-
Notifications
You must be signed in to change notification settings - Fork 0
Server Client Lab
- Create the virtual machines, I opted CENTOS/RHEL AlmaLinux OS 9.3 Minimal ISO and configured the settings as needed (CPU, RAM, disk size).
- Install packages in server machine: dhcp-server for DHCP, bind and bind-utils for DNS, tftp for TFTP, nginx for webserver, syslinux for boot-loader and wget for alma linux iso download.
- Configure the network adapter to use "Custom: Specific virtual network", I selected Custom(VMnet2).
- Uncheck the DHCP and host adapter box in VMware Network Settings for VMnet0 under Edit > Virtual Network Editor.
- Configure static IP addresses manually.
-
- Server: IP address: 192.168.1.10/24, Default gateway: 192.168.1.1
-
- Client: IP address: 192.168.1.20/24, Default gateway: 192.168.1.1
- Ensure that both virtual machines can ping each other to verify connectivity within the same subnet.
To automatically assign IP addresses and other network configuration information to devices that connect to our network.
- Configure the server under
/etc/dhcp/dhcpd.config
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.254;
option subnet-mask 255.255.255.0;
option domain-search "corp.com";
option domain-name-servers 192.168.1.1;
option time-offset 19800;
option broadcast-address 192.168.1.255;
range 192.168.1.2 192.168.1.100;
max-lease-time 7200;
}
- Start DHCP server
sudo systemctl start dhcpd
sudo systemctl enable dhcpd
- Configure Firewall
sudo firewall-cmd --add-service=dhcp --permanent
sudo firewall-cmd --reload
- Test DHCP server, boot the client machine and configure its network adapter to use DHCP.
sudo nmtui
### Under edit a connection, change IPv4 configuration to Automatic
sudo systemctl restart NetworkManager
### IP should be under specified dhcp range
ip a
To allow DHCP clients to resolve the domain name to IP addresses. Since our internal network is not connected to the internet, DNS resolution is limited to the domains and resources hosted within our internal network.
The internal DNS server will respond to DNS queries for domain names within its authoritative zones (configured in its BIND zone files). If client sends a DNS query for a domain outside of the internal network (e.g., google.com), it will typically result in a timeout or a response indicating that the domain could not be resolved.
- Configure the BIND server to define the DNS zones under
/etc/named.conf - I chose example.local for this lab, you can try anything.anything or kanye.west
/*Forward zone*/
zone "example.local" IN {
type master;
file "/var/named/example.local.zone";
};
/*Reverse zone*/
zone "1.168.192.in-addr.arpa" IN {
type master;
file "/var/named/1.168.192.in-addr.arpa.zone";
};
-
ARPA stands for Advanced Research Projects Agency
-
IN means INTERNET
-
Configure a forward zone file for example.local under
/var/named/example.local.zone
; Forward Zone Configuration
$TTL 1d ; Default TTL (1 day)
@ IN SOA ns1.example.local. admin.example.local.(
3 ; Serial
1h ; Refresh (1 hour)
1h ; Retry
3w ; Expire (3 weeks)
1h ) ; Negative Cache TTL/
; NS record
@ IN NS ns1.example.local.
; A record
@ IN A 192.168.1.77
ns1 IN A 192.168.1.77- Configure a reverse zone file for example.local under
/var/named/1.168.192.in-addr.arpa.zone
; Reverse Zone Configuration
$TTL 1d ; Default TTL (1 day)
@ IN SOA ns1.example.local. admin.example.local.(
3 ; Serial
1h ; Refresh (1 hour)
1h ; Retry
3w ; Expire (3 weeks)
1h ) ; Negative Cache TTL/
; NS record
@ IN NS ns1.example.local.
; PTR record
77 IN PTR ns1.example.local.- Change the file ownership of
example.local.zoneand1.168.192.in-addr.arpa.zoneto named
chown :named /var/named/example.local.zone
chown :named /var/named/1.168.192.in-addr.arpa.zone
- Start and Enable BIND
sudo systemctl start named
sudo systemctl enable named
- Configure Firewall
sudo firewall-cmd --add-service=dns --permanent
sudo firewall-cmd --reload
- Configure DHCP to Provide DNS Server Address
/etc/dhcp/dhcpd.config
option domain-search "example.local";
option domain-name-servers 192.168.1.77;
-
Restart DHCP server
sudo systemctl restart dhcpd named -
Reboot Client machine
reboot -
Verify DNS server
nslookup example.localordig example.local
To allow DHCP clients to boot and load an operating system over the network, typically used in scenarios like mass network installations or diskless workstations.
- Configure TFTP server under
/etc/xinetd.d/tftp
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /var/lib/tftpboot
disable = no
per_source = 11
cps = 100 2
}
#disable = no - Indicates that the service is enabled and will respond to requests
#per_source - maximum number of concurrent transfers allowed per source IP address
#cps - connections per second with a burst value of 2
- Configure the server under
/etc/dhcp/dhcpd.config
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.254;
option subnet-mask 255.255.255.0;
option domain-search "corp.com";
option domain-name-servers 192.168.1.1;
option time-offset 19800;
option broadcast-address 192.168.1.255;
range 192.168.1.2 192.168.1.100;
max-lease-time 7200;
next-server 192.168.1.10; # IP address of the TFTP server (using same server machine IP)
filename "pxelinux.0"; # Bootloader filename
}
- We are gonna use nginx server as web server to host
- Configure the Nginx server under
/etc/nginx/conf.d/pxe_alma.conf
server{
listen 80;
server_name crop.com;
root /usr/share/html/alma9;
}
-
Allow incoming connections to these services in the firewall
firewall-cmd --add-service=dhcp --permanent
firewall-cmd --add-service=tftp --permanent
firewall-cmd --add-service=xinetd --permanent
firewall-cmd --add-service=nginx --permanent
firewall-cmd --reload
- Temporarily disable SELinux to permissive mode
setenforce 0