[Dnsmasq-discuss] dnsmasq as relay agent

steve at comitcon.be steve at comitcon.be
Fri Nov 8 08:23:39 GMT 2013

Dear all,

I am using dnsmasq on a custom respin of openwrt. The setup uses 802.x
freeradius authentication. My radius sits in the datacenter. The process
is as follows:
A user logs in (AAA using FR) and gets an IP address. Currently all my
clients (users behind the openwrt [smartphones/laptops/...]) are receiving
an IP from dnsmasq, which is a local IP address. Each openwrt has their
own subnet /  etc...

I would like to set up the system that a DHCP request is relayed back to
the server (ISC DHCP, same machine as where FR is running), and the
datacenter based server leases the IP Address (making it easier to track
my final clients)

I have found in the docs that there is an option --dhcp-relay, but I
cannot find how to put it in dnsmasq.conf?
Secondly, I am foreseeing quite a security problem, where my dhcpd will
send an ip to anyone requesting (We are completely working over WAN,
tunnels , vpn etc are not an option). I would be able to filter the
request using mac authentication and iptables. But... what MAC address
will be send to the server? The modem? The OpenWRT box? The client? Or is
there another way I can add some sort of identifier and use dhcp_eval() on
the server side?

Kind regards


More information about the Dnsmasq-discuss mailing list