hello communitiy,
we have got clearos installed in our office as a gateway.currently we have 4 subnets and have been using the gateway services of clearos by configuring the ip address for the other system statically, but we do want to run a dhcp server which automatically leases the ip looking at the mac and also broadcast the desired gateway among different 4 subnets gateway.
on looking through the webconsole DHCP server settings only allowed to add the ip pool range and the DNS but does not seems to include any provision for netmask.
we are confused :huh: about how to meet our requirements.any help will be greatly be appreciated..
present network architecture:
192.168.0.0/27
192.168.0.32/27
and so on....
thanks in advance
we have got clearos installed in our office as a gateway.currently we have 4 subnets and have been using the gateway services of clearos by configuring the ip address for the other system statically, but we do want to run a dhcp server which automatically leases the ip looking at the mac and also broadcast the desired gateway among different 4 subnets gateway.
on looking through the webconsole DHCP server settings only allowed to add the ip pool range and the DNS but does not seems to include any provision for netmask.
we are confused :huh: about how to meet our requirements.any help will be greatly be appreciated..
present network architecture:
192.168.0.0/27
192.168.0.32/27
and so on....
thanks in advance
Share this post:
Responses (9)
-
Accepted Answer
-
Accepted Answer
actually we have 3 interfaces.first one is the external that connects to the ISP, second one is for our internal network and the third one is for backup of the first interface.
from the second interface we have created 4 different virtual interfaces.
now we all want to do is set the DHCP on and lease the ip from the pool based on mac,for this we already have captured macs of all machines.
help us reagarding the different subnets with different gateway which dhcp should broadcast while leasing ip to the client. -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
i would love to help you..
i think you already know my scenario and think you have the same one...
on start all you have to do is specify the dns server what ip pools you have,gateway,interface,DNS ip,etc..for this goto edit the following file using below command
vi /etc/dnsmasq/dhcp.conf
now you will have to specify all the details in that file..so add the things like below:
dhcp-option=eth1,1,255.255.255.224
dhcp-option=eth1,28,192.168.0.31
dhcp-option=eth1,3,192.168.0.1
dhcp-option=eth1,6,192.168.0.1,202.79.32.4
dhcp-option=eth1:0,1,255.255.255.224
dhcp-option=eth1:0,28,192.168.0.63
dhcp-option=eth1:0,3,192.168.0.1
dhcp-option=eth1:0,6,192.168.0.1,202.79.32.4
here in above...255.255.255.224 are subnets which i have specified for every of my interfaces...192.168.0.31 is the broadcast ip for eth1..192.168.0.63 is broadcast ip for eth1:0..here eth1:0 is a virtual interface...likewise 192.168.0.1 is default gateway for eth1..192.168.0.1 is also default gatewayy for eth1:0..and lastely specify the Dns server ip...in my case 192.168.0.1 is primary dns and 202.79.32.4 is secondary dns address.
continue the same procedure as per your needs properly specifying the interface and there parameters like gateway,netmask,dns,gateway,etc.
after you finish working this file save and exit..now open the webconsole and look under Network>DNS server...you will find all the interfaces you have just edited in dhcp.conf...
now from there edit the interface if you want to customize any...
for mac filtering below under dhcp server there are places to specify mac and ip....you will have to add the mac address and and ip there to bind that...
and to block unregistered mac from getting access.....edit one of the file using command below
vi /etc/dnsmasq.conf
on that file add
dhcp-ignore=!known
this will block the unregistered mac from getting access but one thing is it will issue ip even to the unregsitered mac but will provide ip that says access denied while accessing the internet and other resources...
now start the dns server with
/etc/init.d/dnsmasq restart
that is all you will have to do to meet your requirement for different subnets..
if you face any problem feel free to post.
~prahmod -
Accepted Answer
Pramod Giri wrote:
and to block unregistered mac from getting access.....edit one of the file using command below
vi /etc/dnsmasq.conf
on that file add
dhcp-ignore=!known
this will block the unregistered mac from getting access but one thing is it will issue ip even to the unregsitered mac but will provide ip that says access denied while accessing the internet and other resources...
now start the dns server with
/etc/init.d/dnsmasq restart
Using this setting, will unknown mac's show up in the DHCP table in the webconfig where I can easily assign them to an IP? -
Accepted Answer
Yes you can even find the unregistered macs that are leased ip from the DNS server tab in webconfig. But they are indeed provided with the dynamic ip...you can even look for all
the macs including the registered and unregistered one using the arp table.
command for looking into arp table:
arp
~prahmod -
Accepted Answer
Hello prahmod
I'm really interested in learning more about your solution.
But after spending some time tonight trying to reproduce your method, I'm stumped.
If you set "dhcp-ignore=#known" (not dhcp-ignore=!known) then the dnsmasq process doesn't respond to unknown mac addresses.
If it doesn't respond, then how can it make entries into the webconfig, under dhcp server, dynamic leases?
If I turn dhcp off on the primary eth0 interface, but turn it on for the virtual network on eth0:0, then I can give out ip addresses to the non primary LAN network, which then disables web browsing, and access to samba shares, which is all good.
But what I was aiming for, was an easy way to recognise 'non registered' clients attempting to use the network, before they have been allowed (registered). Then moving them to a static address, which is still allocated by the dhcp server.
Reading the dnsmasq documentation, this all seems possible to do, with some more investigation and testing.
regards mark -
Accepted Answer
what i did was i had 3 virtual interfaces...and each one has it's own dhcp parameters configured for examples parameters means subnet,gateway,ip range etc.
now i also defined
dhcp-ignore=!known
and in the access control i also defined the policy defining in the ip range...and there i defined the last virtual interface as the denied list.
and when the dhcp request was obtained from unregistered mac it was then leased with the ip range of the 3rd virtual interface which had no internet access.
now on viewing in the webconsole i can look at that machine by simply looking at the ip they obtained. if the ip was from the 3rd virtual interface then it was surely the unregistered mac...now simply to register i copy the mac and provide it a static lease and then it is registered...
the above thing just worked fine for me and seems like you want the same...
hope it helps
~prahmod
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »