[Dnsmasq-discuss] Restricting dhcp-range to certain MAC prefixes?
Simon Kelley
simon at thekelleys.org.uk
Fri Jun 15 17:36:30 BST 2007
Dermot Bradley wrote:
>> Some shots in the dark... :-)
>
> Thanks :-)
>
>> I've never tried this, but do either of these work?
>>
>> dhcp-
>> range=net:aastra,net:elmeg,net:grandstream,net:snom,
>> 10.10.10.50,10.10.10.80,12h
>
> Nope, it only responsed to the Aastra device and not to a Snom.
>
>> or:
>>
>> dhcp-range=net:aastra,10.10.10.50,10.10.10.80,12h
>> dhcp-range=net:elmeg,10.10.10.50,10.10.10.80,12h
>> dhcp-range=net:grandstream,10.10.10.50,10.10.10.80,12h
>> dhcp-range=net:snom,10.10.10.50,10.10.10.80,12h
>
> This seems to work - I have tested with 2 devices so far. I'd assumed
> that DNSMASQ would complain about this as its using the same IP range 4
> times but so far it seems to be happy with it. I'll test further...
That's the right way to do it: repeated tags on one line are ANDed
together (they all have to be set for the line to be valid.) the
intention is that the OR function is done by repeating lines.
>
>> You can't pass the filename-to-request to the client via DHCP? :-(
>
> Well it is more for devices that ask for a standard filename (via TFTP)
> and I want to, for example, read this file from a differing
> sub-directory based on the device's IP addresses so for example the
> TFTPD server could have a filesystem layout like:
>
> /tftpboot/default/config
> /tftpboot/10.10.10.1/config
> /tftpboot/10.10.10.2/config
>
> and when request any device requests "config" they get a differing
> file returned (think auto-provisioning, or security but restricting what
> files a device can fetch).
>
> Some of these devices ask for multiple files during boot (i.e. firmware
> file, generic config, device specific config, etc) so that's why using
> the DHCP 66/67 options won't handle this issue.
>
> It'd be nice to see this in DNSMASQ's TFTP functionality.
>
>
This is easily added by messing about with the tftp-prefix stuff, but
one has to be careful not to allow clients arbitrary access to the
underlying filesystem by inserting arbitrary strings into the prefix.
Maybe allowing %a for dotted-quad IP (like you example) and %m for MAC
address would be OK?
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list