[Dnsmasq-discuss] DMZ IP allocations
cwh0803 at cs.rit.edu
cwh0803 at cs.rit.edu
Thu Dec 20 17:13:42 GMT 2012
All-
A quick question to help clarify something that is probably so easy I've
missed something obvious, but having missed it, I find myself rather lost.
This pertains to dnsmasq 2.63 from Ubuntu 12.10.
Not unlike others I suspect, I'd like to partition my home network to
include a DMZ for guests and otherwise untrusted devices, and have these
devices granted a dnsmasq-provided IP address. The devices that I know and
"trust" are dynamically assigned static IPs, defined with dhcp-host lines.
At the moment, DMZ and non-DMZ hosts are on the same subnet, but once DHCP
is working, I plan to segment it off with the router and it's own subnet
to prevent DMZ hosts from accessing non-DMZ resources, just the Internet.
To test this, I connected my laptop, for which I've not yet entered a
dhcp-host line and therefore don't trust, and asked for an IP. I
consistently get an address from the trusted block, not the DMZ where I
feel like I should get one.
A relevant clip of my dnsmasq.conf file:
domain=foo,192.168.10.50,192.168.10.100
domain=dmz.foo,192.168.10.0,192.168.10.20
dhcp-range=192.168.10.50,192.168.10.100,static,24h
dhcp-range=192.168.10.0,192.168.10.20,6h
Furthermore, having found [1], I've tried adjusting the config to:
dhcp-range=tag:!known,192.168.10.0,192.168.10.20,6h
dhcp-range=192.168.10.50,192.168.10.100,static,24h
and restarting with no change in behavior.
Am I approaching segmentation from the wrong angle, doing something wrong
with dnsmasq, or did I just miss something along the way?
Thanks so much!
Carl
[1] "[Dnsmasq-discuss] static dhcp range and lease times"
More information about the Dnsmasq-discuss
mailing list