[Dnsmasq-discuss] DNSMasq, DHCP, Shorewall, and Proxy Arp

Steve H. steve at csquaredtech.com
Wed Feb 6 14:19:46 GMT 2008


On Monday 04 February 2008 09:04:22 pm richardvoigt at gmail.com wrote:
>
> It's not a safeguard.  It is *necessary* to ensure correct handling of
> relays.
>
This basically sounds like a policy decision on relays.  For instance, people 
in my situation would _like_ the 'incorrect handling' you speak of.  While I 
appreciate the effort you took in coming up with the example, I think it 
muddies things more.  Having 2 different sub-nets, with 2 different security 
requirements served via a single dhcp server just seems like asking for 
trouble (In my case, all the machine have the same security risks - all are 
public servers).  Anyway, thanks for clarifying the thought process behind 
the behavior. I do appreciate all the time you've taken to explain things

>
> Of course that will work.  DHCP relays are always used to serve nodes
> beyond the next-hop, never from the same subnet (in the same subnet no
> relay is needed).
>
Ok - since I have to eat an address on every subnet, I might as well assign 
them directly to the DNSMasq interface, and skip the relays.  Then DNSMasq 
should be happy.  I was hoping to avoid this as it eats an I.P. address, and 
requires me to remember to add a new I.P. to the DNSMasq interface everytime 
I get a new sub-net.  However, that would be less trouble then having to do 
that _and_ configure a relay for each new subnet.

Thanks again for all the help,
Steve





More information about the Dnsmasq-discuss mailing list