[Dnsmasq-discuss] DHCP with no default route and no DNS

Jim Faulkner jfaulkne@ccs.neu.edu
Tue, 3 May 2005 16:08:41 -0400 (EDT)


Hello,

I am using dnsmasq on a gateway/firewall/wireless access point.  The
machine has 3 physical network interfaces:  a wireless card and 2 ethernet
cards (one ethernet card connects to an ADSL modem, the other connects to
a LAN).

dnsmasq is providing DHCP service for the wireless network and the LAN.
The LAN has a fairly standard setup, and dnsmasq's default DNS and gateway
settings are perfect for it.

However the wireless network is a bit different.  Clients on the wireless
network must connect to a VPN in order to do anything.  The only ports
that are open to the wireless network on the machine running dnsmasq are
what is needed to contact the DHCP server, and what is needed to connect
to the VPN.  IP forwarding is not enabled on the wireless interface, and
the DNS ports on the wireless interface are firewalled off.

Here's my current configuration file:
-------------------------------------
domain-needed
bogus-priv
local=/wired/
local=/wireless/
local=/vpn/
dhcp-range=192.168.0.252,192.168.0.254,255.255.255.0,3h
dhcp-range=192.168.183.237,192.168.183.238,255.255.255.0,12h
dhcp-host=00:50:DA:F5:CE:BC,net:wireless-net,laptop,192.168.183.237,12h
dhcp-host=00:09:5B:98:3A:72,net:wireless-net,x21,192.168.183.238,12h
dhcp-option=wireless-net,1,255.255.255.0
dhcp-option=wireless-net,19,0
dhcp-option=wireless-net,28,192.168.183.255
dhcp-authoritative
-------------------------------------------

The above configuration works, however it provides clients on the
wireless network with gateway and DNS servers that are inaccessible
because of the firewall.

I would like dnsmasq to not provide a gateway and DNS server to clients on
the wireless network at all.  I've attempted this by adding these lines to
the configuration file:
dhcp-option=wireless-net,3,0
dhcp-option=wireless-net,6,0

On a windows 2000 client, the above lines work perfectly at disabling a
default route and DNS server.  However, whenever I add either of these
options to the configuration file, the client gets 255.255.255.255 as
its subnet mask.  This causes the client to be unable to connect to the
VPN.

As you can see in my configuration file, I've tried forcing the subnet
mask to 255.255.255.0 in a few places.  However, whenever I try to set the
default route and DNS server to "0", the subnet mask becomes
255.255.255.255.

Is it possible to set up dnsmasq to provide the correct IP and subnet
mask, but no DNS server and no default route?  If so, how do I do it?

thanks for any help,
Jim Faulkner