[Dnsmasq-discuss] DNSMasq, DHCP, Shorewall, and Proxy Arp
Steve H.
steve at csquaredtech.com
Wed Feb 6 14:19:46 GMT 2008
On Monday 04 February 2008 09:04:22 pm richardvoigt at gmail.com wrote:
>
> It's not a safeguard. It is *necessary* to ensure correct handling of
> relays.
>
This basically sounds like a policy decision on relays. For instance, people
in my situation would _like_ the 'incorrect handling' you speak of. While I
appreciate the effort you took in coming up with the example, I think it
muddies things more. Having 2 different sub-nets, with 2 different security
requirements served via a single dhcp server just seems like asking for
trouble (In my case, all the machine have the same security risks - all are
public servers). Anyway, thanks for clarifying the thought process behind
the behavior. I do appreciate all the time you've taken to explain things
>
> Of course that will work. DHCP relays are always used to serve nodes
> beyond the next-hop, never from the same subnet (in the same subnet no
> relay is needed).
>
Ok - since I have to eat an address on every subnet, I might as well assign
them directly to the DNSMasq interface, and skip the relays. Then DNSMasq
should be happy. I was hoping to avoid this as it eats an I.P. address, and
requires me to remember to add a new I.P. to the DNSMasq interface everytime
I get a new sub-net. However, that would be less trouble then having to do
that _and_ configure a relay for each new subnet.
Thanks again for all the help,
Steve
More information about the Dnsmasq-discuss
mailing list