[Dnsmasq-discuss] Answering DHCPINFORM from other interfaces (solved)

Sergei Zhirikov sfzhi at yahoo.com
Mon Oct 19 21:01:02 BST 2009

Sergei Zhirikov wrote:
> Hi,
> I'm using dnsmasq as a DHCP and DNS server on my Linux home gateway, which is also a IPSec/L2TP VPN server. For IP address allocation for the VPN PPP tunnels I use ppp-dhcpc plugin, which pretends to be a DHCP relay and requests IP addresses from dnsmasq. That part works fine.
> However, when the PPP link has been established the VPN client (a Windows PC in my case, but I don't think it's relevant) send DHCPINFORM request to the broadcast address That request reaches the Linux gateway via the PPP link, but dnsmasq does not reply, because it can see that the request is coming from an interface it is not configured to serve.
> I would really like dnsmasq to reply to those DHCPINFORM requests coming in through the PPP links, but I haven't been able to configure dnsmasq for that. I can't tell it to serve the PPP interface, because the interface name is assigned dynamically (thus not known in advance). I can not tell dnsmasq to serve all interfaces with some exceptions either, because then the list of the exceptions would have to contain dynamically assigned names.
> I have tried some tricks with iptables. Tried to use "-j ROUTE --iif ifname" to make the packets appear coming form another interface with a fixed name that dnsmasq is configured to serve, but dnsmasq still does not reply as if it somehow can see the original interface name.
> I have tried to use a pair of VETH interfaces to route the incoming packets to one end of the virtual tunnel so that they would appear to dnsmasq coming out of the other end, but that didn't work, because I didn't manage to get the routing work the way I wanted (perhaps, because I lack necessary knowledge about advanced routing).
> I would appreciate any kind of help with this problem.
> Thank you,
> Kind regards,
> Sergei.

Thanks to everyone who tried to help. I have managed to come up with a working solution.

In case someone wants to know, the basic idea is to create a linked pair of virtual ethernet interfaces:

    ip link add name dhcp type veth peer name pipe

(I'll omit the trivial stuff like assigning IP addresses and bringing the interfaces up.)
Then direct the DHCP traffic coming from the remote PPP endpoints into one side of the tunnel:

    iptables -t mangle -A PREROUTING ! -i dhcp -m iprange --src-range -p udp --sport 68 --dport 67 -j ROUTE --oif pipe

And configure dnsmasq to provide DHCP service on the 'dhcp' interface.

Well, I wouldn't call this the most elegant solution, but it works for me, so it's good enough for the time being, until I come up with a better way.

More information about the Dnsmasq-discuss mailing list