[Dnsmasq-discuss] Two instances of Dnsmasq on one VPN network

richardvoigt at gmail.com richardvoigt at gmail.com
Fri Aug 10 03:22:34 BST 2007


On 8/9/07, J Silverman <g1powermac at yahoo.com> wrote:
>
> Hello Simon,
>
> Thanks for the info.  However, I think I found an issue with this setup.
> On the routers, all the physical interfaces and the VPN interface are
> bridged together, so to dnsmasq it only sees one interface, if I'm reading
> this correctly.  So, I can't tell it to ignore the vpn interface, since to
> it, it's all under the bigger bridged interface and I also can't tell it to
> ignore the bridged interface since then I'd have no dhcp for the entire
> network.  Would you have any suggestions on how to get around this?


Use iptables and the physdev module to selectively drop bootp traffic (udp
port 67) to'/from the vpn interface.



Thanks,
> J Silverman
>
> *Simon Kelley <simon at thekelleys.org.uk>* wrote:
>
> J Silverman wrote:
> > Hello Simon,
> >
> > I was just researching this a bit more and was thinking of using
> > except-interface=. Would the no-dhcp-interface be
> > a better choice?
>
> Both will work: the difference is that except-interface tells dnsmasq to
> ignore DNS queries arriving on that interface, as well as DHCP and TFTP.
> no-dhcp-interface stops DHCP and TFTP, but allows DNS. In your case you
> probably won't have DNS queries crossing the bridge, but there's no
> particular reason to block them.
>
> Cheers,
>
> Simon.
>
>
> ------------------------------
> Pinpoint customers
> <http://us.rd.yahoo.com/evt=48250/*http://searchmarketing.yahoo.com/arp/sponsoredsearch_v9.php?o=US2226&cmp=Yahoo&ctv=AprNI&s=Y&s2=EM&b=50>who
> are looking for what you sell.
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20070809/bb842f12/attachment-0001.htm


More information about the Dnsmasq-discuss mailing list