<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<font face="Carlito">That actually makes a lot of sense. I'll see if
I can make that work. <br>
Thanks for the suggestion!<br>
<br>
Koos<br>
</font><br>
<div class="moz-cite-prefix">Op 22-12-2019 om 16:35 schreef Uwe
Schindler:<br>
</div>
<blockquote type="cite"
cite="mid:031801d5b8dd$78722f50$69568df0$@thetaphi.de">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Carlito;
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
code
{mso-style-priority:99;
font-family:"Courier New";}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.E-MailFormatvorlage19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-US">Hi,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-US">I think you should have 2 DNSMASQ instances
running, one for each interface. So each one only registers
their own known DHCP clients (I assume the DHCP is also
different for both subnets) and also returns them. You just
need to make DNSMASQ bind to the interfaces directly (see
bind-interfaces) option.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-US">Uwe<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-US"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal">-----<o:p></o:p></p>
<p class="MsoNormal">Uwe Schindler<o:p></o:p></p>
<p class="MsoNormal">Achterdiek 19, D-28357 Bremen<o:p></o:p></p>
<p class="MsoNormal"><a href="https://www.thetaphi.de"
moz-do-not-send="true"><span style="color:blue">https://www.thetaphi.de</span></a><o:p></o:p></p>
<p class="MsoNormal">eMail: <a class="moz-txt-link-abbreviated" href="mailto:uwe@thetaphi.de">uwe@thetaphi.de</a><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0cm
0cm 0cm 4.0pt">
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b>From:</b> Dnsmasq-discuss
<a class="moz-txt-link-rfc2396E" href="mailto:dnsmasq-discuss-bounces@lists.thekelleys.org.uk"><dnsmasq-discuss-bounces@lists.thekelleys.org.uk></a>
<b>On Behalf Of </b>Koos Pol<br>
<b>Sent:</b> Saturday, December 21, 2019 9:11 AM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:dnsmasq-discuss@lists.thekelleys.org.uk">dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
<b>Subject:</b> [Dnsmasq-discuss] How to prevent LAN DNS
for remote guests<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="font-family:"Carlito",serif">Hi,<br>
<br>
I'm setting up my openwrt modem as an internet gateway for
remote guests.<br>
The modem is running openvpn and dnsmasq.<br>
The guests arrive at their own interface (tun1 = openvpn)
with a different subnet. Guest > LAN forwarding is
disabled in the firewall for security reasons.<br>
However, once the guests have connected, dnsmasq will
resolve the LAN for them. Although guests won't be able to
connect to anything on the LAN (forwarding is off) they
are still able to go on a fishing expedition thanks to
DNS. I don't want to turn off DNS completely. So </span><code><span
style="font-size:10.0pt">--except-interface=tun1</span></code><span
style="font-family:"Carlito",serif"> is not an
option. <br>
So, for anything connecting to tun1, how can I enable DNS
resolving the internet space, while preventing resolving
my LAN?<br>
<br>
Thanks!<br>
Koos</span><o:p></o:p></p>
</div>
</div>
</blockquote>
<br>
</body>
</html>