From d9097828f18b32c7c7868624ebeedb9bfc5d4f0b Mon Sep 17 00:00:00 2001 From: rohhie Date: Sun, 23 Oct 2022 19:16:35 +0900 Subject: [PATCH] First version --- LICENSE | 9 ++++++ README.md | 70 ++++++++++++++++++++++++++++++++++++++++++++++ docker-compose.yml | 32 +++++++++++++++++++++ setufw.sh | 2 ++ v4/Dockerfile | 6 ++++ v4/dhcpd.conf | 31 ++++++++++++++++++++ v4/entrypoint.sh | 19 +++++++++++++ v6/Dockerfile | 8 ++++++ v6/dhcpd.conf | 30 ++++++++++++++++++++ v6/entrypoint.sh | 20 +++++++++++++ v6/radvd.conf | 16 +++++++++++ 11 files changed, 243 insertions(+) create mode 100644 LICENSE create mode 100644 README.md create mode 100644 docker-compose.yml create mode 100755 setufw.sh create mode 100644 v4/Dockerfile create mode 100644 v4/dhcpd.conf create mode 100755 v4/entrypoint.sh create mode 100644 v6/Dockerfile create mode 100644 v6/dhcpd.conf create mode 100755 v6/entrypoint.sh create mode 100644 v6/radvd.conf diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..cdc6638 --- /dev/null +++ b/LICENSE @@ -0,0 +1,9 @@ +MIT License + +Copyright (c) 2022 rohhie@rohhie.net + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..a1b746e --- /dev/null +++ b/README.md @@ -0,0 +1,70 @@ +# ISC DHCP SERVER with docker + +## 概要 + +ISC DHCP SERVERをDockerで気軽に利用する。 + +## 構築方法 +### ダウンロード + +このリポジトリからソースをダウンロードする。 + +``` +git clone https://gitea.rohhie.net/rohhie/isc-dhcp-with-docker.git +mv isc-dhcp-with-docker dhcp +cd dhcp +``` + +### 動作条件を設定 +#### コンテナ + +docker-compose.ymlには、IPv4とIPv6の2つのコンテナを定義してある。 +どちらか一方を利用する場合は、使わない方をコメントアウトしておく。 + +それぞれの動作条件を設定する。 + +| 変数名 | 設定内容 | +|--------|--------------------------------------------------------------------------| +| DHCPIF | 使用するネットワークインターフェースを設定。空白で区切って複数指定可能。 | + +#### IPv4 + +v4ディレクトリにdhcpd.confがあるので、これを適宜書き換える。 + +#### IPv6 + +v6ディレクトリにdhcpd.confとradvd.confがあるので、適切に設定。 +radvd.confでは、使用するネットワークインターフェースの設定があるので、環境変数DHCPIFとあわせて設定しておく。 + +### ファイアウォールの設定 + +ファイアウォールを設定するスクリプトを実行する。 +このスクリプトではIPv6のみ開放している。 +IPv4は開放しなくてもうまく動いている。 + +``` +sudo ./setufw.sh +``` + +何らかの理由で設定を解除するなら、以下を実行する。 + +``` +sudo ./setufw.sh delete +``` + +### コンテナを起動 + +コンテナを構築して起動する。 + +``` +sudo docker compose up -d --bulid +``` + +## その他 + +細かな設定手順や使い方は、メインサイト参照。 +https://rohhie.net/dhcp-server-with-docker/ + +## ライセンス + +MIT diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..596e8fd --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,32 @@ +version: "3.9" +services: + + dhcp4: + build: ./v4 + image: dhcp4:1.0.0 + container_name: dhcp4 + restart: "unless-stopped" + environment: + TZ: Asia/Tokyo + DHCPIF: "ens33" + hostname: dhcp4 + network_mode: "host" + volumes: + - v4:/var/lib/dhcp + + dhcp6: + build: ./v6 + image: dhcp6:1.0.0 + container_name: dhcp6 + restart: "unless-stopped" + environment: + TZ: Asia/Tokyo + DHCPIF: "ens33" + hostname: dhcp6 + network_mode: "host" + volumes: + - v6:/var/lib/dhcp + +volumes: + v4: + v6: diff --git a/setufw.sh b/setufw.sh new file mode 100755 index 0000000..a4e048a --- /dev/null +++ b/setufw.sh @@ -0,0 +1,2 @@ +#!/bin/bash +ufw $1 allow to any port 547 proto udp from any comment "DHCPv6" diff --git a/v4/Dockerfile b/v4/Dockerfile new file mode 100644 index 0000000..55e49a0 --- /dev/null +++ b/v4/Dockerfile @@ -0,0 +1,6 @@ +FROM alpine:latest +RUN apk add dhcp-server-vanilla tzdata && \ + touch /var/lib/dhcp/dhcpd.leases +ADD entrypoint.sh / +ADD dhcpd.conf /etc/dhcp/ +ENTRYPOINT ["/entrypoint.sh"] diff --git a/v4/dhcpd.conf b/v4/dhcpd.conf new file mode 100644 index 0000000..3fbfefd --- /dev/null +++ b/v4/dhcpd.conf @@ -0,0 +1,31 @@ +#------------------------------- +# Global options +#------------------------------- +option domain-name "hogeserver.hogeddns.jp"; +option domain-name-servers 192.168.110.10; +option routers 192.168.110.10; + +default-lease-time 86400; # 24 hours. +max-lease-time 604800; # 7 days. + +lease-file-name "/var/lib/dhcp/dhcpd.leases"; + +#------------------------------- +# Subnet +#------------------------------- +subnet 192.168.110.0 netmask 255.255.255.0 { + range 192.168.110.100 192.168.110.199; +} + +#------------------------------- +# Fixed address +#------------------------------- +host party { + hardware ethernet 00:0C:29:14:6E:24; + fixed-address 192.168.110.12; +} + +host work { + hardware ethernet 00:0c:29:0a:83:af; + fixed-address 192.168.110.3; +} diff --git a/v4/entrypoint.sh b/v4/entrypoint.sh new file mode 100755 index 0000000..eea2f56 --- /dev/null +++ b/v4/entrypoint.sh @@ -0,0 +1,19 @@ +#!/bin/ash + +echo "Start container with parameter : $@" + +trap sig_term SIGTERM + +sig_term() { + echo "CATCH SIGTERM" + pkill -SIGTERM dhcpd + wait + exit 0 +} + +# Execute paramater. +exec "$@" + +dhcpd -4 -f $DHCPIF & +wait +exit 1 diff --git a/v6/Dockerfile b/v6/Dockerfile new file mode 100644 index 0000000..f7d800c --- /dev/null +++ b/v6/Dockerfile @@ -0,0 +1,8 @@ +FROM alpine:latest +RUN apk add dhcp-server-vanilla radvd tzdata && \ + touch /var/lib/dhcp/dhcpd.leases && \ + mkdir /run/radvd +ADD entrypoint.sh / +ADD dhcpd.conf /etc/dhcp/ +ADD radvd.conf /etc/ +ENTRYPOINT ["/entrypoint.sh"] diff --git a/v6/dhcpd.conf b/v6/dhcpd.conf new file mode 100644 index 0000000..9ea19b9 --- /dev/null +++ b/v6/dhcpd.conf @@ -0,0 +1,30 @@ +#------------------------------- +# Global options +#------------------------------- +option dhcp6.domain-search "hogeserver.hogeddns.jp"; +option dhcp6.name-servers fdaa:aaaa:aaaa:aaaa::10; + +default-lease-time 86400; # 24 hours. +max-lease-time 604800; # 7 days. + +lease-file-name "/var/lib/dhcp/dhcpd.leases"; + +#------------------------------- +# Subnet +#------------------------------- +subnet6 fdaa:aaaa:aaaa:aaaa::/64 { + range6 fdaa:aaaa:aaaa:aaaa::1:0100 fdaa:aaaa:aaaa:aaaa::1:0199; +} + +#------------------------------- +# Fixed address +#------------------------------- +host party { + host-identifier option dhcp6.client-id 00:03:00:01:00:0c:29:14:6e:24; + fixed-address6 fdaa:aaaa:aaaa:aaaa::12; +} + +host work { + host-identifier option dhcp6.client-id 00:03:00:01:00:0c:29:0a:83:af; + fixed-address6 fdaa:aaaa:aaaa:aaaa::3; +} diff --git a/v6/entrypoint.sh b/v6/entrypoint.sh new file mode 100755 index 0000000..93cb517 --- /dev/null +++ b/v6/entrypoint.sh @@ -0,0 +1,20 @@ +#!/bin/ash + +echo "Start container with parameter : $@" + +trap sig_term SIGTERM + +sig_term() { + echo "CATCH SIGTERM" + pkill -SIGTERM dhcpd + pkill -SIGTERM radvd + wait + exit 0 +} + +# Execute paramater. +exec "$@" + +dhcpd -6 -f $DHCPIF & +radvd -n & +wait diff --git a/v6/radvd.conf b/v6/radvd.conf new file mode 100644 index 0000000..896010b --- /dev/null +++ b/v6/radvd.conf @@ -0,0 +1,16 @@ +interface ens33 +{ + AdvSendAdvert on; + + AdvManagedFlag on; + AdvOtherConfigFlag on; + + AdvDefaultPreference low; + + prefix fdaa:aaaa:aaaa:aaaa::/64 + { + AdvAutonomous off; + }; + + AdvCurHopLimit 0; +};