[Dnsmasq-discuss] DMZ IP allocations

richardvoigt at gmail.com richardvoigt at gmail.com
Thu Dec 20 17:37:14 GMT 2012 

Try removing the static dhcp-range entirely.

Reserved addresses don't have to be in a pool, just on a network where DHCP
is enabled.  Which the other line already does.

In cases where you do need the static dhcp-range (there is no pool on that
interface), it's customary to specify just a single address, not a range.


On Thu, Dec 20, 2012 at 12:13 PM, <cwh0803 at cs.rit.edu> wrote:

> All-
> A quick question to help clarify something that is probably so easy I've
> missed something obvious, but having missed it, I find myself rather lost.
>
> This pertains to dnsmasq 2.63 from Ubuntu 12.10.
>
> Not unlike others I suspect, I'd like to partition my home network to
> include a DMZ for guests and otherwise untrusted devices, and have these
> devices granted a dnsmasq-provided IP address. The devices that I know and
> "trust" are dynamically assigned static IPs, defined with dhcp-host lines.
>
> At the moment, DMZ and non-DMZ hosts are on the same subnet, but once DHCP
> is working, I plan to segment it off with the router and it's own subnet
> to prevent DMZ hosts from accessing non-DMZ resources, just the Internet.
>
> To test this, I connected my laptop, for which I've not yet entered a
> dhcp-host line and therefore don't trust, and asked for an IP. I
> consistently get an address from the trusted block, not the DMZ where I
> feel like I should get one.
>
> A relevant clip of my dnsmasq.conf file:
>
> domain=foo,192.168.10.50,192.168.10.100
> domain=dmz.foo,192.168.10.0,192.168.10.20
>
> dhcp-range=192.168.10.50,192.168.10.100,static,24h
> dhcp-range=192.168.10.0,192.168.10.20,6h
>
> Furthermore, having found [1], I've tried adjusting the config to:
>
> dhcp-range=tag:!known,192.168.10.0,192.168.10.20,6h
> dhcp-range=192.168.10.50,192.168.10.100,static,24h
>
> and restarting with no change in behavior.
>
> Am I approaching segmentation from the wrong angle, doing something wrong
> with dnsmasq, or did I just miss something along the way?
>
> Thanks so much!
>
> Carl
>
> [1] "[Dnsmasq-discuss] static dhcp range and lease times"
>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20121220/d72679dc/attachment.html>

More information about the Dnsmasq-discuss mailing list