>>1) We need to restrict dnsmasq to only reply to configured internal vm >>(Iptables Or maybe can we configure directly dnsmasq to only reply for >>specific mac address ???)
dnsmasq way: ------------ # Ignore any clients which are not specified in dhcp-host lines # or /etc/ethers. Equivalent to ISC "deny unknown-clients". # This relies on the special "known" tag which is set when # a host is matched. dhcp-ignore=tag:!known # Always allocate the host with Ethernet address 11:22:33:44:55:66 # The IP address 192.168.0.60 dhcp-host=11:22:33:44:55:66,192.168.0.60 (But I don't known how to reload dnsmasq config. (We can also pass config options as command line arguments)) ----- Mail original ----- De: "Alexandre DERUMIER" <[email protected]> À: "Dietmar Maurer" <[email protected]> Cc: "pve.proxmox.com" <[email protected]> Envoyé: Samedi 24 Août 2013 08:10:56 Objet: Re: [pve-devel] internal dhcp server, where to put dhcp configuration ? >>What if some VMs on the bridge require the external dhcp server? >>I guess we also can do that with iptables, by restricting access to internal >>server >>for VMs with dhcp configured (or is the an easier way)? Yes, I think it should work like this. restriction for macaddress of virtual machines with ip configured by example. So it should also works for vm which need an external dhcp server. We can add dynamic iptables rules on vm start in pve-bridge script. 1) We need to restrict dnsmasq to only reply to configured internal vm (Iptables Or maybe can we configure directly dnsmasq to only reply for specific mac address ???) 2) We need to block dhcp queries from configured internal vms to go outside the bridge. (we don't want that an external dhcp server respond to this queries) ----- Mail original ----- De: "Dietmar Maurer" <[email protected]> À: "Alexandre DERUMIER" <[email protected]> Cc: "pve.proxmox.com" <[email protected]> Envoyé: Vendredi 23 Août 2013 18:28:24 Objet: RE: [pve-devel] internal dhcp server, where to put dhcp configuration ? > > I think we should block incoming dhcp requests from outside world with > > iptables. > > As with dhcp, this is random, the fastest dhcp server to respond win. > > What if some VMs on the bridge require the external dhcp server? I guess we also can do that with iptables, by restricting access to internal server for VMs with dhcp configured (or is the an easier way)? _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
