Re: dnsmasq + vlans = troubles
- From: Tauno Voipio <tauno.voipio@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 01 Jun 2010 08:34:41 +0300
On 31.5.10 8:29 , itba wrote:
Hello,
I have a production server running a slackware (
Linux skoll 2.6.28.7-smp #1 SMP Sat Feb 28 12:26:08)
whit dnsmasq (Dnsmasq version 2.47) and 3 vlans, so I have one file per vlan
ir
order to act as a dhcp server in each virtual interface
The reason for having 3 diferents networks is for security, so:
the configs it's as follows
cat /etc/dnsmasq.conf
dhcp-lease-max=5000
log-dhcp
conf-dir=/etc/dnsmasq.d
cat /etc/dnsmasq.d/red_uno
domain-needed
bogus-priv
interface=lo
interface=eth0.100
dhcp-range=red_uno,10.0.100.0,10.0.255.255,12h
domain=itba.edu.ar,10.0.0.0/16
# Opcion 44: Servidores WINS
dhcp-option=net:red_uno,44,10.0.0.66
cat /etc/dnsmasq.d/red_dos
domain-needed
bogus-priv
interface=lo
interface=eth0.200
domain=alu.itba.edu.ar,172.17.0.0/16
dhcp-range=red_dos,172.17.24.0,172.17.25.255,12h
# Opcion 44: Servidores WINS
dhcp-option=net:red_dos,44,172.17.8.16
cat /etc/dnsmasq.d/red_tres
domain-needed
bogus-priv
interface=lo
interface=eth0.300
dhcp-range=red_tres,10.2.1.0,10.2.100.255,12h
domain=lanwifi.itba.edu.ar,10.2.0.0/16
So, the problems become when a host of a network request an ip, and the
service
responds offering 3 diferent ips, one of each network !
for example: the mac-address of client is 00:13:20:da:ab:69 and it's belong to
"/etc/dnsmasq.d/red_dos" so the valid range is
172.17.24.0,172.17.25.255 and look what it happens then:
grep 00:13:20:da:ab:69 /var/log/dnsmasq/dnsmasq.log
May 31 09:09:21 skoll dnsmasq[3379]: DHCPDISCOVER(eth0.100) 169.254.217.131
00:13:20:da:ab:69
May 31 09:09:21 skoll dnsmasq[3379]: DHCPOFFER(eth0.100) 10.0.235.33
00:13:20:da:ab:69
May 31 09:09:24 skoll dnsmasq[3379]: DHCPDISCOVER(eth0.200) 169.254.217.131
00:13:20:da:ab:69
May 31 09:09:24 skoll dnsmasq[3379]: DHCPOFFER(eth0.200) 172.17.25.34
00:13:20:da:ab:69
May 31 09:09:27 skoll dnsmasq[3379]: DHCPDISCOVER(eth0.300) 169.254.217.131
00:13:20:da:ab:69
May 31 09:09:27 skoll dnsmasq[3379]: DHCPOFFER(eth0.300) 10.2.68.33
00:13:20:da:ab:69
May 31 09:09:27 skoll dnsmasq[3379]: DHCPDISCOVER(eth0.100) 169.254.217.131
00:13:20:da:ab:69
May 31 09:09:27 skoll dnsmasq[3379]: DHCPOFFER(eth0.100) 10.0.235.33
00:13:20:da:ab:69
May 31 09:09:27 skoll dnsmasq[3379]: DHCPDISCOVER(eth0.200) 169.254.217.131
00:13:20:da:ab:69
May 31 09:09:27 skoll dnsmasq[3379]: DHCPOFFER(eth0.200) 172.17.25.34
00:13:20:da:ab:69
May 31 09:09:27 skoll dnsmasq[3379]: DHCPDISCOVER(eth0.300) 169.254.217.131
00:13:20:da:ab:69
May 31 09:09:27 skoll dnsmasq[3379]: DHCPOFFER(eth0.300) 10.2.68.33
00:13:20:da:ab:69
May 31 09:09:28 skoll dnsmasq[3379]: DHCPREQUEST(eth0.100) 10.0.235.33
00:13:20:da:ab:69
May 31 09:09:28 skoll dnsmasq[3379]: DHCPACK(eth0.100) 10.0.235.33
00:13:20:da:ab:69 labb14
May 31 09:09:29 skoll dnsmasq[3379]: DHCPREQUEST(eth0.100) 10.0.235.33
00:13:20:da:ab:69
May 31 09:09:29 skoll dnsmasq[3379]: DHCPACK(eth0.100) 10.0.235.33
00:13:20:da:ab:69 labb14
May 31 09:10:37 skoll dnsmasq[3379]: DHCPINFORM(eth0.100) 10.0.235.33
00:13:20:da:ab:69
May 31 09:10:37 skoll dnsmasq[3379]: DHCPACK(eth0.100) 10.0.235.33
00:13:20:da:ab:69 labb14
May 31 09:12:38 skoll dnsmasq[3379]: DHCPREQUEST(eth0.100) 10.0.235.33
00:13:20:da:ab:69
May 31 09:12:38 skoll dnsmasq[3379]: DHCPACK(eth0.100) 10.0.235.33
00:13:20:da:ab:69 labb14
May 31 09:12:38 skoll dnsmasq[3379]: DHCPREQUEST(eth0.200) 10.0.235.33
00:13:20:da:ab:69
May 31 09:12:38 skoll dnsmasq[3379]: DHCPNAK(eth0.200) 10.0.235.33
00:13:20:da:ab:69 wrong network
May 31 09:12:38 skoll dnsmasq[3379]: DHCPREQUEST(eth0.300) 10.0.235.33
00:13:20:da:ab:69
May 31 09:12:38 skoll dnsmasq[3379]: DHCPNAK(eth0.300) 10.0.235.33
00:13:20:da:ab:69 wrong network
May 31 09:12:42 skoll dnsmasq[3379]: DHCPREQUEST(eth0.100) 10.0.235.33
00:13:20:da:ab:69
May 31 09:12:42 skoll dnsmasq[3379]: DHCPACK(eth0.100) 10.0.235.33
00:13:20:da:ab:69 labb14
May 31 09:12:42 skoll dnsmasq[3379]: DHCPREQUEST(eth0.200) 10.0.235.33
00:13:20:da:ab:69
May 31 09:12:42 skoll dnsmasq[3379]: DHCPNAK(eth0.200) 10.0.235.33
00:13:20:da:ab:69 wrong network
May 31 09:12:42 skoll dnsmasq[3379]: DHCPREQUEST(eth0.300) 10.0.235.33
00:13:20:da:ab:69
May 31 09:12:42 skoll dnsmasq[3379]: DHCPNAK(eth0.300) 10.0.235.33
00:13:20:da:ab:69 wrong network
May 31 09:16:25 skoll dnsmasq[3379]: DHCPINFORM(eth0.100) 10.0.235.33
00:13:20:da:ab:69
May 31 09:16:25 skoll dnsmasq[3379]: DHCPACK(eth0.100) 10.0.235.33
00:13:20:da:ab:69 labb14
May 31 09:16:25 skoll dnsmasq[3379]: DHCPINFORM(eth0.100) 10.0.235.33
00:13:20:da:ab:69
May 31 09:16:25 skoll dnsmasq[3379]: DHCPACK(eth0.100) 10.0.235.33
00:13:20:da:ab:69 labb14
May 31 11:50:35 skoll dnsmasq[20676]: DHCPREQUEST(eth0.100) 10.0.235.33
00:13:20:da:ab:69
May 31 11:50:35 skoll dnsmasq[20676]: DHCPACK(eth0.100) 10.0.235.33
00:13:20:da:ab:69 labb14
May 31 11:50:36 skoll dnsmasq[20676]: DHCPREQUEST(eth0.200) 10.0.235.33
00:13:20:da:ab:69
May 31 11:50:36 skoll dnsmasq[20676]: DHCPNAK(eth0.200) 10.0.235.33
00:13:20:da:ab:69 wrong network
May 31 11:50:36 skoll dnsmasq[20676]: DHCPREQUEST(eth0.300) 10.0.235.33
00:13:20:da:ab:69
May 31 11:50:36 skoll dnsmasq[20676]: DHCPNAK(eth0.300) 10.0.235.33
00:13:20:da:ab:69 wrong network
What is wrong here ?
The DHCP server in dnsmasq ia a simple one intended for a
simple single network. Install a dedicated DHCP server
instead and disable the DHCP service in dnsmasq.
How do you intend to tell the server which VLAN a
client is intended to go? The operating system
is not telling the server which VLAN was used
for the requests.
--
Tauno Voipio
tauno voipio (at) iki fi
.
- Follow-Ups:
- Re: dnsmasq + vlans = troubles
- From: itba
- Re: dnsmasq + vlans = troubles
- From: Pascal Hambourg
- Re: dnsmasq + vlans = troubles
- Prev by Date: Re: Using unprotected Wifi
- Next by Date: Re: Using unprotected Wifi
- Previous by thread: Re: Using unprotected Wifi
- Next by thread: Re: dnsmasq + vlans = troubles
- Index(es):
Relevant Pages
|
