[Dnsmasq-discuss] DNSMasq, DHCP, Shorewall, and Proxy Arp
steve at csquaredtech.com
Sat Feb 2 23:58:26 GMT 2008
Gaah - re-adding the mailing list..
On Saturday 02 February 2008 03:22:01 pm you wrote:
> On Feb 2, 2008 3:48 PM, Steve H. <steve at csquaredtech.com> wrote:
> > On Saturday 02 February 2008 01:03:06 pm you wrote:
> > > This won't work, because 126.96.36.199 is outside the local subnet of the
> > > device, which therefore uses a gateway to reach it. You need a local
> > > gateway.
> > Actually, it works perfectly - and has for over a year...All the machines
> > are on 1 physical wire (actually, a hub/switch), and I just add a route
> > to the network and gateway in /etc/network/interfaces. For example, if
> > my firewall/gateway was 188.8.131.52 on a 184.108.40.206/28 net-block, I'd
> > use: up route add -net 220.127.116.11 netmask 255.255.255.240 eth0
> > up route add -host 18.104.22.168 eth0
> > up route add default gw 22.214.171.124 eth0
> > This works great, and I don't eat up an address in the /28's for a
> > gateway. This is one reason I'd like to move to DHCP - I'd like to pass
> > the routes to be added (126.96.36.199/28 and 188.8.131.52/32) via DHCP so if
> > my configurations change, I don't have to manually update all the
> > machines.
> I can see how that configuration might work, but it is far more
> complex than originally described. I'm also not sure you could pass
> those routes, which involve specific device specifications instead of
> next-hop routers, over DHCP.
Hmm - I was just going to pass a route to 184.108.40.206/28 and a default gateway
to all DHCP devices. I think that should be ok via DHCP options (i.e.
the 'static routes' option ?)
> > > You'd need this anyway, see above.
> > No I don't - see above. If DNSMasq doesn't support this on its own, can
> > I use a 'dhcp relay agent' to achieve this. ('this' being 1 dhcp server
> > that responds to all the net-blocks on the local ether segment). I'm
> > guessing the error here is due to DNSMasq not having an address in the
> > net-blocks its serving. Perhaps having a DHCP relay forward requests to
> > the actual I.P. of the interface DNSMasq is sitting on (192.168.0.2)
> > would 'fix' this ?
> What if the netmask for the interface on the DNSMasq box/gateway was
> expanded to include all addresses? I guess that could mess up your
> global routing. A DHCP relay sounds like a reasonable solution.
yeah - I'm leaning towards a DHCP relay solution. What I don't understand is
why DNSMasq is confused. I told it to serve a specific range, and the client
gave it a hostname to match (via /etc/hosts) to a specific I.P. in the range.
Even more confusingly, the firewall has static routes to every host in the
ranges due to shorewall (it adds a route for every host it does proxy arp
for). So I can't figure out why DNSMasq is so unhappy :-/
More information about the Dnsmasq-discuss