[Dnsmasq-discuss] Mac Filtering for VMWare ESX Guests
Simon Kelley
simon at thekelleys.org.uk
Sun Feb 15 21:59:06 GMT 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
The client is asking for 10.1.10.104 since it used it at sometime in
the past. Dnsmasq gives it what it asks for, since the unqualified
dhcp-range allows that address. If dnsmasq was allocating an address
from scratch, it would use the 10.1.10.50,10.1.10.59 range, as that
has higher priority, because of the tag. Your config makes the
10.1.10.100,10.1.10.139 range available for vmware clients, and this
situation, (and others, for instance if 10.1.10.50,10.1.10.59 were
full) causes dnsmasq to use it.
To ensure that VMware clients can only go in the 10.1.10.50,10.1.10.59
range, you need to disallow the other range
dhcp-mac=set:vmware,00:0C:29:*:*:*
dhcp-range=tag:!vmware,10.1.10.100,10.1.10.139,255.255.255.0,6h
dhcp-range=tag:vmware,10.1.10.50,10.1.10.59,255.255.255.0,6h
Cheers,
Simon.
On 15/02/15 21:18, Matt Neimeyer wrote:
> I'm running dnsmasq 2.72 on my Gentoo box and I feel like I'm
> missing something obvious.
>
> I have the following lines in my dnsmasq.conf
>
> dhcp-mac=set:vmware,00:0C:29:*:*:*
> dhcp-range=10.1.10.100,10.1.10.139,255.255.255.0,6h
> dhcp-range=tag:vmware,10.1.10.50,10.1.10.59,255.255.255.0,6h
>
> And yet the VM with a MAC of 00:0C:29:47:B3:0F is getting an IP of
> 10.1.10.104
>
> The leases file contains this entry for that machine if it helps
> any...
>
> 1424056062 00:0c:29:47:b3:0f 10.1.10.104 vxppro
> 01:00:0c:29:47:b3:0f
>
> And I can see the following in my logs...
>
> Feb 15 16:14:24 [dnsmasq-dhcp] DHCPRELEASE(enp1s0) 10.1.10.104
> 00:0c:29:47:b3:0f Feb 15 16:14:24 [dnsmasq-dhcp]
> DHCPDISCOVER(enp1s0) 10.1.10.104 00:0c:29:47:b3:0f Feb 15 16:14:24
> [dnsmasq-dhcp] DHCPOFFER(enp1s0) 10.1.10.104 00:0c:29:47:b3:0f Feb
> 15 16:14:24 [dnsmasq-dhcp] DHCPREQUEST(enp1s0) 10.1.10.104
> 00:0c:29:47:b3:0f Feb 15 16:14:24 [dnsmasq-dhcp] DHCPACK(enp1s0)
> 10.1.10.104 00:0c:29:47:b3:0f vxppro
>
> What else should I be looking for?
>
> Thanks in advance!
>
> Matt
>
>
>
> _______________________________________________ Dnsmasq-discuss
> mailing list Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJU4RaqAAoJEBXN2mrhkTWi60gP/27R8VyfJ5xJC8u5CoYzgCJS
JZudS0OZLSec8lI+Q5/QyMos5WugxYlC/6xQ85igRMZdAJVdmoWYQpQeTHN8b9RW
Jx+imYe45nnVsptUlrcarTp60j0QxpI6DgTc4Qzsf5u7hPIsyH/vQMbyqpZaDC2s
7V+CYil64BDjBm414CbN+e9Ts4mEwOB8RMS36bAhub8TgY7pwlsZdm2GjUDZK1eu
1B6SvFQuxEcuQqmmsr7HUOBOpHnj9J0hFNijMtfQdWMUt62OAYQ65oc8qKCQZMsv
ivt7xMCuZTjkXjI1imhB66jjML+EekIQOcOkOFfneeDne1dder9dxT+Qsj23q/+r
SLIEAnBz373kf0bZlnDJOU0WbJVDVtXf3EltwX27nthorn8Ej9nKTO5NeePWKpZw
wd5e1wRbTomD30izGPBSLkfw8BsmqnWLcQBcUZ2cqDRiyweJLS4QezMiubnTMNnj
oI91VJUH8lJZyqh4PwDXb7mdspupANpYfKDg4DK6ulbZVkRAGsYtyBgU+/CPiU7Z
AdWB7bJRHoANo+qKVTSmgYxvSWbAZ0psZEWRahMb8Y3KLIx3m61d4sosPLumlDZE
YyHqS8egOJk2n41IpQPyDgi55sBFT+qFkL8bixTZqxMJwEomKmYPGNQ5WjUvNosv
4xNQXdlAslAVgYeD7WuI
=C4ko
-----END PGP SIGNATURE-----
More information about the Dnsmasq-discuss
mailing list