[Dnsmasq-discuss] DHCP setup

Philippe Faure philippe at faure.ca
Tue Oct 5 18:33:46 BST 2010


Hello,

To be honest, my brother set up the tunneling network, and I was just  
poking at it out of curiosity.  I did do some digging last night and  
found that we are using vtund as the software to implement the tunnel.

Each "node" of the network has an allocated network range (limited by  
the routers)
192.168.0.1-32 location A
192.168.0.33-64 location B
etc

Looking into vtund it would seem that we are using iptable like rules  
to do the filtering.

I know that this is now a little off topic, but I believe that the  
following string would provide what I am looking for.

firewall "-t raw -A OUTPUT -i br0 -p udp -s 255.255.255.255 --dport 67  
-j DROP";

I have tried:

firewall "-t raw -A OUTPUT            -p udp -d 255.255.255.255  
--destination-port 67:68 -j DROP";

but found that it stopped dnsmasq functioning at all.

Has someone else tried to use this setup? Not knowing a lot about  
iptables, have someone's expert input would be greatly appreciated.

Thanks

Philippe



Quoting Stefano Bridi <stefano.bridi at gmail.com>:

> I suppose you are using bridged VPN (same subnet in every city) so if
> you are already in a routed setup drop my email in the recycle bin and
> please describe better the setup
>
> I dont' know if there are settings in dnsmasq to help you in this
> specific situation..
> Anyway you can solve migrating the infrastructure to a routed VPN (big step)
> Or at least you can filter out the DHCP request from the vpn.
> A routed setup give you more control and don't forward broadcast
> everywere, off course you need DNS/WINS working.
>
> Stefano
>
>
> On Mon, Oct 4, 2010 at 3:15 AM, Philippe Faure <philippe at faure.ca> wrote:
>> Hello,
>>
>> I didn't hear back from anyone, so I thought that I would try to see
>> if my request makes sense.
>>
>> I have dnsmasq running on 3 separate servers, each in different
>> cities.  They are all connected via a secure tunnel. I was finding
>> that DHCP request made in location A is being answered by the DHCP
>> server in location B.
>>
>> Currently to avoid this issue, I am using:
>> dhcp-host=00:0e:35:f6:d8:af,ignore
>>
>> as a way to stop server B handling requests that typically should be
>> handled by server A. This means that each time new hardware is brought
>> online, the dnsmasq.conf files need to be updated in the other two
>> locations so that they ignore hardware that doesn't belong to them.
>>
>> Do you know if there is a better way of handling this issue? Since what
>> does happen from time to time, is that devices normally associated
>> with Location A do visit Location B. so hen the DHCP assignment comes
>> from the hardware's home location, and not the closest server.
>>
>> Is there a way to use the IP of the local router to accept DHCP
>> request, if the request comes from a router from a different location,
>> pr the tunnel then ignore that request?  I believe that this would be
>> a cleaner solution, but just not sure of how to implement it. Even if
>> it is possible.
>>
>> Thank you
>>
>> Philippe
>>
>>
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>
>





More information about the Dnsmasq-discuss mailing list