Re: [Dnsmasq-discuss] dhcp-ignore = myTag, #known was not what I thought
Simon Kelley escribió el 06/12/08 19:04: Mariano Absatz wrote: 1) does dhcp-range allow me to match more than one tag? or to match one (or more) and set another one? It allows you to match more than one, but they're combined as AND, so dhcp-range=net:tag1, net:tag2, .. means use that range if tag1 is set AND tag2 is set. If you want to OR them, just repeat the ranger statement dhcp-range=net:tag1, 192.168.0.1, 192.168.0.10 dhcp-range=net:tag2, 192.168.0.1, 192.168.0.10 will use 192.168.0.1-192.168.0.10 of tag1 is set OR tag2 is set. You can match one (or more) tags, as above, and set a tag too dhcp-range=net:tag1, net:tag2, newtag, .. newtag is set when this range is used. There can only be one tag set on a range. 2) when I write: # OUR PCs ## dhcp-host=00:22:33:44:55:01,192.168.1.101,net:tagIKnowYou,mycompany-PC-01 dhcp-host=00:22:33:44:55:02,192.168.1.101,net:tagIKnowYou,mycompany-PC-02 dhcp-host=00:22:33:44:55:03,192.168.1.101,net:tagIKnowYou,mycompany-PC-03 I am *setting* (and not trying to */match/*) the tag tagIKnowYou for these hosts, am I? You're setting it. It's probably worth enumerating all the ways that tags can be set. 1) The name of the interface on which a DHCP request is recived is set as a tag (2.46 and later only) 2) Tags can be set based on a match of circuit-id, subscriber-id and remote-id in an RFC3046 realy agent option. 3) Tags can be set based on the MAC address with --dhcp-mac 4) If a dhcp-host line is used (or an implied one derived from /etc/ethers) then known is set as a tag 5) If the used config line includes net:tag then that is set. 6) For BOOTP requests ONLY, tag bootp is set, and incoming filename field (which isn't strictly an filename in BOOTP) is used as a tag 7) Tags are set based in the vendor class and user class. At this point, if any set tags match a dhcp-ignore tag then the request is discarded. Then a dhcp-range is selected, based on the current tag set, available IP addresses etc. 8) Any tag in the DHCP range line is set. Finally, dhcp-options are added, filtered using the current tag set. Great explanation... I understood everything and re-wrote my configuration accordingly (anyway, I have to wait till Tuesday to test it since I'm remote now and tomorrow is a National Holiday here). I thank you once again for your time and patience. -- Mariano Absatz - El Baby el.b...@gmail.com www.clueless.com.ar -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- bashian roulette: [ $(($RANDOM%6)) -eq 0 ] rm -rf ~ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- * TagZilla 0.066 * http://tagzilla.mozdev.org
Re: [Dnsmasq-discuss] dhcp-ignore = myTag, #known was not what I thought
Simon Kelley escribió el 05/12/08 19:00: Mariano Absatz wrote: How should I configure my dnsmasq to prevent unknown MACs from getting an IP in the tagIKnowYou range? You don't need to set your own tags at all, just use the known tag, which will be set whenever a dhcp-host matches the MAC address. Then do dhcp-range=net:known,192.168.1.101,192.168.1.120,4h dhcp-range=net:#known,192.168.1.161,192.168.1.174,4h That way, 192.168.1.101... will only be used when the MAC address is known, and 192.168.1.161... will only be used when the MAC address is not known. It's important to understand the two uses of tags in dhcp-range dhcp-range=tag,.. will _set_ the tag if that range is used. dhcp-range=net:tag,... will _use_ the range if the tag is set. Now I get it... thank you... now, a couple of related questions... 1) does dhcp-range allow me to match more than one tag? or to match one (or more) and set another one? 2) when I write: # OUR PCs ## dhcp-host=00:22:33:44:55:01,192.168.1.101,net:tagIKnowYou,mycompany-PC-01 dhcp-host=00:22:33:44:55:02,192.168.1.101,net:tagIKnowYou,mycompany-PC-02 dhcp-host=00:22:33:44:55:03,192.168.1.101,net:tagIKnowYou,mycompany-PC-03 I am *setting* (and not trying to */match/*) the tag tagIKnowYou for these hosts, am I? Thanx a lot, Simon, for your help, and for a truly amazing piece of software that let me finally get rid of ISC's awful servers... Regards. -- Mariano Absatz - El Baby el.b...@gmail.com www.clueless.com.ar -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- I am a Marxist--of the Groucho tendency. Anonymous, French slogan -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- * TagZilla 0.066 * http://tagzilla.mozdev.org
Re: [Dnsmasq-discuss] dhcp-ignore = myTag, #known was not what I thought
Mariano Absatz wrote: Simon Kelley escribió el 05/12/08 19:00: Mariano Absatz wrote: How should I configure my dnsmasq to prevent unknown MACs from getting an IP in the tagIKnowYou range? You don't need to set your own tags at all, just use the known tag, which will be set whenever a dhcp-host matches the MAC address. Then do dhcp-range=net:known,192.168.1.101,192.168.1.120,4h dhcp-range=net:#known,192.168.1.161,192.168.1.174,4h That way, 192.168.1.101... will only be used when the MAC address is known, and 192.168.1.161... will only be used when the MAC address is not known. It's important to understand the two uses of tags in dhcp-range dhcp-range=tag,.. will _set_ the tag if that range is used. dhcp-range=net:tag,... will _use_ the range if the tag is set. Now I get it... thank you... now, a couple of related questions... 1) does dhcp-range allow me to match more than one tag? or to match one (or more) and set another one? It allows you to match more than one, but they're combined as AND, so dhcp-range=net:tag1, net:tag2, .. means use that range if tag1 is set AND tag2 is set. If you want to OR them, just repeat the ranger statement dhcp-range=net:tag1, 192.168.0.1, 192.168.0.10 dhcp-range=net:tag2, 192.168.0.1, 192.168.0.10 will use 192.168.0.1-192.168.0.10 of tag1 is set OR tag2 is set. You can match one (or more) tags, as above, and set a tag too dhcp-range=net:tag1, net:tag2, newtag, .. newtag is set when this range is used. There can only be one tag set on a range. 2) when I write: # OUR PCs ## dhcp-host=00:22:33:44:55:01,192.168.1.101,net:tagIKnowYou,mycompany-PC-01 dhcp-host=00:22:33:44:55:02,192.168.1.101,net:tagIKnowYou,mycompany-PC-02 dhcp-host=00:22:33:44:55:03,192.168.1.101,net:tagIKnowYou,mycompany-PC-03 I am *setting* (and not trying to */match/*) the tag tagIKnowYou for these hosts, am I? You're setting it. It's probably worth enumerating all the ways that tags can be set. 1) The name of the interface on which a DHCP request is recived is set as a tag (2.46 and later only) 2) Tags can be set based on a match of circuit-id, subscriber-id and remote-id in an RFC3046 realy agent option. 3) Tags can be set based on the MAC address with --dhcp-mac 4) If a dhcp-host line is used (or an implied one derived from /etc/ethers) then known is set as a tag 5) If the used config line includes net:tag then that is set. 6) For BOOTP requests ONLY, tag bootp is set, and incoming filename field (which isn't strictly an filename in BOOTP) is used as a tag 7) Tags are set based in the vendor class and user class. At this point, if any set tags match a dhcp-ignore tag then the request is discarded. Then a dhcp-range is selected, based on the current tag set, available IP addresses etc. 8) Any tag in the DHCP range line is set. Finally, dhcp-options are added, filtered using the current tag set. Cheers, Simon.
Re: [Dnsmasq-discuss] dhcp-ignore = myTag, #known was not what I thought
Mariano Absatz wrote: Hi, I just discovered that I got wrong what dhcp-ignore does... I'll try to explain what I want and what I did and see if someone can explain me what I got wrong or, better yet, a way to do what I want :-) I'm using 2.45 (but can upgrade to 2.46 if needed). I'm using dnsmasq in a firewall with three internal legs (2 different wifi networks and a local wired net). In the local wired net I'm using one class C network, but I have 2 different ranges (with different treatment in my firewall). I want to give IP addresses in one range only to MACs I know, and in the other range to others, so I wrote part of my configuration as in the file attached... in particular: dhcp-range=tagIKnowYou,192.168.1.101,192.168.1.120,4h dhcp-ignore=tagIKnowYou,#known This means, ignore the host if tagIKnowYou is set AND tag known is NOT set. Since either both of the tags will be set, or neither, then the condition is never met. dhcp-range=tagAllTheRest,192.168.1.161,192.168.1.174,4h dhcp-host=00:22:33:44:55:66,192.168.1.101,net:tagIKnowYou,mycompany-PC-01 dhcp-host=00:22:33:44:55:02,192.168.1.101,net:tagIKnowYou,mycompany-PC-02 dhcp-host=00:22:33:44:55:03,192.168.1.101,net:tagIKnowYou,mycompany-PC-03 At first everything went the way I wanted... my three known PCs got their addresses from the first range (192.168.1.101, 192.168.1.102 and 192.168.1.103) and all the rest got address from the second range... But when we hook up a new computer and I didn't notice that my second range was too little, instead of rejecting the DHCPREQUEST for not having enough IPs, it gave it an IP from the first range (192.168.1.104). I thought that the line: dhcp-ignore=tagIKnowYou,#known would prevent this, but clearly I'm understanding it wrong... or I hit a bug? Theres no bug, I think. How should I configure my dnsmasq to prevent unknown MACs from getting an IP in the tagIKnowYou range? You don't need to set your own tags at all, just use the known tag, which will be set whenever a dhcp-host matches the MAC address. Then do dhcp-range=net:known,192.168.1.101,192.168.1.120,4h dhcp-range=net:#known,192.168.1.161,192.168.1.174,4h That way, 192.168.1.101... will only be used when the MAC address is known, and 192.168.1.161... will only be used when the MAC address is not known. It's important to understand the two uses of tags in dhcp-range dhcp-range=tag,.. will _set_ the tag if that range is used. dhcp-range=net:tag,... will _use_ the range if the tag is set. HTH Simon.
