<html data-lt-installed="true">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
Hi.<br>
<div class="moz-forward-container"><br>
Thank you, Simon and "john doe" for your responses. I forgot to
fix the mailing list options to get individual emails, only
digests, so I can't respond individually.<br>
<br>
I've inserted my responses below, prefixed with >##. I should
also add that I installed and tested my setup with isc-dhcp and
everything works as as it should, with the appropriate interfaces
serving the right IP addresses. So this is definitely a dnsmaq or
dnsmasq.conf issue. I wanted to use dnsmasq primarily because I've
used it before, for DNS, and I needed a dynamic DNS update
mechanism.<br>
<br>
Thanks again for your help.<br>
<br>
Sam<br>
<br>
<br>
On 25/09/2022 17:30,
<a class="moz-txt-link-abbreviated" href="mailto:dnsmasq-discuss-request@lists.thekelleys.org.uk">dnsmasq-discuss-request@lists.thekelleys.org.uk</a> wrote:<br>
<blockquote type="cite">Today's Topics:<br>
<br>
1. Re: dnsmasq On Subnets - Failing (john doe)<br>
2. Re: dnsmasq On Subnets - Failing (Simon Kelley)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Sat, 24 Sep 2022 14:15:22 +0200<br>
From: john doe <a class="moz-txt-link-rfc2396E" href="mailto:johndoe65534@mail.com"><johndoe65534@mail.com></a><br>
To: <a class="moz-txt-link-abbreviated" href="mailto:dnsmasq-discuss@lists.thekelleys.org.uk">dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
Subject: Re: [Dnsmasq-discuss] dnsmasq On Subnets - Failing<br>
Message-ID:
<a class="moz-txt-link-rfc2396E" href="mailto:6c183ea9-ac8d-f9c7-d898-ee4862144ee5@mail.com"><6c183ea9-ac8d-f9c7-d898-ee4862144ee5@mail.com></a><br>
Content-Type: text/plain; charset=UTF-8; format=flowed<br>
<br>
Giving some hints more than an answer.<br>
<br>
On 9/23/2022 2:20 PM, Zeta Cloud wrote:<br>
<blockquote type="cite">Hi.<br>
<br>
I'm running dnsmasq as the local DHCP server in a
container/VM/jail<br>
intended to serve as a router for multiple VMs, and the router
VM is set up<br>
with multiple vnics, each on a different subnet.<br>
</blockquote>
I'll assume that you are talking about VLAN/alias interface.<br>
</blockquote>
>## They're actually virtual interfaces, and not alias IP
addresses assigned to the same (virtual) hardware network card.<br>
<br>
<blockquote type="cite">
<blockquote type="cite">vnic1: Subnet A -> 192.168.11.0
(external)<br>
</blockquote>
What Ip are you realy getting on this interface?<br>
</blockquote>
>## As indicated, I'm getting 3 IP addresses.<br>
<blockquote type="cite">
<blockquote type="cite">vnic2: Subnet B -> 192.168.21.0
(internal)<br>
vnic3: Subnet C -> 192.168.31.0 (storage)<br>
<br>
The problem I'm having is that as soon as a VM on subnet A
requests a DHCP<br>
address, dnsmasq will not respond to any future requests from
VMs on subnet<br>
B or subnet C. If I restart the dnsmasq service, and if the
first DHCP<br>
request is from subnet B, it won't respond to queries from
subnet A/C. Etc.<br>
<br>
</blockquote>
Does your network topology works without dnsmasq?<br>
</blockquote>
>## Yes<br>
<blockquote type="cite">
<blockquote type="cite">Is this peculiar to the particular
version of dnsmasq-2.86? I've tried<br>
everything, with and without option bind-interfaces, with and
without all<br>
interfaces explicitly listed, exclude-interfaces, etc.<br>
<br>
</blockquote>
See above point.<br>
<br>
<blockquote type="cite">Any help on this would be greatly
appreciated. I've already spent 2 days<br>
trying to figure out what was going on. I'm trying to set up<br>
containers/VMs. The problem I face is that once I set up a VM
on one<br>
subnet, VM creation fails for all other subnets. A restart of
dnsmasq<br>
doesn't help, because then dnsmasq responds to the first and
subsequent<br>
DHCP requests from a subnet, but stops responding to VMs on
other subnets.<br>
<br>
Thanks very much.<br>
<br>
</blockquote>
Try to get this working with one internal and one external
interface.<br>
</blockquote>
>## Works fine on a single interface, or with single subnet.<br>
<blockquote type="cite">
<blockquote type="cite">My dnsmasq.conf included below for
reference.<br>
------------------------------------------<br>
dhcp-authoritative<br>
dhcp-lease-max=1000<br>
dhcp-leasefile=/var/cache/dnsmasq/dnsmasq.leases<br>
dhcp-rapid-commit<br>
</blockquote>
Remove this one for the time being.<br>
</blockquote>
>## Which option are you referring to - dhcp-rapid-commit?<br>
<blockquote type="cite">
<blockquote type="cite">log-facility=/var/log/dnsmasq/dnsmasq.log<br>
log-queries<br>
log-dhcp<br>
<br>
</blockquote>
Do you see in the log why dnsmasq is not happy?<br>
</blockquote>
>## No. dnsmasq log shows no reaction, no logs, on any of the
other interfaces/subnets after it serves a DHCP request on any one
interface.<br>
<blockquote type="cite">
<blockquote type="cite"># NAT Interface<br>
except-interface=net0<br>
no-dhcp-interface=net0<br>
</blockquote>
If you ignore the interface, the other flag is not realy needed.<br>
</blockquote>
>## Yes, I know, this is just overkill. net0 is connected to
the LAN router which also has a DHCP server.<br>
<blockquote type="cite">
<blockquote type="cite">domain=zetac.lan<br>
<br>
# Subnet A<br>
interface=net1<br>
bind-interfaces<br>
listen-address=192.168.11.1<br>
dhcp-range=set:extl,192.168.11.101,192.168.11.200,12h<br>
dhcp-option=tag:extl,option:dns-server,192.168.11.1<br>
dhcp-option=option:netmask,255.255.255.0<br>
dhcp-option=option:domain-name,zetac.lan<br>
<br>
# Subnet B<br>
interface=net2<br>
bind-interfaces<br>
</blockquote>
Why do you use this opt multiple times, I would only use it
once.<br>
</blockquote>
>## Actually, I have the settings for each subnet in a
different conf file, which helps better manage each subnet. So
there is some overlap/repeat with the options.<br>
<blockquote type="cite">
<blockquote type="cite">listen-address=192.168.21.1<br>
</blockquote>
In this context, I can't say that I see the point of using the
above.<br>
</blockquote>
>## OK<br>
<blockquote type="cite">
<blockquote type="cite">dhcp-option=tag:intl,option:dns-server,192.168.21.1<br>
dhcp-option=option:netmask,255.255.255.0<br>
dhcp-option=option:domain-name,zetac.lan<br>
<br>
</blockquote>
Do you realy need those opts?<br>
</blockquote>
>## not when they are the same/similar for every subnet. I have
left them in the settings for each subnet to later test changing
these settings along with the IP address assigned to each subnet.<br>
<blockquote type="cite">
<blockquote type="cite"># Subnet B<br>
interface=net3<br>
bind-interfaces<br>
listen-address=192.168.31.1<br>
dhcp-range=set:intl,192.168.31.101,192.168.31.200,12h<br>
dhcp-option=tag:intl,option:dns-server,192.168.31.1<br>
dhcp-option=option:netmask,255.255.255.0<br>
dhcp-option=option:domain-name,zetac.lan<br>
<br>
</blockquote>
Same points as for the other subnet.<br>
<br>
<br>
If I may, find a simple network example for two interfaces<br>
(internal/external), then get dnsmasq working and build up from
there.<br>
<br>
--<br>
John Doe<br>
</blockquote>
>## Thanks John.<br>
<blockquote type="cite"><br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Sun, 25 Sep 2022 00:15:49 +0100<br>
From: Simon Kelley <a class="moz-txt-link-rfc2396E" href="mailto:simon@thekelleys.org.uk"><simon@thekelleys.org.uk></a><br>
To: <a class="moz-txt-link-abbreviated" href="mailto:dnsmasq-discuss@lists.thekelleys.org.uk">dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
Subject: Re: [Dnsmasq-discuss] dnsmasq On Subnets - Failing<br>
Message-ID:
<a class="moz-txt-link-rfc2396E" href="mailto:c0dbe6ac-8786-224f-05a2-e5f948f49f59@thekelleys.org.uk"><c0dbe6ac-8786-224f-05a2-e5f948f49f59@thekelleys.org.uk></a><br>
Content-Type: text/plain; charset=UTF-8; format=flowed<br>
<br>
<br>
<br>
On 23/09/2022 13:20, Zeta Cloud wrote:<br>
<blockquote type="cite">Hi.<br>
<br>
I'm running dnsmasq as the local DHCP server in a
container/VM/jail<br>
intended to serve as a router for multiple VMs, and the router
VM is set<br>
up with multiple vnics, each on a different subnet.<br>
<br>
vnic1: Subnet A -> 192.168.11.0 (external)<br>
vnic2: Subnet B -> 192.168.21.0 (internal)<br>
vnic3: Subnet C -> 192.168.31.0 (storage)<br>
<br>
The problem I'm having is that as soon as a VM on subnet A
requests a<br>
DHCP address, dnsmasq will not respond to any future requests
from VMs<br>
on subnet B or subnet C. If I restart the dnsmasq service, and
if the<br>
first DHCP request is from subnet B, it won't respond to
queries from<br>
subnet A/C. Etc.<br>
<br>
Is this peculiar to the particular version of dnsmasq-2.86?
I've tried<br>
everything, with and without option bind-interfaces, with and
without<br>
all interfaces explicitly listed, exclude-interfaces, etc.<br>
<br>
Any help on this would be greatly appreciated. I've already
spent 2 days<br>
trying to figure out what was going on. I'm trying to set up<br>
containers/VMs. The problem I face is that once I set up a VM
on one<br>
subnet, VM creation fails for all other subnets. A restart of
dnsmasq<br>
doesn't help, because then dnsmasq responds to the first and
subsequent<br>
DHCP requests from a subnet, but stops responding to VMs on
other subnets.<br>
<br>
Thanks very much.<br>
<br>
Sam<br>
<br>
My dnsmasq.conf included below for reference.<br>
------------------------------------------<br>
dhcp-authoritative<br>
dhcp-lease-max=1000<br>
dhcp-leasefile=/var/cache/dnsmasq/dnsmasq.leases<br>
dhcp-rapid-commit<br>
log-facility=/var/log/dnsmasq/dnsmasq.log<br>
log-queries<br>
log-dhcp<br>
<br>
# NAT Interface<br>
except-interface=net0<br>
no-dhcp-interface=net0<br>
<br>
domain=zetac.lan<br>
<br>
# Subnet A<br>
interface=net1<br>
bind-interfaces<br>
listen-address=192.168.11.1<br>
dhcp-range=set:extl,192.168.11.101,192.168.11.200,12h<br>
dhcp-option=tag:extl,option:dns-server,192.168.11.1<br>
dhcp-option=option:netmask,255.255.255.0<br>
dhcp-option=option:domain-name,zetac.lan<br>
<br>
# Subnet B<br>
interface=net2<br>
bind-interfaces<br>
listen-address=192.168.21.1<br>
dhcp-range=set:intl,192.168.21.101,192.168.21.200,12h<br>
dhcp-option=tag:intl,option:dns-server,192.168.21.1<br>
dhcp-option=option:netmask,255.255.255.0<br>
dhcp-option=option:domain-name,zetac.lan<br>
<br>
# Subnet B<br>
interface=net3<br>
bind-interfaces<br>
listen-address=192.168.31.1<br>
dhcp-range=set:intl,192.168.31.101,192.168.31.200,12h<br>
dhcp-option=tag:intl,option:dns-server,192.168.31.1<br>
dhcp-option=option:netmask,255.255.255.0<br>
dhcp-option=option:domain-name,zetac.lan<br>
<br>
bogus-priv<br>
filterwin2k<br>
no-hosts<br>
no-resolv<br>
no-poll<br>
expand-hosts<br>
domain-needed<br>
dns-forward-max=150<br>
neg-ttl=3600<br>
</blockquote>
What netmasks are set _in_the_kernel_ for net1, net2 and net3?
The fact<br>
that you've set the netmasks as dhcp-options makes me worry that
they<br>
may not be set correctly, as if they are you wouldn't need the<br>
dhcp-options, the correct value would be sent automatically.<br>
<br>
You have log-dhcp set. Posting the resulting logs here might be
useful.<br>
<br>
Simon.<br>
</blockquote>
<br>
>## Hi Simon: netmask is the same as here, 255.255.255.0, as
for the primary IP. I've intentionally kept it the same since I'm
testing a simple network topology to begin with. I'm running
illumos OmniOS and crossbow for network testing, using a zone
(container) with multiple virtualĀ interfaces, where this zone's
role is to be a firewall and router between the different subnets.
Firewall is turned off, NAT is working OK. I tested NAT by
creating VMs with static IP addresses for different subnets. The
DHCP log is attached. As I mentioned above, you can't really see
what's wrong since nothing shows in the log once dnsmasq offers an
IP address any any interface and stops responding on other
interfaces until I restart the service.<br>
<br>
Thanks again.<br>
<br>
<br>
</div>
</body>
<lt-container></lt-container>
</html>