目录

项目前准备

一、DHCP服务器配置（Rocky8）

1，关闭防火墙、安全上下文

2、配置网卡文件

3、安装hdcp-server

4、配置dhcp服务

5、重启dhcp服务

二、配置路由器

1、添加两块网卡并更改网卡配置文件

2、配置路由功能

3、挂载本地镜像并安装dhcp服务

4、配置中继转发

三、客户端查看

验证结果

四、脚本配置

1、DHCP服务器配置脚本

2、路由器配置脚本

项目前准备

项目要求 1、DHCP服务器能够为两个网络分别分配IP地址。

2、内部客户机设置为固定获得某一个IP地址。

项目前准备

1、准备四台虚拟机，分为DHCP服务器、内部客户机、路由器和外部客户机

2、配置网络连接模式

DHCP服务器和内部客户机

路由器

外部客户机

一、DHCP服务器配置（Rocky8）

1，关闭防火墙、安全上下文

[root@localhost ~]# systemctl disable --now firewalld
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemonLoaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)Active: inactive (dead) since Mon 2025-06-16 22:13:06 EDT; 36s agoDocs: man:firewalld(1)Process: 329610 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCC>Main PID: 329610 (code=exited, status=0/SUCCESS)
​
6月 16 22:12:46 bogon systemd[1]: Starting firewalld - dynamic firewall daemon...
6月 16 22:12:46 bogon systemd[1]: Started firewalld - dynamic firewall daemon.
6月 16 22:12:46 bogon firewalld[329610]: WARNING: AllowZoneDrifting is enabled. This is considered an insecu>
6月 16 22:13:04 bogon systemd[1]: Stopping firewalld - dynamic firewall daemon...
6月 16 22:13:06 bogon systemd[1]: firewalld.service: Succeeded.
6月 16 22:13:06 bogon systemd[1]: Stopped firewalld - dynamic firewall daemon.
[root@localhost ~]# getenforce
Permissive
​

2、配置网卡文件

[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.100.1
PREFIX=24
GATEWAY=192.168.100.254
​
[root@localhost ~]# systemctl restart NetworkManager
[root@localhost dhcp]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:0c:29:5b:74:6c brd ff:ff:ff:ff:ff:ffaltname enp2s1inet 192.168.100.1/24 brd 192.168.100.255 scope global noprefixroute ens33valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe5b:746c/64 scope link valid_lft forever preferred_lft forever
​

3、安装hdcp-server

[root@localhost ~]# yum install -y dhcp-server
Rocky Linux 8 - AppStream                                                    2.7 kB/s | 4.8 kB     00:01    
Rocky Linux 8 - AppStream                                                    3.1 MB/s |  19 MB     00:05    
Rocky Linux 8 - BaseOS                                                       4.1 kB/s | 4.3 kB     00:01    
Rocky Linux 8 - BaseOS                                                       4.9 MB/s |  26 MB     00:05    
Rocky Linux 8 - Extras                                                       2.5 kB/s | 3.1 kB     00:01    
Rocky Linux 8 - Extras                                                        12 kB/s |  15 kB     00:01    
依赖关系解决。
=============================================================================================================软件包                       架构               版本                               仓库                大小
=============================================================================================================
安装:dhcp-server                  x86_64             12:4.3.6-50.el8_10                 baseos             529 k
安装依赖关系:bind-export-libs             x86_64             32:9.11.36-16.el8_10.4             baseos             1.1 Mdhcp-common                  noarch             12:4.3.6-50.el8_10                 baseos             207 kdhcp-libs                    x86_64             12:4.3.6-50.el8_10                 baseos             147 k
​
事务概要
=============================================================================================================
安装  4 软件包
​
总下载：2.0 M
安装大小：4.6 M
下载软件包：
(1/4): dhcp-libs-4.3.6-50.el8_10.x86_64.rpm                                  381 kB/s | 147 kB     00:00    
(2/4): dhcp-common-4.3.6-50.el8_10.noarch.rpm                                509 kB/s | 207 kB     00:00    
(3/4): dhcp-server-4.3.6-50.el8_10.x86_64.rpm                                2.4 MB/s | 529 kB     00:00    
(4/4): bind-export-libs-9.11.36-16.el8_10.4.x86_64.rpm                       1.7 MB/s | 1.1 MB     00:00    
-------------------------------------------------------------------------------------------------------------
总计                                                                         1.1 MB/s | 2.0 MB     00:01     
Rocky Linux 8 - BaseOS                                                       1.6 MB/s | 1.6 kB     00:00    
导入 GPG 公钥 0x6D745A60:Userid: "Release Engineering <infrastructure@rockylinux.org>"指纹: 7051 C470 A929 F454 CEBE 37B7 15AF 5DAC 6D74 5A60来自: /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
导入公钥成功
运行事务检查
事务检查成功。
运行事务测试
事务测试成功。
运行事务准备中  :                                                                                              1/1 安装    : dhcp-libs-12:4.3.6-50.el8_10.x86_64                                                          1/4 安装    : dhcp-common-12:4.3.6-50.el8_10.noarch                                                        2/4 安装    : bind-export-libs-32:9.11.36-16.el8_10.4.x86_64                                               3/4 运行脚本: bind-export-libs-32:9.11.36-16.el8_10.4.x86_64                                               3/4 运行脚本: dhcp-server-12:4.3.6-50.el8_10.x86_64                                                        4/4 安装    : dhcp-server-12:4.3.6-50.el8_10.x86_64                                                        4/4 运行脚本: dhcp-server-12:4.3.6-50.el8_10.x86_64                                                        4/4 验证    : bind-export-libs-32:9.11.36-16.el8_10.4.x86_64                                               1/4 验证    : dhcp-common-12:4.3.6-50.el8_10.noarch                                                        2/4 验证    : dhcp-libs-12:4.3.6-50.el8_10.x86_64                                                          3/4 验证    : dhcp-server-12:4.3.6-50.el8_10.x86_64                                                        4/4 
​
已安装:bind-export-libs-32:9.11.36-16.el8_10.4.x86_64            dhcp-common-12:4.3.6-50.el8_10.noarch           dhcp-libs-12:4.3.6-50.el8_10.x86_64                       dhcp-server-12:4.3.6-50.el8_10.x86_64           
​
完毕！
​

4、配置dhcp服务

[root@localhost ~]# cd /etc/dhcp
[root@localhost dhcp]# ls
dhclient.d  dhcpd6.conf  dhcpd.conf
[root@localhost dhcp]# vim dhcpd.conf
#查看路径并复制（/usr/share/doc/dhcp-server/dhcpd.conf.example）
​
[root@localhost dhcp]# cp /usr/share/doc/dhcp-server/dhcpd.conf.example ./
[root@localhost dhcp]# ls
dhclient.d  dhcpd6.conf  dhcpd.conf  dhcpd.conf.example
[root@localhost dhcp]# cp dhcpd.conf.example dhcpd.conf
cp：是否覆盖'dhcpd.conf'？ yes
[root@localhost dhcp]# ls
dhclient.d  dhcpd6.conf  dhcpd.conf  dhcpd.conf.example
​
​
#多地址池配置#
[root@localhost dhcp]# vim dhcpd.conf
#找到这项最全的，更改里面的参数#
# A slightly different configuration for an internal subnet.
subnet 192.168.100.0 netmask 255.255.255.0 {range 192.168.100.2 192.168.100.253;option domain-name-servers 192.168.100.1;#option domain-name "internal.example.org";option routers 192.168.100.254;option broadcast-address 192.168.100.255;default-lease-time 600;max-lease-time 7200;
}
subnet 192.168.200.0 netmask 255.255.255.0 {range 192.168.200.2 192.168.200.253;option domain-name-servers 192.168.100.1;#option domain-name "internal.example.org";option routers 192.168.200.254;option broadcast-address 192.168.200.255;default-lease-time 600;max-lease-time 7200;
}
​
​
​
​
#找到此项更改，绑定单一地址#set.host ens37（#更改成绑定单一地址的客户端的网卡名#） {hardware ethernet 00:0c:29:7b:65:46（#找到绑定单一地址的客户端的网卡MAC，更改此MAAC地址#）;fixed-address 192.168.100.100(#更改成固定的IP地址);
}
​
​

5、重启dhcp服务

[root@localhost dhcp]# systemctl restart dhcpd
[root@localhost dhcp]# systemctl enable --now dhcpd
Created symlink /etc/systemd/system/multi-user.target.wants/dhcpd.service → /usr/lib/systemd/system/dhcpd.service.

二、配置路由器

1、添加两块网卡并更改网卡配置文件

[root@bogon ~]# cd /etc/sysconfig/network-scripts/
[root@bogon network-scripts]# ls
ifcfg-ens33  ifdown-eth   ifdown-post    ifdown-TeamPort  ifup-eth   ifup-plip    ifup-sit       init.ipv6-global
​
[root@bogon Packages]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:29:e3:11 brd ff:ff:ff:ff:ff:ffinet 192.168.100.4/24 brd 192.168.100.255 scope global dynamic ens33valid_lft 394sec preferred_lft 394secinet6 fe80::6acc:265f:ab9d:d3b6/64 scope link noprefixroute valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:29:e3:1b brd ff:ff:ff:ff:ff:ffinet 192.168.200.254/24 brd 192.168.200.255 scope global noprefixroute ens37valid_lft forever preferred_lft foreverinet6 fe80::e3e4:845e:bce5:e922/64 scope link noprefixroute valid_lft forever preferred_lft forever
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000link/ether 52:54:00:10:4b:1a brd ff:ff:ff:ff:ff:ffinet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0valid_lft forever preferred_lft forever
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000link/ether 52:54:00:10:4b:1a brd ff:ff:ff:ff:ff:ff
​
​
[root@bogon network-scripts]# cp ifcfg-33 ifcfg-37
[root@bogon network-scripts]# vim ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.100.254
PREFIX=24
[root@bogon network-scripts]# vim ifcfg-ens37
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens37
DEVICE=ens37
ONBOOT=yes
IPADDR=192.168.200.254
PREFIX=24
​
[root@bogon network-scripts]# systemctl restart NetworkManager
[root@bogon network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:29:e3:11 brd ff:ff:ff:ff:ff:ffinet 192.168.100.254/24 brd 192.168.100.255 scope global noprefixroute ens33valid_lft forever preferred_lft foreverinet 192.168.100.4/24 brd 192.168.100.255 scope global secondary dynamic ens33valid_lft 545sec preferred_lft 545secinet6 fe80::6acc:265f:ab9d:d3b6/64 scope link noprefixroute valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:29:e3:1b brd ff:ff:ff:ff:ff:ffinet 192.168.200.254/24 brd 192.168.200.255 scope global noprefixroute ens37valid_lft forever preferred_lft foreverinet6 fe80::e3e4:845e:bce5:e922/64 scope link noprefixroute valid_lft forever preferred_lft forever
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000link/ether 52:54:00:10:4b:1a brd ff:ff:ff:ff:ff:ffinet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0valid_lft forever preferred_lft forever
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000link/ether 52:54:00:10:4b:1a brd ff:ff:ff:ff:ff:ff
​

2、配置路由功能

[root@bogon ~]# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
[root@bogon ~]# sysctl -p
net.ipv4.ip_forward = 1
​

3、挂载本地镜像并安装dhcp服务

[root@bogon ~]#mount /dev/sr0 /mnt
[root@bogon ~]# cd /mnt/Packages/
[root@bogon Packages]# rpm -ivh dhcp-4.2.5-82.el7.centos.x86_64.rpm 
警告：dhcp-4.2.5-82.el7.centos.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEY
准备中...                          ################################# [100%]
正在升级/安装...1:dhcp-12:4.2.5-82.el7.centos      ################################# [100%]
[root@bogon Packages]# systemctl restart dhcpd
[root@bogon Packages]# systemctl enable --now dhcpd

4、配置中继转发

[root@bogon Packages]# dhcrelay 192.168.100.1
Dropped all unnecessary capabilities.
Internet Systems Consortium DHCP Relay Agent 4.2.5
Copyright 2004-2013 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/virbr0/52:54:00:10:4b:1a
Sending on   LPF/virbr0/52:54:00:10:4b:1a
Listening on LPF/ens37/00:0c:29:29:e3:1b
Sending on   LPF/ens37/00:0c:29:29:e3:1b
Listening on LPF/ens33/00:0c:29:29:e3:11
Sending on   LPF/ens33/00:0c:29:29:e3:11
Sending on   Socket/fallback

三、客户端查看

验证结果

内部客户机

[root@localhost ~]# ip a
1: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:0c:29:7b:65:46 brd ff:ff:ff:ff:ff:ffaltname enp2s5inet 192.168.100.100/24 brd 192.168.200.255 scope global dynamic noprefixroute ens37valid_lft 160sec preferred_lft 160secinet6 fe80::20c:29ff:fe7b:6546/64 scope link noprefixroute valid_lft forever preferred_lft forever

外部客户机

[root@localhost ~]# ip a
1: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:0c:29:7b:65:46 brd ff:ff:ff:ff:ff:ffaltname enp2s5inet 192.168.200.2/24 brd 192.168.200.255 scope global dynamic noprefixroute ens37valid_lft 160sec preferred_lft 160secinet6 fe80::20c:29ff:fe7b:6546/64 scope link noprefixroute valid_lft forever preferred_lft forever
[root@localhost ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.200.254 0.0.0.0         UG    100    0        0 ens33
192.168.200.0   0.0.0.0         255.255.255.0   U     100    0        0 ens33
[root@localhost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search example.org
nameserver 192.168.100.1
​

四、脚本配置

1、DHCP服务器配置脚本

#!/bin/bash
#关闭防火墙
if systemctl is-active firewalld &>/dev/null; thensystemctl disable --now firewalld
elseecho "防火墙已关闭" 
fi
iptables -F
​
#关闭selinux
if [ "$(getenforce)" = "Disabled" ]; thenecho "SELinux已经关闭"
elsesetenforce 0sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
fi
​
#配置网卡参数
nics=$(ip a | awk -F: '/ens/{print $2}' | grep -v "^$" | tr -d ' ')
echo -e "当前系统中可供配置的网卡有：\n$nics"
​
while true
doread -p "请输入要配置的网卡名称：" nicif ! echo "$nics" | grep -q "$nic"; thencontinuefiread -p "请输入配置网络参数的方式（dhcp|static）：" tpif [ "$tp" = "dhcp" ]; thenecho "TYPE=Ethernet
BOOTPROTO=$tp
NAME=$nic
DEVICE=$nic
ONBOOT=yes" > /etc/sysconfig/network-scripts/ifcfg-$nicifdown $nic; ifup $nicelif [ "$tp" = "static" ]; thenread -p "输入IP地址：" ipread -p "输入子网掩码：" maskread -p "输入网关：" gw     fi
done   
​
config_dhcp(){
echo "subnet 192.168.100.0 netmask 255.255.255.0 {range 192.168.100.2 192.168.100.253;option domain-name-servers ns1.internal.example.org;option domain-name \"internal.example.org\";option routers 192.168.100.254;option broadcast-address 192.168.100.255;default-lease-time 600;max-lease-time 7200;
}       
host fantasia {hardware ethernet 08:00:07:26:c0:a5;fixed-address 192.168.100.100;
}" > /etc/dhcp/dhcpd.conf
systemctl enable --now dhcpd
}
if  rpm -q dhcp &>/dev/null
thenconfig_dhcp
elseyum install -y dhcp-serverconfig_dhcp
fi

2、路由器配置脚本

#!/bin/bash
cat << EOF
请按顺序进行:
1、配置ens33网卡
2、配置ens37网卡
3、配置路由转发
4、配置中继转发
EOF
​
read -p "请输入你的选择:" num
case $num in
1)# 配置ens33网卡为静态IP# 设置为静态IP并添加IP地址和子网掩码echo "TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.100.254
PREFIX=24" > /etc/sysconfig/network-scripts/ifcfg-ens33echo "ens33网卡已配置为静态IP: 192.168.100.254/24";;
2)# 配置ens37网卡为静态IP# 复制并修改配置文件cp /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-ens37# 修改网卡名称和IP地址sed -i 's/ens33/ens37/g' /etc/sysconfig/network-scripts/ifcfg-ens37sed -i 's/192.168.100.254/192.168.200.254/g' /etc/sysconfig/network-scripts/ifcfg-ens37echo "ens192网卡已配置为静态IP: 192.168.200.254/24";;
3)# 配置IP转发echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.confsysctl -pecho "已启用IPv4转发";;
4)# 配置中继转发mount /dev/sr0 /mntcd /mnt/Packages/rpm -ivh dhcp-4.2.5-82.el7.centos.x86_64.rpm systemctl restart dhcpdsystemctl enable --now dhcpddhcrelay 192.168.100.1*)echo "无效的选择，请输入1-4之间的数字"exit 1;;
esac

看到感觉有帮助的朋友，劳烦动动发财的小手给博主点个赞