Forums

Resolved
0 votes
hello communitiy,
we have got clearos installed in our office as a gateway.currently we have 4 subnets and have been using the gateway services of clearos by configuring the ip address for the other system statically, but we do want to run a dhcp server which automatically leases the ip looking at the mac and also broadcast the desired gateway among different 4 subnets gateway.

on looking through the webconsole DHCP server settings only allowed to add the ip pool range and the DNS but does not seems to include any provision for netmask.

we are confused :huh: about how to meet our requirements.any help will be greatly be appreciated..

present network architecture:
192.168.0.0/27
192.168.0.32/27
and so on....


thanks in advance
Thursday, July 29 2010, 06:13 AM
Share this post:
Responses (9)
  • Accepted Answer

    Monday, November 01 2010, 04:58 AM - #Permalink
    Resolved
    0 votes
    what i did was i had 3 virtual interfaces...and each one has it's own dhcp parameters configured for examples parameters means subnet,gateway,ip range etc.
    now i also defined
    dhcp-ignore=!known

    and in the access control i also defined the policy defining in the ip range...and there i defined the last virtual interface as the denied list.
    and when the dhcp request was obtained from unregistered mac it was then leased with the ip range of the 3rd virtual interface which had no internet access.
    now on viewing in the webconsole i can look at that machine by simply looking at the ip they obtained. if the ip was from the 3rd virtual interface then it was surely the unregistered mac...now simply to register i copy the mac and provide it a static lease and then it is registered...
    the above thing just worked fine for me and seems like you want the same...
    hope it helps

    ~prahmod
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, October 31 2010, 09:03 PM - #Permalink
    Resolved
    0 votes
    Hello prahmod

    I'm really interested in learning more about your solution.
    But after spending some time tonight trying to reproduce your method, I'm stumped.

    If you set "dhcp-ignore=#known" (not dhcp-ignore=!known) then the dnsmasq process doesn't respond to unknown mac addresses.

    If it doesn't respond, then how can it make entries into the webconfig, under dhcp server, dynamic leases?

    If I turn dhcp off on the primary eth0 interface, but turn it on for the virtual network on eth0:0, then I can give out ip addresses to the non primary LAN network, which then disables web browsing, and access to samba shares, which is all good.

    But what I was aiming for, was an easy way to recognise 'non registered' clients attempting to use the network, before they have been allowed (registered). Then moving them to a static address, which is still allocated by the dhcp server.

    Reading the dnsmasq documentation, this all seems possible to do, with some more investigation and testing.

    regards mark
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, August 21 2010, 04:33 AM - #Permalink
    Resolved
    0 votes
    Yes you can even find the unregistered macs that are leased ip from the DNS server tab in webconfig. But they are indeed provided with the dynamic ip...you can even look for all
    the macs including the registered and unregistered one using the arp table.
    command for looking into arp table:
    arp


    ~prahmod :)
    The reply is currently minimized Show
  • Accepted Answer

    Friday, August 20 2010, 02:20 PM - #Permalink
    Resolved
    0 votes
    Pramod Giri wrote:
    and to block unregistered mac from getting access.....edit one of the file using command below
    vi /etc/dnsmasq.conf

    on that file add
    dhcp-ignore=!known

    this will block the unregistered mac from getting access but one thing is it will issue ip even to the unregsitered mac but will provide ip that says access denied while accessing the internet and other resources...
    now start the dns server with
    /etc/init.d/dnsmasq restart



    Using this setting, will unknown mac's show up in the DHCP table in the webconfig where I can easily assign them to an IP?
    The reply is currently minimized Show
  • Accepted Answer

    Friday, August 20 2010, 05:21 AM - #Permalink
    Resolved
    0 votes
    i would love to help you..
    i think you already know my scenario and think you have the same one...
    on start all you have to do is specify the dns server what ip pools you have,gateway,interface,DNS ip,etc..for this goto edit the following file using below command
     vi /etc/dnsmasq/dhcp.conf


    now you will have to specify all the details in that file..so add the things like below:
    dhcp-option=eth1,1,255.255.255.224
    dhcp-option=eth1,28,192.168.0.31
    dhcp-option=eth1,3,192.168.0.1
    dhcp-option=eth1,6,192.168.0.1,202.79.32.4
    dhcp-option=eth1:0,1,255.255.255.224
    dhcp-option=eth1:0,28,192.168.0.63
    dhcp-option=eth1:0,3,192.168.0.1
    dhcp-option=eth1:0,6,192.168.0.1,202.79.32.4

    here in above...255.255.255.224 are subnets which i have specified for every of my interfaces...192.168.0.31 is the broadcast ip for eth1..192.168.0.63 is broadcast ip for eth1:0..here eth1:0 is a virtual interface...likewise 192.168.0.1 is default gateway for eth1..192.168.0.1 is also default gatewayy for eth1:0..and lastely specify the Dns server ip...in my case 192.168.0.1 is primary dns and 202.79.32.4 is secondary dns address.
    continue the same procedure as per your needs properly specifying the interface and there parameters like gateway,netmask,dns,gateway,etc.

    after you finish working this file save and exit..now open the webconsole and look under Network>DNS server...you will find all the interfaces you have just edited in dhcp.conf...
    now from there edit the interface if you want to customize any...
    for mac filtering below under dhcp server there are places to specify mac and ip....you will have to add the mac address and and ip there to bind that...
    and to block unregistered mac from getting access.....edit one of the file using command below
    vi /etc/dnsmasq.conf

    on that file add
    dhcp-ignore=!known

    this will block the unregistered mac from getting access but one thing is it will issue ip even to the unregsitered mac but will provide ip that says access denied while accessing the internet and other resources...
    now start the dns server with
    /etc/init.d/dnsmasq restart



    that is all you will have to do to meet your requirement for different subnets..
    if you face any problem feel free to post.
    ~prahmod :)
    The reply is currently minimized Show
  • Accepted Answer

    Paul Scott
    Paul Scott
    Offline
    Thursday, August 19 2010, 03:36 PM - #Permalink
    Resolved
    0 votes
    Pramod, I need to do something as you did, with DCHP and subnetting.

    Could do you tell me how do you resolved it?....

    Thanks. :dry:
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, August 01 2010, 05:56 PM - #Permalink
    Resolved
    0 votes
    i finally resolved the problem and now have a working dns server which works on 4 subnets with different ip pools and gateway...and i also got familiar with virtual interfaces.....
    ~prahmod
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, July 29 2010, 10:56 AM - #Permalink
    Resolved
    0 votes
    actually we have 3 interfaces.first one is the external that connects to the ISP, second one is for our internal network and the third one is for backup of the first interface.
    from the second interface we have created 4 different virtual interfaces.
    now we all want to do is set the DHCP on and lease the ip from the pool based on mac,for this we already have captured macs of all machines.
    help us reagarding the different subnets with different gateway which dhcp should broadcast while leasing ip to the client.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, July 29 2010, 07:57 AM - #Permalink
    Resolved
    0 votes
    Hi - I believe the only way to get different subnets via dnsmasq (which provides the DHCP) is to use additional network interfaces, each defined with LAN role. I think someone has suggested using virtual interfaces too but i've not tested that.
    The reply is currently minimized Show
Your Reply