[Dnsmasq-discuss] DNSMasq, DHCP, Shorewall, and Proxy Arp

Steve H. steve at csquaredtech.com
Sat Feb 2 23:58:26 GMT 2008

Gaah - re-adding the mailing list..
On Saturday 02 February 2008 03:22:01 pm you wrote:
> On Feb 2, 2008 3:48 PM, Steve H. <steve at csquaredtech.com> wrote:
> > On Saturday 02 February 2008 01:03:06 pm you wrote:
> > > This won't work, because is outside the local subnet of the
> > > device, which therefore uses a gateway to reach it.  You need a local
> > > gateway.
> >
> > Actually, it works perfectly - and has for over a year...All the machines
> > are on 1 physical wire (actually, a hub/switch), and I just add a route
> > to the network and gateway in /etc/network/interfaces.  For example, if
> > my firewall/gateway was on a net-block, I'd
> > use: up route add -net netmask eth0
> >   up route add -host eth0
> >   up route add default gw eth0
> >
> > This works great, and I don't eat up an address in the /28's for a
> > gateway. This is one reason I'd like to move to DHCP - I'd like to pass
> > the routes to be added ( and via DHCP so if
> > my configurations change, I don't have to manually update all the
> > machines.
> I can see how that configuration might work, but it is far more
> complex than originally described.  I'm also not sure you could pass
> those routes, which involve specific device specifications instead of
> next-hop routers, over DHCP.
Hmm - I was just going to pass a route to and a default gateway 
to all DHCP devices.  I think that should be ok via DHCP options (i.e. 
the 'static routes' option ?)

> > > You'd need this anyway, see above.
> >
> > No I don't - see above.  If DNSMasq doesn't support this on its own, can
> > I use a 'dhcp relay agent' to achieve this. ('this' being 1 dhcp server
> > that responds to all the net-blocks on the local ether segment).  I'm
> > guessing the error here is due to DNSMasq not having an address in the
> > net-blocks its serving.  Perhaps having a DHCP relay forward requests to
> > the actual I.P. of the interface DNSMasq is sitting on (
> > would 'fix' this ?
> What if the netmask for the interface on the DNSMasq box/gateway was
> expanded to include all addresses?  I guess that could mess up your
> global routing.  A DHCP relay sounds like a reasonable solution.

yeah - I'm leaning towards a DHCP relay solution.  What I don't understand is 
why DNSMasq is confused.  I told it to serve a specific range, and the client 
gave it a hostname to match (via /etc/hosts) to a specific I.P. in the range.  
Even more confusingly, the firewall has static routes to every host in the 
ranges due to shorewall (it adds a route for every host it does proxy arp 
for).  So I can't figure out why DNSMasq is so unhappy :-/


More information about the Dnsmasq-discuss mailing list