Skip to content

IPFire Orange DHCP

Verschoben Linux
1 1 1.1k
  • Wenn man mit IPFire eine DMZ (orange) betreibt, muss man sich um DNS und DHCP selber kümmern.

    Um IP-Adressen zu verteilen, braucht man einen DHCP-Dienst. Warum braucht man das? Wenn man die ROCKPro64 nicht in sein LAN hängen will, müssen sie in die DMZ. Da aber alle Images so eingestellt sind, das sie sich beim Starten per DHCP eine IP-Adresse besorgen, gibt das beim Starten dann Probleme. Somit habe ich mir einen DHCP-Server in die DMZ gestellt und das Problem ist gelöst.

    Beispiel

    • Netz 192.168.5.0/24
    • IP-Range 192.168.5.2 bis 192.168.5.20
    • Gateway 192.168.5.1
    • DNS-Server 1.1.1.1, 8.8.8.8

    Installation

    apt install isc-dhcp-server
    

    Konfiguration

    Es gibt zwei wichtige Dateien. Einmal die Datei isc-dhcp-server

    nano /etc/default/isc-dhcp-server 
    

    Inhalt der Datei

    # Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
    
    # Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
    DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
    #DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
    
    # Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
    #DHCPDv4_PID=/var/run/dhcpd.pid
    #DHCPDv6_PID=/var/run/dhcpd6.pid
    
    # Additional options to start dhcpd with.
    #       Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
    #OPTIONS=""
    
    # On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
    #       Separate multiple interfaces with spaces, e.g. "eth0 eth1".
    INTERFACESv4="eth0"
    #INTERFACESv6=""
    

    Und einmal die Datei dhcpd.conf

    nano /etc/dhcp/dhcpd.conf
    

    Inhalt der Datei

    # dhcpd.conf
    #
    # Sample configuration file for ISC dhcpd
    #
    
    # option definitions common to all supported networks...
    option domain-name "meinnetz.local";
    option domain-name-servers 1.1.1.1, 8.8.8.8;
    
    default-lease-time 600;
    max-lease-time 7200;
    
    # The ddns-updates-style parameter controls whether or not the server will
    # attempt to do a DNS update when a lease is confirmed. We default to the
    # behavior of the version 2 packages ('none', since DHCP v2 didn't
    # have support for DDNS.)
    ddns-update-style none;
    
    # If this DHCP server is the official DHCP server for the local
    # network, the authoritative directive should be uncommented.
    authoritative;
    
    # Use this to send dhcp log messages to a different log file (you also
    # have to hack syslog.conf to complete the redirection).
    #log-facility local7;
    
    # No service will be given on this subnet, but declaring it helps the
    # DHCP server to understand the network topology.
    
    #subnet 192.168.5.0 netmask 255.255.255.0 {
    #}
    
    # This is a very basic subnet declaration.
    
    subnet 192.168.5.0 netmask 255.255.255.0 {
      range 192.168.5.2 192.168.5.20;
      option routers 192.168.5.1;
    }
    
    # This declaration allows BOOTP clients to get dynamic addresses,
    # which we don't really recommend.
    
    #subnet 10.254.239.32 netmask 255.255.255.224 {
    #  range dynamic-bootp 10.254.239.40 10.254.239.60;
    #  option broadcast-address 10.254.239.31;
    #  option routers rtr-239-32-1.example.org;
    #}
    
    # A slightly different configuration for an internal subnet.
    #subnet 10.5.5.0 netmask 255.255.255.224 {
    #  range 10.5.5.26 10.5.5.30;
    #  option domain-name-servers ns1.internal.example.org;
    #  option domain-name "internal.example.org";
    #  option routers 10.5.5.1;
    #  option broadcast-address 10.5.5.31;
    #  default-lease-time 600;
    #  max-lease-time 7200;
    #}
    
    # Hosts which require special configuration options can be listed in
    # host statements.   If no address is specified, the address will be
    # allocated dynamically (if possible), but the host-specific information
    # will still come from the host declaration.
    
    #host passacaglia {
    #  hardware ethernet 0:0:c0:5d:bd:95;
    #  filename "vmunix.passacaglia";
    #  server-name "toccata.example.com";
    #}
    
    # Fixed IP addresses can also be specified for hosts.   These addresses
    # should not also be listed as being available for dynamic assignment.
    # Hosts for which fixed IP addresses have been specified can boot using
    # BOOTP or DHCP.   Hosts for which no fixed address is specified can only
    # be booted with DHCP, unless there is an address range on the subnet
    # to which a BOOTP client is connected which has the dynamic-bootp flag
    # set.
    #host fantasia {
    #  hardware ethernet 08:00:07:26:c0:a5;
    #  fixed-address fantasia.example.com;
    #}
    
    # You can declare a class of clients and then do address allocation
    # based on that.   The example below shows a case where all clients
    # in a certain class get addresses on the 10.17.224/24 subnet, and all
    # other clients get addresses on the 10.0.29/24 subnet.
    
    #class "foo" {
    #  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
    #}
    
    #shared-network 224-29 {
    #  subnet 10.17.224.0 netmask 255.255.255.0 {
    #    option routers rtr-224.example.org;
    #  }
    #  subnet 10.0.29.0 netmask 255.255.255.0 {
    #    option routers rtr-29.example.org;
    #  }
    #  pool {
    #    allow members of "foo";
    #    range 10.17.224.10 10.17.224.250;
    #  }
    #  pool {
    #    deny members of "foo";
    #    range 10.0.29.10 10.0.29.230;
    #  }
    #}
    

    Neustart des Dienstes

    /etc/init.d/isc-dhcp-server start
    
  • Fedora erhebt KDE zur offiziellen Workstation Alternative

    Linux fedora kde plasma linux
    1
    0 Stimmen
    1 Beiträge
    179 Aufrufe
    Niemand hat geantwortet
  • Vaultwarden bekommt Aufmerksamkeit vom BSI

    Vaultwarden vaultwarden linux bsi
    1
    0 Stimmen
    1 Beiträge
    241 Aufrufe
    Niemand hat geantwortet
  • MSI B650 Tomahawk WiFi Teil 2

    Allgemeine Diskussionen msi linux
    1
    0 Stimmen
    1 Beiträge
    289 Aufrufe
    Niemand hat geantwortet
  • Update 1.30.2 released

    Vaultwarden vaultwarden linux
    1
    0 Stimmen
    1 Beiträge
    141 Aufrufe
    Niemand hat geantwortet
  • NodeBB - v3.3.0

    NodeBB nodebb linux
    1
    0 Stimmen
    1 Beiträge
    152 Aufrufe
    Niemand hat geantwortet
  • FAN control OMV Auyfan 0.10.12: gitlab-ci-linux-build-184, Kernel 5.6

    Linux linux
    12
    1 Stimmen
    12 Beiträge
    1k Aufrufe
    M
    Hi, since I'm currently change my rockpro64 setup I came across this. With the kernel from ayufan you need to set PWM_CTL to /sys/devices/platform/pwm-fan/hwmon/hwmon3/pwm1 for my self compiled one I need /sys/devices/platform/pwm-fan/hwmon/hwmon0/pwm1 But I got it only working with one entry for PWM_CTL e.g. PWM_CTL = "/sys/devices/platform/pwm-fan/hwmon/hwmon0/pwm1", after that you need to start ats again sudo systemctl stop ats sudo systemctl start ats initially the fan should start immediately for a short period of time. In case it is even a different one on your kernel you can find the right one using this command. sudo find /sys -name pwm1 | grep hwmon So far I'm not sure which kernel parameter or modul changes this. Martin
  • Restic & Rclone & Nextcloud

    Linux nextcloud rclone linux restic
    3
    0 Stimmen
    3 Beiträge
    850 Aufrufe
    FrankMF
    Hier mal eine Ausgabe vom ersten Durchgang root@frank-MS-7C37:~# restic --password-file /root/passwd -r rclone:Nextcloud:HOME_UBUNTU backup --files-from /root/includes.txt repository 99xxxxa0 opened successfully, password is correct created new cache in /root/.cache/restic rclone: 2020/05/08 17:47:57 ERROR : locks: error listing: directory not found rclone: 2020/05/08 17:47:58 ERROR : index: error listing: directory not found rclone: 2020/05/08 17:47:58 ERROR : snapshots: error listing: directory not found Files: 3503 new, 0 changed, 0 unmodified Dirs: 2 new, 0 changed, 0 unmodified Added to the repo: 16.872 GiB processed 3503 files, 21.134 GiB in 1:02:56 snapshot fdxxxxec saved Der erste Durchgang hat also etwa eine Stunde benötigt. Durch die Deduplikation der Daten, ist der Vorgang beim zweiten Durchgang viel schneller weil nur neue oder geänderte Daten gesichert werden. Und außerdem sind alle Daten AES-256 verschlüsselt. Also perfekt zur Ablage in irgendeiner Cloud root@frank-MS-7C37:~# restic --password-file /root/passwd -r rclone:Nextcloud:HOME_UBUNTU backup --files-from /root/includes.txt repository 99xxxxa0 opened successfully, password is correct Files: 57 new, 41 changed, 3449 unmodified Dirs: 0 new, 2 changed, 0 unmodified Added to the repo: 22.941 MiB processed 3547 files, 21.137 GiB in 0:13 snapshot c6xxxxe4 saved Wie ihr seht, hat der zweite Durchgang nur ein paar neue und geänderte Daten gesichert. Der Rest ist ja schon vorhanden. Und das kann man dann auch problemlos täglich, wöchentlich oder was auch immer mal eben schnell durchführen. Eines meiner absoluten Lieblingstool
  • SSH Login ohne Passwort

    Angeheftet Linux linux
    4
    0 Stimmen
    4 Beiträge
    2k Aufrufe
    FrankMF
    Wie ihr ja wisst, benutze ich das Forum hier auch gerne als Notizbuch Also mal wieder was hier notieren. Mein Windows Systemadmin sagte mir heute, das es auch folgendes gibt # ssh-keygen -t ed25519 Generating public/private ed25519 key pair. Enter file in which to save the key (/root/.ssh/id_ed25519): /tmp/ed Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /tmp/ed Your public key has been saved in /tmp/ed.pub The key fingerprint is: SHA256:D33HCTW7Dy0p5kQdFTkPudx1PQh0EHFgkBvxy8KwhGM root@frank-ms7c92 The key's randomart image is: +--[ED25519 256]--+ | o=O*o=+=| | . oo o+oB+| | E o o.o.o+*| | . o +o...oo=o| | .So.o= O .| | o.= o + | | . . .| | | | | +----[SHA256]-----+ Der Key liegt nur in /tmp kopieren lohnt also nicht Ob das jetzt die Zukunft ist, kann ich nicht beantworten. Ich wollte es aber hier mal festhalten, weil es wohl mittlerweile auch von vielen Projekten benutzt wird. https://en.wikipedia.org/wiki/Ssh-keygen