[Dnsmasq-discuss] [solved] Re: restricting to one interface doesnt work
Oliver Rath
rath at mglug.de
Tue Jun 24 21:47:22 UTC 2014
Hi list,
writing together the problem sometimes brings enlightement:
"bind-interfaces" option does the wanted thing.
Thanks for reading!
Oliver
Am 24.06.2014 23:28, schrieb Oliver Rath:
> Hi list,
>
> i try to restrict the dns of dnsmasq to one interface (3 existing
> interfaces, I hided ppp0), but it seems, that it doesnt work.
>
> My config:
>
> server=//141.1.1.1
> local=/heimserver/
> address=/owncloud/192.168.0.254
> dhcp-range=set:gw2,192.168.2.50,192.168.2.150,255.255.255.0,12h
> dhcp-range=::,constructor:sixxs,ra-names
> dhcp-range=::,constructor:p3p1,ra-names
> dhcp-option=tag:gw2,128,192.168.2.254
> dhcp-option=252,"http://heimserver/wpad.dat"
> dhcp-option-force=208,f1:00:74:7e
> dhcp-option-force=210,/opt/dmi/tftproot/
> dhcp-boot=undionly.kkpxe
> enable-tftp
> tftp-root=/opt/dmi/tftproot
> log-queries
> log-dhcp
>
> my ifconfig.
>
> # ifconfig | grep mtu -A1
> lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
> inet 127.0.0.1 netmask 255.0.0.0
> --
> p1p1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
> inet 192.168.0.254 netmask 255.255.255.0 broadcast 192.168.0.255
> --
> p2p1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
> inet 192.168.11.254 netmask 255.255.255.0 broadcast 192.168.11.255
> --
> p3p1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
> inet 192.168.2.254 netmask 255.255.255.0 broadcast 192.168.2.255
>
>
>
> So here only p3p1 is addressed here. But if i look for open ports, on
> all interfaces 53 is open:
>
> # nmap 192.168.11.254
>
> Starting Nmap 6.25 ( http://nmap.org ) at 2014-06-24 23:16 CEST
> Nmap scan report for 192.168.11.254
> Host is up (0.00014s latency).
> Not shown: 997 closed ports
> PORT STATE SERVICE
> 53/tcp open domain
> 749/tcp open kerberos-adm
> 2000/tcp open cisco-sccp
>
> Nmap done: 1 IP address (1 host up) scanned in 0.76 seconds
> heimserver dnsmasq.d # nmap 192.168.2.254
>
> Starting Nmap 6.25 ( http://nmap.org ) at 2014-06-24 23:16 CEST
> Nmap scan report for 192.168.2.254
> Host is up (0.00040s latency).
> Not shown: 997 closed ports
> PORT STATE SERVICE
> 53/tcp open domain
> 749/tcp open kerberos-adm
> 2000/tcp open cisco-sccp
>
> Nmap done: 1 IP address (1 host up) scanned in 1.72 seconds
> heimserver dnsmasq.d # nmap 192.168.0.254
>
> Starting Nmap 6.25 ( http://nmap.org ) at 2014-06-24 23:16 CEST
> Nmap scan report for heimserver.koenigsteinstr.muc (192.168.0.254)
> Host is up (0.00011s latency).
> Not shown: 997 closed ports
> PORT STATE SERVICE
> 53/tcp open domain
> 749/tcp open kerberos-adm
> 2000/tcp open cisco-sccp
>
> for being sure, dnsmasq is the only dns-server here, i did this:
>
> # netstat -vanpe | grep :53
> netstat: no support for `AF INET (sctp)' on this system.
> netstat: no support for `AF INET (sctp)' on this system.
> tcp 0 0 0.0.0.0:53 0.0.0.0:*
> LISTEN 0 1701253 12137/dnsmasq
> tcp 0 0 192.168.0.254:5038 192.168.0.1:53788
> VERBUNDEN 101 1666180 27070/asterisk
> tcp6 0 0 :::53 :::*
> LISTEN 0 1701256 12137/dnsmasq
> udp 0 0 0.0.0.0:53
> 0.0.0.0:* 0 1701252
> 12137/dnsmasq
> udp6 0 0 :::53
> :::* 0 1701255
> 12137/dnsmasq
> netstat: no support for `AF IPX' on this system.
> netstat: no support for `AF AX25' on this system.
> netstat: no support for `AF X25' on this system.
> netstat: no support for `AF NETROM' on this system.
>
> So whats wrong here? Has dnsmasq problems with interfaces named p1p1,
> p2p1 etc. ?
>
> Tfh!
> Oliver
>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
More information about the Dnsmasq-discuss
mailing list