[Dnsmasq-discuss] Restrict DHCP providing default gateway to *one* host on one network

Will Dennis (Live.com) willarddennis at live.com
Wed Apr 24 19:21:06 BST 2013


So again, my requirement is to send a router value (default gateway) in
response to ALL DCHP client DHCPDISCOVER requests coming in off interface
vl20-ovsbr0 EXCEPT the one tagged "wanem-20" which should get NO (i.e. null)
router option sent to it.

Empirically, the line I have (dhcp-option=tag:vl20-ovsbr0,tag:wanem-20,3) is
working for me and does exactly the above. I suppose it is because that line
means any machine (MACaddr) sending the DHCPDISCOVER message which is tagged
both "vl20-ovsbr0" and "wanem-20" (which will be met by the WANem MAC addr
alone) therefore meets the criteria of a null option 3 being sent. All other
machines on that network (off the vl20-ovsbr0 interface) do not meet the
criteria of this line (they are tagged "vl20-ovsbr0" alone) and therefore
they get the default, which is to send the interface IP address that dnsmasq
is listening on as DHCP option 3 (the default gateway.) Do I have this logic
correct? Just trying to understand.

The stanza 

dhcp-option=tag:vl20-ovsbr0,tag:!wanem-20,3

which says send an empty option 3 for hosts when "vl20-ovsbr0" is set AND
"wanem-20" is NOT set, would do just the opposite, correct? (i.e. only the
one machine with both tags set would recv a option 3 value, and the rest
would NOT.) That would be the opposite of what I want to happen...

Thanks again for your kind assistance and your replies...

Will

-----Original Message-----
From: Simon Kelley [mailto:simon at thekelleys.org.uk] 
Sent: Wednesday, April 24, 2013 11:55 AM
To: Will Dennis (Live.com)
Cc: dnsmasq-discuss at lists.thekelleys.org.uk; dnsmasq at iam.tj
Subject: Re: [Dnsmasq-discuss] Restrict DHCP providing default gateway to
*one* host on one network

On 24/04/13 15:52, Will Dennis (Live.com) wrote:
> OK, this works - thanks TJ&  Simon!
>
> So as I understand it, the line:
> dhcp-option=tag:vl20-ovsbr0,tag:wanem-20,3
> means: for the machines tagged "vl20-ovsbr0" (which includes the WANem 
> machine's 2nd NIC), just use whatever the default option would be for 
> the router; but on machines tagged "wanem-20" (which matches ONLY the 
> WANem machine's 2nd NIC), set a NULL router option.
> Correct? And, does order of application matter, or how else does 
> dnsmasq resolve the two options that match for the WANem VM's 2nd NIC?
>

dhcp-option=tag:vl20-ovsbr0,tag:wanem-20,3

says, send an empty option 3 for hosts when vl20-ovsbr0 AND wanem-20 are
set. What you should have is

dhcp-option=tag:vl20-ovsbr0,tag:!wanem-20,3

which says send an empty option 3 for hosts when vl20-ovsbr0 is set AND
wanem-20 is NOT set.

Since option 3 is in the set of options which dnsmasq sends by default, the
meaning of "send an empty option 3" is subtly altered to "don't send option
3"


Cheers,

Simon.

> Thanks again to everyone for their help in this!
>
> Best,
> Will
>
> -----Original Message-----
> From: dnsmasq-discuss-bounces at lists.thekelleys.org.uk
> [mailto:dnsmasq-discuss-bounces at lists.thekelleys.org.uk] On Behalf Of 
> Simon Kelley
> Sent: Wednesday, April 24, 2013 5:01 AM
> To: dnsmasq-discuss at lists.thekelleys.org.uk
> Subject: Re: [Dnsmasq-discuss] Restrict DHCP providing default gateway 
> to
> *one* host on one network
>
> On 24/04/13 08:58, TJ wrote:
>> On 23/04/13 15:33, Will Dennis (Live.com) wrote:
>>> interface=vl10-ovsbr0
>>> interface=vl20-ovsbr0
>>> bind-interfaces
>>> dhcp-range=vl10-ovsbr0,192.168.10.50,192.168.10.150,4h
>>> dhcp-range=vl20-ovsbr0,192.168.20.50,192.168.20.150,4h
>>> dhcp-host=52:54:00:d5:ee:4d,id:*,192.168.10.1
>>> dhcp-mac=set:wanem-20,52:54:00:45:8c:6a
>>> dhcp-option=vl10-ovsbr0,3,192.168.10.254
>>> dhcp-option=tag:vl20-ovsbr0,tag:!wanem-20,3,192.168.20.254
>>> log-dhcp
>>
>> I may be mis-reading the manual but as I understood it dnsmasq will 
>> issue a default set of options for each range.
>>
>> dhcp-range=vl20-ovsbr0 will get a default option 3 which will be the 
>> IP of the host running dnsmasq
>>
>> dhcp-mac=set:wanem-20 sets a tag for the exceptional client
>>
>> dhcp-option=tag:vl20-ovsbr0,tag:!wanem-20 will set a (possibly 
>> different)
> gateway for non-exceptional clients.
>>
>> At this point the exceptional client will have the default option 3 
>> for
> the range. I think what you need is to not send any default route at 
> all when the exceptional client makes a request:
>>
>> dhcp-option=tag:vl20-ovsbr0,tag:wanem-20,3
>
> I concur. Will, you've just omitted the empty option 3 from the last 
> dhcp-option.
>
> (Wanders off to teach dnsmasq to complain in this situation.......)
>
>
> Cheers,
>
> Simon.
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>





More information about the Dnsmasq-discuss mailing list