[Dnsmasq-discuss] restricting to one interface doesnt work
Oliver Rath
rath at mglug.de
Tue Jun 24 21:28:15 UTC 2014
Hi list,
i try to restrict the dns of dnsmasq to one interface (3 existing
interfaces, I hided ppp0), but it seems, that it doesnt work.
My config:
server=//141.1.1.1
local=/heimserver/
address=/owncloud/192.168.0.254
dhcp-range=set:gw2,192.168.2.50,192.168.2.150,255.255.255.0,12h
dhcp-range=::,constructor:sixxs,ra-names
dhcp-range=::,constructor:p3p1,ra-names
dhcp-option=tag:gw2,128,192.168.2.254
dhcp-option=252,"http://heimserver/wpad.dat"
dhcp-option-force=208,f1:00:74:7e
dhcp-option-force=210,/opt/dmi/tftproot/
dhcp-boot=undionly.kkpxe
enable-tftp
tftp-root=/opt/dmi/tftproot
log-queries
log-dhcp
my ifconfig.
# ifconfig | grep mtu -A1
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
--
p1p1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.254 netmask 255.255.255.0 broadcast 192.168.0.255
--
p2p1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.11.254 netmask 255.255.255.0 broadcast 192.168.11.255
--
p3p1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.2.254 netmask 255.255.255.0 broadcast 192.168.2.255
So here only p3p1 is addressed here. But if i look for open ports, on
all interfaces 53 is open:
# nmap 192.168.11.254
Starting Nmap 6.25 ( http://nmap.org ) at 2014-06-24 23:16 CEST
Nmap scan report for 192.168.11.254
Host is up (0.00014s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
53/tcp open domain
749/tcp open kerberos-adm
2000/tcp open cisco-sccp
Nmap done: 1 IP address (1 host up) scanned in 0.76 seconds
heimserver dnsmasq.d # nmap 192.168.2.254
Starting Nmap 6.25 ( http://nmap.org ) at 2014-06-24 23:16 CEST
Nmap scan report for 192.168.2.254
Host is up (0.00040s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
53/tcp open domain
749/tcp open kerberos-adm
2000/tcp open cisco-sccp
Nmap done: 1 IP address (1 host up) scanned in 1.72 seconds
heimserver dnsmasq.d # nmap 192.168.0.254
Starting Nmap 6.25 ( http://nmap.org ) at 2014-06-24 23:16 CEST
Nmap scan report for heimserver.koenigsteinstr.muc (192.168.0.254)
Host is up (0.00011s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
53/tcp open domain
749/tcp open kerberos-adm
2000/tcp open cisco-sccp
for being sure, dnsmasq is the only dns-server here, i did this:
# netstat -vanpe | grep :53
netstat: no support for `AF INET (sctp)' on this system.
netstat: no support for `AF INET (sctp)' on this system.
tcp 0 0 0.0.0.0:53 0.0.0.0:*
LISTEN 0 1701253 12137/dnsmasq
tcp 0 0 192.168.0.254:5038 192.168.0.1:53788
VERBUNDEN 101 1666180 27070/asterisk
tcp6 0 0 :::53 :::*
LISTEN 0 1701256 12137/dnsmasq
udp 0 0 0.0.0.0:53
0.0.0.0:* 0 1701252
12137/dnsmasq
udp6 0 0 :::53
:::* 0 1701255
12137/dnsmasq
netstat: no support for `AF IPX' on this system.
netstat: no support for `AF AX25' on this system.
netstat: no support for `AF X25' on this system.
netstat: no support for `AF NETROM' on this system.
So whats wrong here? Has dnsmasq problems with interfaces named p1p1,
p2p1 etc. ?
Tfh!
Oliver
More information about the Dnsmasq-discuss
mailing list