DHCP 服务器不响应来自 KVM 来宾的请求

tag-icon tag-icon debian kvm dhcp
DHCP 服务器不响应来自 KVM 来宾的请求

我在 Debian 服务器 (Proxmox) 上设置了 DHCP 服务器,以便我可以自动为服务器上的 KVM 来宾提供 IP。由于某种原因,DHCP 服务器 (isc-dhcp-server) 未响应 IP 请求。 DHCP 服务器设置为侦听我创建的名为 vmbr1 的桥接接口,并且我知道请求正在从 KVM 来宾发送到主机,因为我已经对其进行了测试dhcpdump -i vmbr1

我显然在某个地方犯了错误,有人能发现吗?我在下面包含了我的配置文件。

dhcp.conf 文件:

ddns-update-style none;
deny declines;
deny bootp;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 192.168.0.0 netmask 255.255.255.224 {
     interface vmbr1;
     option routers 192.168.0.5;
     option broadcast-address 192.168.0.31;
     option ntp-servers 192.168.0.101;
     option domain-name-servers 192.168.0.101;
     option netbios-name-servers 192.168.0.101;
     option netbios-node-type 2;
     default-lease-time 86400;
     max-lease-time 86400;
     #vmbr1ipv4
      host 104 {hardware ethernet 1A:27:59:82:39:8E;fixed-address 95.141.36.124;}
}

isc-dhcp-服务器文件:

# Defaults for isc-dhcp-server initscript
# sourced by /etc/init.d/isc-dhcp-server
# installed at /etc/default/isc-dhcp-server by the maintainer scripts

#
# This is a POSIX shell fragment
#

# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
#DHCPD_CONF=/etc/dhcp/dhcpd.conf

# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
#DHCPD_PID=/var/run/dhcpd.pid

# Additional options to start dhcpd with.
#       Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
#OPTIONS=""

# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
#       Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACES="vmbr1"

主机上的接口文件:

# network interface settings
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet manual

auto vmbr0
iface vmbr0 inet static
        address  95.141.36.188
        netmask  255.255.255.0
        gateway  95.141.36.1
        broadcast  95.141.36.255
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0
        network 95.141.36.0
        bridge_maxwait 0

auto vmbr1
iface vmbr1 inet static
        address  192.168.0.5
        netmask  255.255.255.224
        bridge_ports none
        bridge_stp off
        bridge_fd 0

使用以下命令通过 vmbr1 从 KVM 来宾向主机服务器发出示例请求dhcpdump -i vmbr1

  TIME: 2014-05-28 21:40:14.232
    IP: 0.0.0.0 (1a:27:59:82:39:8e) > 255.255.255.255 (ff:ff:ff:ff:ff:ff)
    OP: 1 (BOOTPREQUEST)
 HTYPE: 1 (Ethernet)
  HLEN: 6
  HOPS: 0
   XID: 599fa654
  SECS: 0
 FLAGS: 0
CIADDR: 0.0.0.0
YIADDR: 0.0.0.0
SIADDR: 0.0.0.0
GIADDR: 0.0.0.0
CHADDR: 1a:27:59:82:39:8e:00:00:00:00:00:00:00:00:00:00
 SNAME: .
 FNAME: .
OPTION:  53 (  1) DHCP message type         1 (DHCPDISCOVER)
OPTION:  55 (  8) Parameter Request List      1 (Subnet mask)
                         28 (Broadcast address)
                          2 (Time offset)
                          3 (Routers)
                         15 (Domainname)
                          6 (DNS server)
                         12 (Host name)
                         42 (NTP servers)

OPTION:  60 (  3) Vendor class identifier   d-i
---------------------------------------------------------------------------

输出来自dhcpd

Internet Systems Consortium DHCP Server 4.2.2
Copyright 2004-2011 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
WARNING: Host declarations are global.  They are not limited to the scope you declared them in.
Wrote 0 deleted host decls to leases file.
Wrote 0 new dynamic host decls to leases file.
Wrote 0 leases to leases file.
Listening on LPF/vmbr1/fa:98:02:e0:1c:28/192.168.0.0/27
Sending on   LPF/vmbr1/fa:98:02:e0:1c:28/192.168.0.0/27
Sending on   Socket/fallback/fallback-net
There's already a DHCP server running.

希望我已经提供了足够的信息来帮助解决问题。非常感谢!

答案1

subnet 192.168.0.0 netmask 255.255.255.224 {
....
      host 104 {hardware ethernet 1A:27:59:82:39:8E;fixed-address 95.141.36.124;}
}

您想要关联到该 MAC 地址的 IP 地址 (95.141.36.124) 超出了您定义的范围(192.168.0.1 到 192.168.0.30)

如果我在家中设置了类似的配置(固定地址超出范围),则来自关联 MAC 地址的请求将被忽略。

尝试完全删除该条目,然后您的主机 104 应该从 192.168.0.0/27 范围获得动态地址

答案2

您是否尝试过关闭防火墙/iptables?我遇到的大多数网络服务问题都是由于防火墙配置不正确造成的。作为快速健全性检查,我会尝试“service iptables stop”并查看是否有效。如果他们这样做,您可以重新启动它并尝试使用一些特定的规则来正确配置它。如果您正在运行firewalld,您也应该尝试“servicefirewalldstop”(如果您有systemd,则可以尝试systemctlstopfirewalld.service)。

答案3

我之前曾尝试在 OpenVZ 实例(ProxMox 的开源版本)内运行我的 DHCP 服务器,但也从未使其正常工作。我最终将该服务移至 OpenVZ 主机,而不是其中一位来宾。 OpenVZ 项目中的此页面可能有助于您了解 DHCP 服务器的情况。

这些是显示设置桥接口+来宾虚拟机的步骤,我确认您的设置具有类似的设置:

$ vzctl create 144 --ostemplate centos-4-i386-minimal
$ vzctl start 144
$ vzyum 144 install dhcp
$ vzctl set 144 --netif_add eth0 --save
$ brctl show

$ brctl addif vzbr0 veth144.0
$ ifconfig vzbr0
$ cat /proc/sys/net/ipv4/conf/vzbr0/forwarding 
$ cat /proc/sys/net/ipv4/conf/vzbr0/proxy_arp 
$ echo 1 > /proc/sys/net/ipv4/conf/vzbr0/forwarding 
$ echo 1 > /proc/sys/net/ipv4/conf/vzbr0/proxy_arp

此外,您可能想尝试通过运行来调试 DHCP 服务器的交互tcpdump。这些咒语可能有助于确定正在发生的事情。

例子

$ tcpdump -n -i br0 broadcast

-或者-

$ tcpdump -A -p -n -i br0

-或者-

$ tcpdump -i br0 host <ip of client> -l

参考

相关内容