[Dnsmasq-discuss] restricting to one interface doesnt work

Oliver Rath rath at mglug.de
Tue Jun 24 21:28:15 UTC 2014


Hi list,

i try to restrict the dns of dnsmasq to one interface (3 existing
interfaces, I hided ppp0), but it seems, that it doesnt work.

My config:

server=//141.1.1.1
local=/heimserver/
address=/owncloud/192.168.0.254
dhcp-range=set:gw2,192.168.2.50,192.168.2.150,255.255.255.0,12h
dhcp-range=::,constructor:sixxs,ra-names
dhcp-range=::,constructor:p3p1,ra-names
dhcp-option=tag:gw2,128,192.168.2.254
dhcp-option=252,"http://heimserver/wpad.dat"
dhcp-option-force=208,f1:00:74:7e
dhcp-option-force=210,/opt/dmi/tftproot/
dhcp-boot=undionly.kkpxe
enable-tftp
tftp-root=/opt/dmi/tftproot
log-queries
log-dhcp

my ifconfig.

# ifconfig | grep mtu -A1
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
--
p1p1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.254  netmask 255.255.255.0  broadcast 192.168.0.255
--
p2p1: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.11.254  netmask 255.255.255.0  broadcast 192.168.11.255
--
p3p1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.2.254  netmask 255.255.255.0  broadcast 192.168.2.255



So here only p3p1 is addressed here. But if i look for open ports, on
all interfaces 53 is open:

# nmap 192.168.11.254

Starting Nmap 6.25 ( http://nmap.org ) at 2014-06-24 23:16 CEST
Nmap scan report for 192.168.11.254
Host is up (0.00014s latency).
Not shown: 997 closed ports
PORT     STATE SERVICE
53/tcp   open  domain
749/tcp  open  kerberos-adm
2000/tcp open  cisco-sccp

Nmap done: 1 IP address (1 host up) scanned in 0.76 seconds
heimserver dnsmasq.d # nmap 192.168.2.254

Starting Nmap 6.25 ( http://nmap.org ) at 2014-06-24 23:16 CEST
Nmap scan report for 192.168.2.254
Host is up (0.00040s latency).
Not shown: 997 closed ports
PORT     STATE SERVICE
53/tcp   open  domain
749/tcp  open  kerberos-adm
2000/tcp open  cisco-sccp

Nmap done: 1 IP address (1 host up) scanned in 1.72 seconds
heimserver dnsmasq.d # nmap 192.168.0.254
 
Starting Nmap 6.25 ( http://nmap.org ) at 2014-06-24 23:16 CEST
Nmap scan report for heimserver.koenigsteinstr.muc (192.168.0.254)
Host is up (0.00011s latency).
Not shown: 997 closed ports
PORT     STATE SERVICE
53/tcp   open  domain
749/tcp  open  kerberos-adm
2000/tcp open  cisco-sccp

for being sure, dnsmasq is the only dns-server here, i did this:

# netstat -vanpe | grep :53
netstat: no support for `AF INET (sctp)' on this system.
netstat: no support for `AF INET (sctp)' on this system.
tcp        0      0 0.0.0.0:53              0.0.0.0:*              
LISTEN      0          1701253    12137/dnsmasq      
tcp        0      0 192.168.0.254:5038      192.168.0.1:53788      
VERBUNDEN   101        1666180    27070/asterisk     
tcp6       0      0 :::53                   :::*                   
LISTEN      0          1701256    12137/dnsmasq      
udp        0      0 0.0.0.0:53             
0.0.0.0:*                           0          1701252   
12137/dnsmasq      
udp6       0      0 :::53                  
:::*                                0          1701255   
12137/dnsmasq      
netstat: no support for `AF IPX' on this system.
netstat: no support for `AF AX25' on this system.
netstat: no support for `AF X25' on this system.
netstat: no support for `AF NETROM' on this system.

So whats wrong here? Has dnsmasq problems with interfaces named p1p1,
p2p1 etc. ?

Tfh!
Oliver





More information about the Dnsmasq-discuss mailing list