[Dnsmasq-discuss] Restrict DHCP providing default gateway to *one* host on one network
Will Dennis (Live.com)
willarddennis at live.com
Wed Apr 24 19:21:06 BST 2013
So again, my requirement is to send a router value (default gateway) in
response to ALL DCHP client DHCPDISCOVER requests coming in off interface
vl20-ovsbr0 EXCEPT the one tagged "wanem-20" which should get NO (i.e. null)
router option sent to it.
Empirically, the line I have (dhcp-option=tag:vl20-ovsbr0,tag:wanem-20,3) is
working for me and does exactly the above. I suppose it is because that line
means any machine (MACaddr) sending the DHCPDISCOVER message which is tagged
both "vl20-ovsbr0" and "wanem-20" (which will be met by the WANem MAC addr
alone) therefore meets the criteria of a null option 3 being sent. All other
machines on that network (off the vl20-ovsbr0 interface) do not meet the
criteria of this line (they are tagged "vl20-ovsbr0" alone) and therefore
they get the default, which is to send the interface IP address that dnsmasq
is listening on as DHCP option 3 (the default gateway.) Do I have this logic
correct? Just trying to understand.
The stanza
dhcp-option=tag:vl20-ovsbr0,tag:!wanem-20,3
which says send an empty option 3 for hosts when "vl20-ovsbr0" is set AND
"wanem-20" is NOT set, would do just the opposite, correct? (i.e. only the
one machine with both tags set would recv a option 3 value, and the rest
would NOT.) That would be the opposite of what I want to happen...
Thanks again for your kind assistance and your replies...
Will
-----Original Message-----
From: Simon Kelley [mailto:simon at thekelleys.org.uk]
Sent: Wednesday, April 24, 2013 11:55 AM
To: Will Dennis (Live.com)
Cc: dnsmasq-discuss at lists.thekelleys.org.uk; dnsmasq at iam.tj
Subject: Re: [Dnsmasq-discuss] Restrict DHCP providing default gateway to
*one* host on one network
On 24/04/13 15:52, Will Dennis (Live.com) wrote:
> OK, this works - thanks TJ& Simon!
>
> So as I understand it, the line:
> dhcp-option=tag:vl20-ovsbr0,tag:wanem-20,3
> means: for the machines tagged "vl20-ovsbr0" (which includes the WANem
> machine's 2nd NIC), just use whatever the default option would be for
> the router; but on machines tagged "wanem-20" (which matches ONLY the
> WANem machine's 2nd NIC), set a NULL router option.
> Correct? And, does order of application matter, or how else does
> dnsmasq resolve the two options that match for the WANem VM's 2nd NIC?
>
dhcp-option=tag:vl20-ovsbr0,tag:wanem-20,3
says, send an empty option 3 for hosts when vl20-ovsbr0 AND wanem-20 are
set. What you should have is
dhcp-option=tag:vl20-ovsbr0,tag:!wanem-20,3
which says send an empty option 3 for hosts when vl20-ovsbr0 is set AND
wanem-20 is NOT set.
Since option 3 is in the set of options which dnsmasq sends by default, the
meaning of "send an empty option 3" is subtly altered to "don't send option
3"
Cheers,
Simon.
> Thanks again to everyone for their help in this!
>
> Best,
> Will
>
> -----Original Message-----
> From: dnsmasq-discuss-bounces at lists.thekelleys.org.uk
> [mailto:dnsmasq-discuss-bounces at lists.thekelleys.org.uk] On Behalf Of
> Simon Kelley
> Sent: Wednesday, April 24, 2013 5:01 AM
> To: dnsmasq-discuss at lists.thekelleys.org.uk
> Subject: Re: [Dnsmasq-discuss] Restrict DHCP providing default gateway
> to
> *one* host on one network
>
> On 24/04/13 08:58, TJ wrote:
>> On 23/04/13 15:33, Will Dennis (Live.com) wrote:
>>> interface=vl10-ovsbr0
>>> interface=vl20-ovsbr0
>>> bind-interfaces
>>> dhcp-range=vl10-ovsbr0,192.168.10.50,192.168.10.150,4h
>>> dhcp-range=vl20-ovsbr0,192.168.20.50,192.168.20.150,4h
>>> dhcp-host=52:54:00:d5:ee:4d,id:*,192.168.10.1
>>> dhcp-mac=set:wanem-20,52:54:00:45:8c:6a
>>> dhcp-option=vl10-ovsbr0,3,192.168.10.254
>>> dhcp-option=tag:vl20-ovsbr0,tag:!wanem-20,3,192.168.20.254
>>> log-dhcp
>>
>> I may be mis-reading the manual but as I understood it dnsmasq will
>> issue a default set of options for each range.
>>
>> dhcp-range=vl20-ovsbr0 will get a default option 3 which will be the
>> IP of the host running dnsmasq
>>
>> dhcp-mac=set:wanem-20 sets a tag for the exceptional client
>>
>> dhcp-option=tag:vl20-ovsbr0,tag:!wanem-20 will set a (possibly
>> different)
> gateway for non-exceptional clients.
>>
>> At this point the exceptional client will have the default option 3
>> for
> the range. I think what you need is to not send any default route at
> all when the exceptional client makes a request:
>>
>> dhcp-option=tag:vl20-ovsbr0,tag:wanem-20,3
>
> I concur. Will, you've just omitted the empty option 3 from the last
> dhcp-option.
>
> (Wanders off to teach dnsmasq to complain in this situation.......)
>
>
> Cheers,
>
> Simon.
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
More information about the Dnsmasq-discuss
mailing list