From: Mike Jones on

I've got WWW on eth0, and machines on my LAN (eth1) being forwarded
through a single machine. I've been using static addresses so far, but
dnsmasq looks like a better way to do this, plus it also looks like I can
restrict things to specific machines based on their MAC address too.


So, working from the man page (whilst tired)...

# ===================================================

# /etc/dnsmasq.conf

interface=eth1
no-hosts
dhcp-range=192.168.1.1,static

# (Real MAC addresses to be added here)
dhcp-host=11:22:33:44:55:66,BOX2,192.168.1.2,infinite
dhcp-host=11:22:33:44:55:77,BOX3,192.168.1.3,infinite
dhcp-host=11:22:33:44:55:88,BOX4,192.168.1.4,infinite
dhcp-host=11:22:33:44:55:99,BOX5,192.168.1.5,infinite

domain-needed
bogus-priv

# add to as required...
address=/doubleclick.net/127.0.0.1

# ===================================================

....does this look sane?

All I need is for selected machines to be able to connect to and forward
through the box acting as a router, that being BOX1 192.168.1.1

If this is a screw up, feel free to point out the glaring mistakes. %)

Ta.




XP=alt.os.linux,alt.os.linux.slackware FU=alt.os.linux

--
*=( http://www.thedailymash.co.uk/
*=( For all your UK news needs.
From: Grant on
On Mon, 31 May 2010 16:35:33 +0000 (UTC), Mike Jones <luck(a)dasteem.invalid> wrote:

>
>I've got WWW on eth0, and machines on my LAN (eth1) being forwarded
>through a single machine. I've been using static addresses so far, but
>dnsmasq looks like a better way to do this, plus it also looks like I can
>restrict things to specific machines based on their MAC address too.
>
>
>So, working from the man page (whilst tired)...
>
># ===================================================
>
># /etc/dnsmasq.conf
>
>interface=eth1
>no-hosts
>dhcp-range=192.168.1.1,static

A modem might claim 192.168.1.1, start higher? End of range?

>
># (Real MAC addresses to be added here)
>dhcp-host=11:22:33:44:55:66,BOX2,192.168.1.2,infinite
>dhcp-host=11:22:33:44:55:77,BOX3,192.168.1.3,infinite
>dhcp-host=11:22:33:44:55:88,BOX4,192.168.1.4,infinite
>dhcp-host=11:22:33:44:55:99,BOX5,192.168.1.5,infinite

I think you're doing it the hard way with MACs (each to 'is own :),
don't like look of that 'infinite' (running 'doze boxes here too).
>
>domain-needed
>bogus-priv
>
># add to as required...
>address=/doubleclick.net/127.0.0.1

FWIW I link in an extra file for this type of entry.

>
># ===================================================
>
>...does this look sane?
>
>All I need is for selected machines to be able to connect to and forward
>through the box acting as a router, that being BOX1 192.168.1.1
>
>If this is a screw up, feel free to point out the glaring mistakes. %)

Dunno about screw up. Dnsmasq has a fairly good mailing list too, Simon,
the author is responsive, as are some of the members.

Here's my dhcp section, I still use static IP for linux boxes, casual
machines get an address okay here, and windoze boxes are semi-static via
dhcp, which is similar to what you're planning above.

I'm nowhere near fresh on dnsmasq options as I set this up over five
years ago, changing bits along the way, as required.

Dnsmasq mail list is good place to visit if you get into trouble.

#-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
# network topology
# `````````````````
# ---------------- ------------ LAN
# ( ) Phone | ADSL Modem | Machines
# ( Big Bad Internet )--------| bridge |
# ( ) Line | mode | 1000/100/10
# ---------------- ------------ Switch -----
# | -------| |
# Public IP | $xf_world | -----
# | | -----
# ------------- | --| |
# optional | ppp0/eth0 | --- | -----
# second | | | \ |-- -----
# localnet < - - - - - -| eth2 eth1|-----|/ /|-----| |
# not | | | \ |-- -----
# installed | Firewall | --- | -----
# ------------- | --| |
# | -----
# | -----
# -------| |
# $xf_lnet2 $xf_lnet1 -----
# 192.168.3.0/24
#
#-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
# Section 1. Nameserver
# ``````````````````````

addn-hosts=/usr/local/etc/hosts
expand-hosts
#neg-ttl=60
#log-queries
#log-async
interface=eth1
localise-queries
bogus-priv
filterwin2k

# normal DNS -> ISP NS
resolv-file=/etc/ppp/resolv.conf

# or use google NS
#no-resolv
#server=8.8.8.8
#server=8.8.4.4

domain-needed
local=/grrr.id.au/
mx-host=deltree
#mx-target=deltree
localmx
no-negcache
conf-file=/usr/local/etc/deny_domains

#-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
# Section 2. DHCP Server
# ```````````````````````

domain=grrr.id.au
expand-hosts
dhcp-authoritative
log-dhcp

# 192.168.3.192/28 is a ! route so don't use it
# 192.168.3.1 - 192.168.3.99 for static IPs
dhcp-range=192.168.3.100,192.168.3.129,2h

dhcp-host=winpooh,192.168.3.32,8h
dhcp-host=winpIII,192.168.3.34,8h
dhcp-host=toshiwin,192.168.3.35,8h
dhcp-host=sillywin,192.168.3.36,8h

dhcp-option=42,192.168.3.3 # This box is NTP server

Grant.
--
http://bugs.id.au/
From: Grant on
On Mon, 31 May 2010 16:35:33 +0000 (UTC), Mike Jones <luck(a)dasteem.invalid> wrote:

>
>I've got WWW on eth0, and machines on my LAN (eth1) being forwarded
>through a single machine. I've been using static addresses so far, but
>dnsmasq looks like a better way to do this, plus it also looks like I can
>restrict things to specific machines based on their MAC address too.

Answered in a different group.

Grant.
--
http://bugs.id.au/
From: Mike Jones on
Responding to Grant:

> On Mon, 31 May 2010 16:35:33 +0000 (UTC), Mike Jones
> <luck(a)dasteem.invalid> wrote:
>
>
>>I've got WWW on eth0, and machines on my LAN (eth1) being forwarded
>>through a single machine. I've been using static addresses so far, but
>>dnsmasq looks like a better way to do this, plus it also looks like I
>>can restrict things to specific machines based on their MAC address too.
>>
>>
>>So, working from the man page (whilst tired)...
>>
>># ===================================================
>>
>># /etc/dnsmasq.conf
>>
>>interface=eth1
>>no-hosts
>>dhcp-range=192.168.1.1,static
>
> A modem might claim 192.168.1.1, start higher? End of range?


Broadband. Thats my router machine running dnsmasq.

And from man dnsmasq...

The end address may be replaced by the keyword static which tells dnsmasq
to enable DHCP for the network specified, but not to dynamically allocate
IP addresses. Only hosts which have static addresses given via dhcp-host
or from /etc/ethers will be served.


>
>># (Real MAC addresses to be added here)
>>dhcp-host=11:22:33:44:55:66,BOX2,192.168.1.2,infinite
>>dhcp-host=11:22:33:44:55:77,BOX3,192.168.1.3,infinite
>>dhcp-host=11:22:33:44:55:88,BOX4,192.168.1.4,infinite
>>dhcp-host=11:22:33:44:55:99,BOX5,192.168.1.5,infinite
>
> I think you're doing it the hard way with MACs (each to 'is own :),
> don't like look of that 'infinite' (running 'doze boxes here too).
>>
>>domain-needed
>>bogus-priv
>>
>># add to as required...
>>address=/doubleclick.net/127.0.0.1
>
> FWIW I link in an extra file for this type of entry.
>
>
>># ===================================================
>>
>>...does this look sane?
>>
>>All I need is for selected machines to be able to connect to and forward
>>through the box acting as a router, that being BOX1 192.168.1.1
>>
>>If this is a screw up, feel free to point out the glaring mistakes. %)
>
> Dunno about screw up. Dnsmasq has a fairly good mailing list too,
> Simon, the author is responsive, as are some of the members.
>
> Here's my dhcp section, I still use static IP for linux boxes, casual
> machines get an address okay here, and windoze boxes are semi-static via
> dhcp, which is similar to what you're planning above.
>
> I'm nowhere near fresh on dnsmasq options as I set this up over five
> years ago, changing bits along the way, as required.
>
> Dnsmasq mail list is good place to visit if you get into trouble.
>
> #-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-
> # network topology
> # `````````````````
> # ---------------- ------------ LAN #
> ( ) Phone | ADSL Modem | Machines # (
> Big Bad Internet )--------| bridge | # ( )
> Line | mode | 1000/100/10 # ----------------
> ------------ Switch ----- #
> | -------| | # Public
> IP | $xf_world | ----- #
> | | ----- #
> ------------- | --| | # optional |
> ppp0/eth0 | --- | ----- # second |
> | | \ |-- ----- # localnet < - - - - - -| eth2
> eth1|-----|/ /|-----| | # not |
> | | \ |-- ----- # installed | Firewall
> | --- | ----- # -------------
> | --| | #
> | ----- #
> | ----- #
> -------| | # $xf_lnet2 $xf_lnet1
> ----- #
> 192.168.3.0/24 #
> #-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-
> # Section 1. Nameserver
> # ``````````````````````
>
> addn-hosts=/usr/local/etc/hosts
> expand-hosts
> #neg-ttl=60
> #log-queries
> #log-async
> interface=eth1
> localise-queries
> bogus-priv
> filterwin2k
>
> # normal DNS -> ISP NS
> resolv-file=/etc/ppp/resolv.conf
>
> # or use google NS
> #no-resolv
> #server=8.8.8.8
> #server=8.8.4.4
>
> domain-needed
> local=/grrr.id.au/
> mx-host=deltree
> #mx-target=deltree
> localmx
> no-negcache
> conf-file=/usr/local/etc/deny_domains
>
> #-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-
> # Section 2. DHCP Server
> # ```````````````````````
>
> domain=grrr.id.au
> expand-hosts
> dhcp-authoritative
> log-dhcp
>
> # 192.168.3.192/28 is a ! route so don't use it # 192.168.3.1 -
> 192.168.3.99 for static IPs dhcp-range=192.168.3.100,192.168.3.129,2h
>
> dhcp-host=winpooh,192.168.3.32,8h
> dhcp-host=winpIII,192.168.3.34,8h
> dhcp-host=toshiwin,192.168.3.35,8h
> dhcp-host=sillywin,192.168.3.36,8h
>
> dhcp-option=42,192.168.3.3 # This box is NTP server
>
> Grant.


Aha! A working conf to play with! Cheers!

I've got the thing up and running, but managed to block initial
connections with paranoid firewall. I'll dig out the glitch tommorrow.


Latest (x=munged for posting)...

# =========================================
# Custom-Configuration file for dnsmasq.

interface=eth1
no-hosts
dhcp-range=192.168.1.10,192.168.1.20 # For non-regular connections

# dhcp-host=**:**:**:**:**:**,BOX1,192.168.1.1,12h
# dhcp-host=**:**:**:**:**:**,BOX2,192.168.1.2,12h
dhcp-host=00:xx:xx:xx:xx:xx,BOX3,192.168.1.3,12h
dhcp-host=00:xx:xx:xx:xx:xx,BOX4,192.168.1.4,12h
# dhcp-host=**:**:**:**:**:**,BOX5,192.168.1.5,12h

domain-needed
bogus-priv
query-port=xxxx # (> 1024)

address=/doubleclick.net/127.0.0.1

# =========================================


--
*=( http://www.thedailymash.co.uk/
*=( For all your UK news needs.
From: Grant on
On Mon, 31 May 2010 23:01:02 +0000 (UTC), Mike Jones <luck(a)dasteem.invalid> wrote:

>Responding to Grant:
>
>> On Mon, 31 May 2010 16:35:33 +0000 (UTC), Mike Jones
>> <luck(a)dasteem.invalid> wrote:
....
>Broadband. Thats my router machine running dnsmasq.
>
>And from man dnsmasq...
>
>The end address may be replaced by the keyword static which tells dnsmasq
>to enable DHCP for the network specified, but not to dynamically allocate
>IP addresses. Only hosts which have static addresses given via dhcp-host
>or from /etc/ethers will be served.

Fair enough, I've not RTFMd for years ;)
>
>
....
>Aha! A working conf to play with! Cheers!

I hope it made more sense than the rewrapped mess your news client
produced!
>
>I've got the thing up and running, but managed to block initial
>connections with paranoid firewall. I'll dig out the glitch tommorrow.

Progress, you'll get there...

Grant.
--
http://bugs.id.au/