[Dnsmasq-discuss] Serving DHCP requests from a subnet not matching the interface

Albert ARIBAUD albert.aribaud at free.fr
Wed Jun 3 07:44:20 BST 2015 

Bonjour Johannes,

Le Wed, 3 Jun 2015 07:52:59 +0200 (CEST), Johannes Martin
<jmartin at notamusica.com> a écrit :

> Hi,
> 
> I have the following network setup:
> - eth0: 192.168.1.254/24
> - br0: 192.168.10.254/24
>  	bridging virtual interfaces eth0.10 and wlan0.10
>  	(plain virtual interfaces, no vlan tagging)

Hmm, on my system plain virtual interfaces are of the form eth0:10, not
eth0.10, and if you used vconfig, then eth0.10 and wlan0.10 /are/
tagged (and then, you'll need some tweaking to get the bridge to simply
work.

> I have a dynamic dhcp range defined on the 192.168.1.0 subnet and a static 
> dhcp range with static host entries (by mac address) defined on the 
> 192.168.10.0 subnet.
> 
> When a device connects through the wlan0 interface, dnsmasq properly 
> serves the defined static addresses.
> 
> However, when the devices connects through the eth0 interface, dnsmasq 
> serves an address from the dynamic range even when a static address is 
> defined for the device.
> 
> So, dnsmasq does not realize that eth0 and eth0.10 are the same physical 
> interface and that it is fine to serve an address that is valid only for 
> eth0.10 on that physical interface.

Bridging is for physical or vlan interfaces (see man brctl), not
virtual ones. Are you sure you're using a virtual, not vlan,
interface?

If so, then when you bridge eth0.10, you actually bridge
eth0, and packets which arrive at eth0 are routed to br0 irrespective
of their destination IP.

Try the following:

ifconfig eth0:9 10.0.0.42
brctl addbr br9
brctl addif br9 eth0:9
brctl show

You'll see the interface listed under br0 is eth0, not eth0:9.

If you're using vlan interfaces, ISTR packets entering a bridged vlan
interface are actually received on the non-bridge interface and not
forwarded through the bridge.

> Is there any way to override this behaviour, i.e. make dnsmasq serve the 
> defined static ip address, even if it does not seem to make sense?

I don't think you can with non-vlan virtual interfaces.

Besides, since the purpose of DHCP is to assign an IP address to a
client, most clients won't have an IP address to boot (pun half
intended), so there will be no way for the server to choose whether an
incoming DHCP request should be considered as coming from eth0 or
eth0:10 (and it won't come from eth0.10, since it would need to be
tagged for this, the dhcp clients don't know about vlans, only
physical interfaces).

> In the end I would like to be able to logically separate groups of devices 
> in different vlans which all use the same physical interfaces (I do 
> realize there will be no physical separation between the networks and 
> understand there is only little security gain in that separation).
> 
> Thanks
>  	Johannes

Amicalement,
-- 
Albert.

More information about the Dnsmasq-discuss mailing list