[Dnsmasq-discuss] DHCP setup

Philippe Faure philippe at faure.ca
Sun Oct 24 03:01:35 BST 2010 

Thank you Stefano for your reply.  Sorry for the delay.  I believe  
that I have figured out what was going on.  We are running vtund.  It  
use iptables to filter what goes over the tunnel or not.

After a little digging and trial/error. I was able to find a way a  
single command that will stop each DHCP server from sending replies to  
DHCPREQUESTS from other locations.

firewall "-t filter -A FORWARD  -p udp  --dport 67:68 -j DROP";

This will drop any packets that are going to be forwarded over the  
tunnel for destination ports 67 (DHCPREQUEST) and 68 (DHCPACK).

I thought that I would send this to the list for anyone who might be  
able to use this information.

Philippe


Quoting Stefano Bridi <stefano.bridi at gmail.com>:

> I suppose you are using bridged VPN (same subnet in every city) so if
> you are already in a routed setup drop my email in the recycle bin and
> please describe better the setup
>
> I dont' know if there are settings in dnsmasq to help you in this
> specific situation..
> Anyway you can solve migrating the infrastructure to a routed VPN (big step)
> Or at least you can filter out the DHCP request from the vpn.
> A routed setup give you more control and don't forward broadcast
> everywere, off course you need DNS/WINS working.
>
> Stefano
>
>
> On Mon, Oct 4, 2010 at 3:15 AM, Philippe Faure <philippe at faure.ca> wrote:
>> Hello,
>>
>> I didn't hear back from anyone, so I thought that I would try to see
>> if my request makes sense.
>>
>> I have dnsmasq running on 3 separate servers, each in different
>> cities.  They are all connected via a secure tunnel. I was finding
>> that DHCP request made in location A is being answered by the DHCP
>> server in location B.
>>
>> Currently to avoid this issue, I am using:
>> dhcp-host=00:0e:35:f6:d8:af,ignore
>>
>> as a way to stop server B handling requests that typically should be
>> handled by server A. This means that each time new hardware is brought
>> online, the dnsmasq.conf files need to be updated in the other two
>> locations so that they ignore hardware that doesn't belong to them.
>>
>> Do you know if there is a better way of handling this issue? Since what
>> does happen from time to time, is that devices normally associated
>> with Location A do visit Location B. so hen the DHCP assignment comes
>> from the hardware's home location, and not the closest server.
>>
>> Is there a way to use the IP of the local router to accept DHCP
>> request, if the request comes from a router from a different location,
>> pr the tunnel then ignore that request?  I believe that this would be
>> a cleaner solution, but just not sure of how to implement it. Even if
>> it is possible.
>>
>> Thank you
>>
>> Philippe
>>
>>
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>
>

More information about the Dnsmasq-discuss mailing list