[Dnsmasq-discuss] New here, and looking for some help

Thu Dec 29 14:52:45 GMT 2011

On Thu, Dec 29, 2011 at 12:42 AM, M <kiwirider777 at gmail.com> wrote:
> Hi all.
>
> I won't post configs etc yet this message, want to get the basic system up
> and running first - just trying a reinstall after some suggestions from
> Simon - basically because I'm building a server at home for another network
> I kinda screwed some things up. Reinstall might help fix that :)
>
> Anyways, what I want to achieve is a network with the basic following layout
> :
>
> eth0 - talks to the outside world.
>
> eth1 (10.0.1.1) - 10.0.1.10 - 10.0.1.254 - Limited internet access, some
> sites not available to machines connected to this
>
> eth2 (10.0.2.1) - 10.0.2.10 - 10.0.2.254 - full access to the few machines
> connected here.
>
> Could also have eth1 do up to .100 and eth2 do .101-254.
>
> I'm certain that DNSMasq should be capable of doing this, but am not quite
> sure how to do it. I'd rather have pointers in the right direction than a
> full guide, and only get extra help if I need it. I retain the information
> better by having to learn to do it myself :)

It would be easier IMO to run one instance of dnsmasq and setup dhcp
pools for each physical address that needs one.  I don't think your
idea of having eth1 do up to .100 and eth2 for the rest has merit.
Your original idea that eth1 would be 10.0.1.1 and support a dhcp pool
in the 10.0.1 network.

eth2 then can have 10.0.2.1 and a seperate dhcp pool for the 10.0.2 network.

>
> One thing that might be important early on - eventually this box will be
> running a website, and of course I want the URL to point back to the
> machine, however if I have 10.0.1.x and 10.0.2.x addresses, I can see I
> might run into issues with getting each branch to point to the right place.
> In this case, would it be better to keep everything under the .1.x range?
> After all, we''ll never have more than 30 machines connected at any one
> time, and most of the time only 10 on an extreme day.
>

Getting the branches to point to the right place doesnt have anything
to do with dnsmasq in my view.  Its easy to put up a internal web
server on 10.0.1.5 (for example)

The 10.0.2 network machines can access the web server on 10.0.1.5
provided two things are true.  dnsmasq running on the server must tell
the 10.0.2 net that the hostnames ip address is 10.0.1.5.  Then your
firewall/routing/gateway setup must allow the 10.0.2 network access to
the 10.0.1 network.

dnsmasq has little to do with this, its network design/routing tables
stuff that you need to be aware of.

As to your need to have one of the networks not have full internet
access, exactly how you do that depends on your needs.  A forced
network proxy server that blocks certain web sites is the classic
solution for this type of thing.

you could do this with dnsmasq also and sort of poison the dns
results, but one thing you have to worry about is the ease of
maintenance over the long term.

Have fun, and good luck.