[Dnsmasq-discuss] DHCP setup
philippe at faure.ca
Sun Oct 24 03:01:35 BST 2010
Thank you Stefano for your reply. Sorry for the delay. I believe
that I have figured out what was going on. We are running vtund. It
use iptables to filter what goes over the tunnel or not.
After a little digging and trial/error. I was able to find a way a
single command that will stop each DHCP server from sending replies to
DHCPREQUESTS from other locations.
firewall "-t filter -A FORWARD -p udp --dport 67:68 -j DROP";
This will drop any packets that are going to be forwarded over the
tunnel for destination ports 67 (DHCPREQUEST) and 68 (DHCPACK).
I thought that I would send this to the list for anyone who might be
able to use this information.
Quoting Stefano Bridi <stefano.bridi at gmail.com>:
> I suppose you are using bridged VPN (same subnet in every city) so if
> you are already in a routed setup drop my email in the recycle bin and
> please describe better the setup
> I dont' know if there are settings in dnsmasq to help you in this
> specific situation..
> Anyway you can solve migrating the infrastructure to a routed VPN (big step)
> Or at least you can filter out the DHCP request from the vpn.
> A routed setup give you more control and don't forward broadcast
> everywere, off course you need DNS/WINS working.
> On Mon, Oct 4, 2010 at 3:15 AM, Philippe Faure <philippe at faure.ca> wrote:
>> I didn't hear back from anyone, so I thought that I would try to see
>> if my request makes sense.
>> I have dnsmasq running on 3 separate servers, each in different
>> cities. They are all connected via a secure tunnel. I was finding
>> that DHCP request made in location A is being answered by the DHCP
>> server in location B.
>> Currently to avoid this issue, I am using:
>> as a way to stop server B handling requests that typically should be
>> handled by server A. This means that each time new hardware is brought
>> online, the dnsmasq.conf files need to be updated in the other two
>> locations so that they ignore hardware that doesn't belong to them.
>> Do you know if there is a better way of handling this issue? Since what
>> does happen from time to time, is that devices normally associated
>> with Location A do visit Location B. so hen the DHCP assignment comes
>> from the hardware's home location, and not the closest server.
>> Is there a way to use the IP of the local router to accept DHCP
>> request, if the request comes from a router from a different location,
>> pr the tunnel then ignore that request? I believe that this would be
>> a cleaner solution, but just not sure of how to implement it. Even if
>> it is possible.
>> Thank you
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
More information about the Dnsmasq-discuss