Thank you Stefano for your reply. Sorry for the delay. I believe
that I have figured out what was going on. We are running vtund. It
use iptables to filter what goes over the tunnel or not.
After a little digging and trial/error. I was able to find a way a
single command that will stop each DHCP server from sending replies to
DHCPREQUESTS from other locations.
firewall "-t filter -A FORWARD -p udp --dport 67:68 -j DROP";
This will drop any packets that are going to be forwarded over the
tunnel for destination ports 67 (DHCPREQUEST) and 68 (DHCPACK).
I thought that I would send this to the list for anyone who might be
able to use this information.
Philippe
Quoting Stefano Bridi <[email protected]>:
I suppose you are using bridged VPN (same subnet in every city) so if
you are already in a routed setup drop my email in the recycle bin and
please describe better the setup
I dont' know if there are settings in dnsmasq to help you in this
specific situation..
Anyway you can solve migrating the infrastructure to a routed VPN (big step)
Or at least you can filter out the DHCP request from the vpn.
A routed setup give you more control and don't forward broadcast
everywere, off course you need DNS/WINS working.
Stefano
On Mon, Oct 4, 2010 at 3:15 AM, Philippe Faure <[email protected]> wrote:
Hello,
I didn't hear back from anyone, so I thought that I would try to see
if my request makes sense.
I have dnsmasq running on 3 separate servers, each in different
cities. They are all connected via a secure tunnel. I was finding
that DHCP request made in location A is being answered by the DHCP
server in location B.
Currently to avoid this issue, I am using:
dhcp-host=00:0e:35:f6:d8:af,ignore
as a way to stop server B handling requests that typically should be
handled by server A. This means that each time new hardware is brought
online, the dnsmasq.conf files need to be updated in the other two
locations so that they ignore hardware that doesn't belong to them.
Do you know if there is a better way of handling this issue? Since what
does happen from time to time, is that devices normally associated
with Location A do visit Location B. so hen the DHCP assignment comes
from the hardware's home location, and not the closest server.
Is there a way to use the IP of the local router to accept DHCP
request, if the request comes from a router from a different location,
pr the tunnel then ignore that request? I believe that this would be
a cleaner solution, but just not sure of how to implement it. Even if
it is possible.
Thank you
Philippe
_______________________________________________
Dnsmasq-discuss mailing list
[email protected]
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
