[Dnsmasq-discuss] MAC address resolution of virtual machines

richardvoigt at gmail.com richardvoigt at gmail.com
Tue Aug 30 05:00:13 BST 2016


Not relevant to the issue you still face, but I just wanted to point out
that triggering commands (such as iptables rule creation) based on leases
being issued can be done using either the dhcp-script or DBus messaging,
without having to hack the dnsmasq code itself.

Actually, looking at the man page, some enhancements have been made to that
functionality in newer versions.  Quite possibly the arp-add action might
have exactly the information you need for creating rules to match these
pseudo-routed packets.

On Mon, Aug 29, 2016 at 10:41 AM, Ashish Sharma <pocha.sharma at gmail.com>
wrote:

> Hi,
>
>  I have been running Dnsmasq on Openwrt (opensource router OS). It also
> acts as DHCP server.
>
>   Once a client connects, I need to whitelist his ip & mac through
> iptables depending on a few criteria. I am able to hack this part out by
> calling appropriate iptables command before the DHCP ACK packets are being
> sent in Dnsmasq code.
>
>  The issue with virtual machines in bridged mode connecting is - while
> Dnsmasq resolve their mac address as the true address, the packets that
> iptables see mac source of the packets as that of the host.
>
>  Now I have two options - either fiddle with Dnsmasq to see if it could
> figure out the host mac address & eventually use that with iptables
> command, or fiddle with iptables to see if it could identify the virtual
> machine packets . I figured, changing Dnsmasq would lead to lesser
> probability of breaking things as it would just happen while the client
> connects, while packets will keep on coming & going all the time.
>
>  Can someone help me on this. Advance thanks.
>
> Ashish
>
> P.S. - if someone knows a better way of doing it,  I am ready to discard
> my work so far & start from scratch.
>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20160829/8129a400/attachment.html>


More information about the Dnsmasq-discuss mailing list