[Dnsmasq-discuss] Serving DHCP requests from a subnet not matching the interface

Johannes Martin jmartin at notamusica.com
Wed Jun 24 22:59:39 BST 2015 

Bonsoir Albert, hi Neil,

thank you for your replies and sorry for taking so long to acknowledge.

Albert: As it turns out, I am using vlan interfaces (eth0.10 and 
wlan0.10), and I didn't tweak anything, and as I just verified I only 
thought the bridge was working, but - as you suggested - it isn't actually 
working the way I intended it to work. Thanks for pointing that out to me.

So, I know figured out the (hopefully) proper way to do it:
- br0    - 192.168.1.254/24, bridging eth0 and wlan0
- br0:10 - 192.168.10.254/24

And now dnsmasq even turns out to be smart enough to see that a request 
coming in on the physical interface eth0 can have an ip address matching 
either of the subnets on br0 and br0:10, and so does exactly what I wanted 
it to do :)

Neil: so I don't even need the switch you suggested.

Thanks a lot for your help!

Regards
 	Johannes


On Wed, 3 Jun 2015, Albert ARIBAUD wrote:

> Bonjour Johannes,
>
> Le Wed, 3 Jun 2015 07:52:59 +0200 (CEST), Johannes Martin
> <jmartin at notamusica.com> a écrit :
>
>> Hi,
>>
>> I have the following network setup:
>> - eth0: 192.168.1.254/24
>> - br0: 192.168.10.254/24
>>  	bridging virtual interfaces eth0.10 and wlan0.10
>>  	(plain virtual interfaces, no vlan tagging)
>
> Hmm, on my system plain virtual interfaces are of the form eth0:10, not
> eth0.10, and if you used vconfig, then eth0.10 and wlan0.10 /are/
> tagged (and then, you'll need some tweaking to get the bridge to simply
> work.
>
>> I have a dynamic dhcp range defined on the 192.168.1.0 subnet and a static
>> dhcp range with static host entries (by mac address) defined on the
>> 192.168.10.0 subnet.
>>
>> When a device connects through the wlan0 interface, dnsmasq properly
>> serves the defined static addresses.
>>
>> However, when the devices connects through the eth0 interface, dnsmasq
>> serves an address from the dynamic range even when a static address is
>> defined for the device.
>>
>> So, dnsmasq does not realize that eth0 and eth0.10 are the same physical
>> interface and that it is fine to serve an address that is valid only for
>> eth0.10 on that physical interface.
>
> Bridging is for physical or vlan interfaces (see man brctl), not
> virtual ones. Are you sure you're using a virtual, not vlan,
> interface?
>
> If so, then when you bridge eth0.10, you actually bridge
> eth0, and packets which arrive at eth0 are routed to br0 irrespective
> of their destination IP.
>
> Try the following:
>
> ifconfig eth0:9 10.0.0.42
> brctl addbr br9
> brctl addif br9 eth0:9
> brctl show
>
> You'll see the interface listed under br0 is eth0, not eth0:9.
>
> If you're using vlan interfaces, ISTR packets entering a bridged vlan
> interface are actually received on the non-bridge interface and not
> forwarded through the bridge.
>
>> Is there any way to override this behaviour, i.e. make dnsmasq serve the
>> defined static ip address, even if it does not seem to make sense?
>
> I don't think you can with non-vlan virtual interfaces.
>
> Besides, since the purpose of DHCP is to assign an IP address to a
> client, most clients won't have an IP address to boot (pun half
> intended), so there will be no way for the server to choose whether an
> incoming DHCP request should be considered as coming from eth0 or
> eth0:10 (and it won't come from eth0.10, since it would need to be
> tagged for this, the dhcp clients don't know about vlans, only
> physical interfaces).
>
>> In the end I would like to be able to logically separate groups of devices
>> in different vlans which all use the same physical interfaces (I do
>> realize there will be no physical separation between the networks and
>> understand there is only little security gain in that separation).
>>
>> Thanks
>>  	Johannes
>
> Amicalement,
> -- 
> Albert.
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>

---

Mit zwei Euro im Monat helfen:
 	http://www.2-euro-helfen.de/
Help to fight hunger and injustice in our world:
 	http://www.devp.org/
 	http://www.oxfam.org/

More information about the Dnsmasq-discuss mailing list