NOT enable unless the rest-server runs on a very low-power device --path string data directory (default "/tmp/restic") --private-repos users can only access their private repo --prometheus enable Prometheus metrics --prometheus-no-auth disable auth for Prometheus /metrics endpoint --tls turn on TLS support --tls-cert string TLS certificate path --tls-key string TLS key path -v, --version version for rest-server Systemd Wer noch ein passendes systemd File benötigt. [Unit] Description=Rest Server After=syslog.target After=network.target [Service] Type=simple User=rest-server Group=rest-server ExecStart=/usr/local/bin/rest-server --private-repos --tls --tls-cert /mnt/rest-server/<DOMAIN>/fullchain.pem --tls-key /mnt/rest-server/<DOMAIN>/key.pem --path /mnt/rest-server Restart=always RestartSec=5 # Optional security enhancements NoNewPrivileges=yes PrivateTmp=yes ProtectSystem=strict ProtectHome=yes ReadWritePaths=/mnt/rest-server [Install] WantedBy=multi-user.target
  • Nextcloud - Update auf 28.0.0

    Nextcloud nextcloud linux
    5
    3
    0 Stimmen
    5 Beiträge
    615 Aufrufe
    FrankMF
    28.0.1 ist da. Den Log Reader wieder aktiviert. Gleiches Verhalten. Kann ich so leider nicht gebrauchen, also wieder deaktiviert.
  • Manjaro KDE Plasma 21.2.6

    Linux manjaro kde linux
    16
    2
    0 Stimmen
    16 Beiträge
    922 Aufrufe
    FrankMF
    @FrankM sagte in Manjaro KDE Plasma 21.2.6: Eines betrifft die Anordnung der Icons auf dem Desktop. Die Anordnung, die ich wähle, werden immer wieder geändert. Unschön, aber den Desktop nutze ich so gut wie gar nicht. Also kann ich auch auf den Fix warten. Kann noch was dauern https://pointieststick.com/2023/03/03/this-week-in-kde-plasma-6-begins/ Desktop icons on the active activity should no longer inappropriately re-arrange themselves when the set of connected screens changes. However during the process of investigation, we discovered that the code for storing desktop file position is inherently problematic and in need of a fundamental rewrite just like we did for multi-screen arrangement in Plasma 5.27. This will be done for Plasma 6.0, and hopefully make Plasma’s long history of being bad about remembering desktop icon positions just that–history (Marco Martin, Plasma 5.27.3. Link)
  • Debian Bullseye - ZFS installieren und Pool erstellen

    Linux linux zfs proxmox
    1
    1
    0 Stimmen
    1 Beiträge
    2k Aufrufe
    Niemand hat geantwortet
  • NanoPi R4S - OpenWrt kompilieren

    Angeheftet NanoPi R4S openwrt linux nanopir4s
    2
    2
    0 Stimmen
    2 Beiträge
    491 Aufrufe
    FrankMF
    Ja, ich kann bestätigen, es funktioniert und startet einwandfrei!
  • OpenWrt - Sysupgrade

    OpenWRT & Ubiquiti ER-X openwrt linux er-x
    1
    0 Stimmen
    1 Beiträge
    290 Aufrufe
    Niemand hat geantwortet
  • IPFire - Nach Neuinstallation Grafiken defekt

    Verschoben IPFire ipfire
    1
    0 Stimmen
    1 Beiträge
    820 Aufrufe
    Niemand hat geantwortet
  • Projekt NAS - BIOS Update 1.25.0

    Linux linux
    1
    0 Stimmen
    1 Beiträge
    683 Aufrufe
    Niemand hat geantwortet