Thursday, September 2, 2010

dhcp-helper : A DHCP Relay Agent for Linux

DHCP Relay Agents are commonly used on routed networks with centralized DHCP services. The relay agent is a service that is typically configured on a router and converts DHCP broadcasts into unicast messages directed at the DHCP servers IP address.

dhcp-helper is a simple, straightforward DHCP and BOOTP relay agent which was written by Simon Kelley as alternative to the ISC relay. It's Linux only, but doesn't require any kernel support other than the network stack. (No LPF or packet sockets). It listens for DHCP and BOOTP broadcasts on directly connected subnets and relays them to  DHCP or  BOOTP  servers  elsewhere.  It  also relays replies from the remote servers back to  partially  configured  hosts.  Once  hosts  are  fully configured  they  can communicate  directly  with their servers and no longer need the services of a relay.

This post will cover the installation and setup of dhcp-helper in Ubuntu. This package has been ported to some other distros as well, so feel free to try it in whatever your distribution is ;).

For installing dhcp-helper in Ubuntu the following command should be executed:

$ sudo apt-get install dhcp-helper


The service starts on installation automatically, listening on interface eth0. You’ll want to configure it in the file /etc/default/dhcp-helper .


The only required option is at least one DHCP server to relay  to.  The simplest  way  to configure    dhcp-helper on a router is just to give the interface to the network containing the DHCP server with a  -b  option. All  the  other interfaces present on the machine will then accept DHCP requests. On a machine which does not have an interface on the  network containing the DHCP server, use a -s option instead.

The following options can be used on the dchp-helper configuration file to suit every environment:


-s server
              Specify  a  DHCP  or BOOTP server to relay to. The server may be
              given as a machine name or dotted-quad IP address. More than one
              server may be specified.

-b interface
              Relay to a DHCP or BOOTP server using broadcast via .
              This eliminates the need to give a server  address.  
              is  automatically added to the list of interfaces which will not
              receive DHCP requests.

-i interface
              Specify which local  interfaces  to  listen  on  for  DHCP/BOOTP
              broadcasts.  If  no  -i  flags are given all interfaces are used
              except those specified by -e flags and  those  specified  by  -b
              flags.

-e interface
              Specify which local interfaces to exclude.

-p    
              Use  alternative  ports  (1067/1068)  for  the  DHCP  client and
              server.

-v    
              Report the software release version and copyright information.

-d    
              Debug mode, do not change UID, write a pid-file or go  into  the
              background.

-r file
              Specify an alternate path for dhcp-helper to record its process-
              id in. Normally /var/run/dhcp-helper.pid.

-u username
              Specify the  userid  to  which  dhcp-helper  will  change  after
              startup.  The  daemon  must  normally be started as root, but it
              will drop root priviledges  after  startup  by  changing  id  to
              another  user.  Normally  this  user is "nobody" but that can be
              over-ridden with this switch.

For an scenario like this:



An example of the content of an /etc/default/dhcp-helper config file could be:


# Option flags used to start dhcp-helper.
#
# You will need at least "-s " or
# "-b so that dhcp-helper knows where
# to relay DHCP requests.
#
# See "man 8 dhcp-helper" for more details.


DHCPHELPER_OPTS="-b eth1 -e eth0"

In this case the option "-b eth1" is used, because the dhcp server is conected to the eth1 interface of the Linux box acting as a router between 3 different networks connected to eth0, eth1 and eth2 respectively.
The option "-e eth0" is used because we don't want to listen for DHCP or BOOTP broadcast on the interface connected to the internet. Such service is not needed for anyone sitting behind the external interface and this option will also help avoid creating security breaches since the daemon will stop listening on the interface specified.
After setting up the options the service needs to be restarted. Use the following command:

$ sudo /etc/init.d/dhcp-helper restart

A nice thing to do now, is to use tcpdump on any of the interfaces involved on the DHCP relay process(eth1 or eth2 if an scenario as the one in the picture above is used). You should be able to watch the clients pull an IP address from your DHCP server !!!

Note: If you are using iptables on the same Ubuntu box as the dhcp-helper, remember to add an incoming rule that allow the box to receive the broadcast from the clients. You will probably also need an outgoing rule that allows the Ubuntu box to talk to the DHCP server.

How To Set Up a Serial Console Client Connection to Ubuntu using Minicom

In the previous article, I explained how to set up a serial console on Ubuntu.
This tutorial will now show how to connect to those serial console using another machine using a software called minicom.
minicom is a serial communication program that we will use in order to connect to a serial console. After a few configuration steps, we will be able to access the console as if we were connected through SSH or directly in front of a virtual console.


1. First Thing First...

We need to make sure that the two machine are connected using a so called null modem cable. Other standard serial cable will just not work !!!


2. Installing Minicom

minicom is already packaged for Ubuntu, so you simply need to fire:

# apt-get install minicom

3. Setting Up Minicom



In this tutorial, the serial port used to connect to the serial console is ttyS0 . You can find out the different serial port detected by your kernel with:

$ dmesg | grep ttyS

[ 12.282348] serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
[ 12.282928] 00:0c: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A


Now, let's start minicom as root:

$ sudo minicom

Now press Ctrl-A O, navigate to Serial port setup and hit Enter, type A and make sure the device is set to /dev/ttyS0, then hit Enter to validate.
Type E and make sure the value is 115200, press Enter to validate. Type Enter again to go back to the previous screen and finally navigate to Save setup as dfl, Enter to validate, Esc to go back to the first screen and Ctrl-A Q to quit.

Now, re-run:



$ sudo minicom


This time you will connect to the serial console on the Ubuntu server  set up on the previous post !!!

How to Set Up a Serial Console Connection to Ubuntu.

This tutorial will go over the steps to go through in order to set up a serial console on Ubuntu Linux.
Unlike most other distros, Ubuntu uses upstart instead of sysvinit and as such, there is a few differences between most of the tutorial that you might find on the internet regarding how to set up a serial console.


A Serial Console becomes handy when running a headless server (i.e no keyboard and screen) or if you cannot connect a a server because of a network issue.
In this tutorial, we will set up a serial console on the server, the machine we want an access to. Setting up a serial console client will be covered in another article.

1. Checking The Serial Devices


In order to find which devices are available on a box, you can run:


$ dmesg | grep tty
serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
00:0c: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A

From this output, we can guess that there is 1 serial interface (/dev/ttyS0). You might possibly have more than one interface on your machine, this tutorial considers that you are using device 1 (ttyS0), if you use the second device, you will need to change ttyS0 by ttyS1.

2. Setting Up The Serial Console On The Server

On the server, we are going to set up:


  • A serial console on ttyS0
  • Have kernel booting messages output to the serial console
  • Make Grub outputs to the serial console
2.1. The Serial Console

To set up a serial console, We need to create a new file called /etc/event.d/ttyS0 in order to spawn a getty on the serial device. getty will take care of prompting the user for a username and password.
Go and edit /etc/event.d/ttyS0 and add:

# ttyS0 - getty
#
# This service maintains a getty on ttyS0 from the point the system is
# started until it is shut down again.

start on runlevel 2
start on runlevel 3
start on runlevel 4
start on runlevel 5

stop on runlevel 0
stop on runlevel 1
stop on runlevel 6

respawn
exec /sbin/getty -L 115200 ttyS0 vt102

To authorize root (if you enabled root account on your machine) to log in through the serial console, you need to edit /etc/securetty and add:

ttyS0

2.2. Having Grub Outputting To ttyS0

grub can be configured to output on the serial console. Edit grub by adding the following two lines to the beginning of the /boot/grub/menu.lst file, in the section before the different kernels.:

serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1
terminal --timeout=10 serial console

This will take care of having grub being displayed on the serial console so you can actually modify grub through the serial console or boot using another kernel. 
If using ttyS1, then change it to --unit=1

Also, in order to get the booting messages outputted to the serial console, you can append to your kernel line the following:

console=ttyS0,115200n8 console=tty0

So, finally, the kernel line will look like:

kernel    /boot/vmlinuz-2.6.24-16-generic root=UUID=uuuuuu-iii3-dddd-uuuu-iiiiiddddd ro quiet splash console=ttyS0,115200n8 console=tty0

That's it, upon next reboot, you will be able to connect directly to your box using a serial console !