从大子网创建小子网

tag-icon tag-icon ubuntu routing dhcp subnet isc-dhcp
从大子网创建小子网

我的网络是 10.10.0.0/16。我想将其分成 /24 个。

我的环境:我在一台拥有两块网卡的 Ubuntu 14.04 服务器(网关、路由器)上使用 /etc/hosts 和 dnsmasq 进行 DNS 和 isc-dhcp-server 进行 DHCP。eth0 连接到 ISP 交换机,eth1(10.10.0.1/16)连接到 LAN 交换机。所有客户端都连接到 LAN 交换机。

10.10.0.1上的配置:

TCP 转发已启用:

:~$ sudo sysctl -p
net.ipv4.ip_forward = 1

在 /etc/网络/接口:

auto lo
iface lo inet loopback

auto eth0
        iface eth0 inet dhcp

auto eth1
        iface eth1 inet static
        address 10.10.0.1
        netmask 255.255.0.0

/etc/dhcp/dhcpd.conf:

# general options
authoritative;
ddns-update-style none;
log-facility local7;
deny declines;
default-lease-time 3600;
option routers 10.10.0.1;
option domain-name-servers 10.10.0.1;
option domain-name "lab.info";

subnet 10.10.0.0 netmask 255.255.0.0 {
}

subnet 10.10.1.0 netmask 255.255.255.0 { range 10.10.1.1 10.10.1.254; deny unknown-clients;

        host host1 { hardware ethernet c8:33:eb:6e:df:3e; fixed-address host1; }
}

# Unknown clients
subnet 10.10.255.0 netmask 255.255.255.0 { range  10.10.255.1 10.10.255.254; allow unknown-clients; }

在 /etc/hosts 中:

127.0.0.1       localhost
10.10.1.1       host1

host1 能够从 10.10.0.1 接收正确的租约,但无法 ping 通其子网 (10.10.1.0/24) 之外的任何内容。据我所知,我需要路由器上的静态路由。我尝试过但没有成功:

sudo route add -net 10.10.1.0/24 gw 10.10.0.1

我究竟做错了什么?

答案1

它不能按预期工作,原因是 DHCP 将查看接口并尝试找到一个最匹配的网络

您需要 2 个具有不同网络大小的接口(或一个接口上的 2 个 IP)。

但你应该避免网络重叠

正确的配置应该有 2 个不重叠的网络,并且每个 DHCP 配置都有自己的option routers。例如:

RESCUE-CORE (VLAN1001)
subnet 10.0.0.128 netmask 255.255.255.224 {
    authoritative;
#    allow unknown-clients;
    range 10.0.0.148 10.0.0.158;
    option subnet-mask 255.255.255.224;
    option routers 10.0.0.129;
    option domain-name-servers 10.100.101.10;
    option time-servers 10.100.101.5;
    default-lease-time 3600;
    max-lease-time 3600;
    next-server 10.100.101.5;
}

#   RESCUE-ROUTERS (VLAN1002)
subnet 10.0.0.160 netmask 255.255.255.224 {
    authoritative;
#    allow unknown-clients;
    range 172.16.254.180 172.16.254.190;
    option subnet-mask 255.255.255.224;
    option routers 172.16.254.161;
    option domain-name-servers 10.100.101.10;
    option time-servers 10.100.101.5;
    default-lease-time 3600;
    max-lease-time 3600;
    next-server 10.100.101.5;
}

答案2

尝试这些声明:

shared-network "mynet" {
    # No subnet 10.10.0.0 netmask 255.255.0.0
    # since it would overlap with other subnets

    subnet 10.10.10.0 netmask 255.255.255.0 {
         option routers 10.10.0.1;
    }

    subnet 10.10.1.0 netmask 255.255.255.0 { 
         option routers 10.10.1.1;
         # the range should not overlap with the router
         range 10.10.1.10 10.10.1.254; 
         deny unknown-clients;
    }
}
host host1 { 
     hardware ethernet c8:33:eb:6e:df:3e; 
     fixed-address 10.10.1.5;
}

相关内容