Hi list, writing together the problem sometimes brings enlightement:
"bind-interfaces" option does the wanted thing. Thanks for reading! Oliver Am 24.06.2014 23:28, schrieb Oliver Rath: > Hi list, > > i try to restrict the dns of dnsmasq to one interface (3 existing > interfaces, I hided ppp0), but it seems, that it doesnt work. > > My config: > > server=//141.1.1.1 > local=/heimserver/ > address=/owncloud/192.168.0.254 > dhcp-range=set:gw2,192.168.2.50,192.168.2.150,255.255.255.0,12h > dhcp-range=::,constructor:sixxs,ra-names > dhcp-range=::,constructor:p3p1,ra-names > dhcp-option=tag:gw2,128,192.168.2.254 > dhcp-option=252,"http://heimserver/wpad.dat" > dhcp-option-force=208,f1:00:74:7e > dhcp-option-force=210,/opt/dmi/tftproot/ > dhcp-boot=undionly.kkpxe > enable-tftp > tftp-root=/opt/dmi/tftproot > log-queries > log-dhcp > > my ifconfig. > > # ifconfig | grep mtu -A1 > lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 > inet 127.0.0.1 netmask 255.0.0.0 > -- > p1p1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > inet 192.168.0.254 netmask 255.255.255.0 broadcast 192.168.0.255 > -- > p2p1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 > inet 192.168.11.254 netmask 255.255.255.0 broadcast 192.168.11.255 > -- > p3p1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > inet 192.168.2.254 netmask 255.255.255.0 broadcast 192.168.2.255 > > > > So here only p3p1 is addressed here. But if i look for open ports, on > all interfaces 53 is open: > > # nmap 192.168.11.254 > > Starting Nmap 6.25 ( http://nmap.org ) at 2014-06-24 23:16 CEST > Nmap scan report for 192.168.11.254 > Host is up (0.00014s latency). > Not shown: 997 closed ports > PORT STATE SERVICE > 53/tcp open domain > 749/tcp open kerberos-adm > 2000/tcp open cisco-sccp > > Nmap done: 1 IP address (1 host up) scanned in 0.76 seconds > heimserver dnsmasq.d # nmap 192.168.2.254 > > Starting Nmap 6.25 ( http://nmap.org ) at 2014-06-24 23:16 CEST > Nmap scan report for 192.168.2.254 > Host is up (0.00040s latency). > Not shown: 997 closed ports > PORT STATE SERVICE > 53/tcp open domain > 749/tcp open kerberos-adm > 2000/tcp open cisco-sccp > > Nmap done: 1 IP address (1 host up) scanned in 1.72 seconds > heimserver dnsmasq.d # nmap 192.168.0.254 > > Starting Nmap 6.25 ( http://nmap.org ) at 2014-06-24 23:16 CEST > Nmap scan report for heimserver.koenigsteinstr.muc (192.168.0.254) > Host is up (0.00011s latency). > Not shown: 997 closed ports > PORT STATE SERVICE > 53/tcp open domain > 749/tcp open kerberos-adm > 2000/tcp open cisco-sccp > > for being sure, dnsmasq is the only dns-server here, i did this: > > # netstat -vanpe | grep :53 > netstat: no support for `AF INET (sctp)' on this system. > netstat: no support for `AF INET (sctp)' on this system. > tcp 0 0 0.0.0.0:53 0.0.0.0:* > LISTEN 0 1701253 12137/dnsmasq > tcp 0 0 192.168.0.254:5038 192.168.0.1:53788 > VERBUNDEN 101 1666180 27070/asterisk > tcp6 0 0 :::53 :::* > LISTEN 0 1701256 12137/dnsmasq > udp 0 0 0.0.0.0:53 > 0.0.0.0:* 0 1701252 > 12137/dnsmasq > udp6 0 0 :::53 > :::* 0 1701255 > 12137/dnsmasq > netstat: no support for `AF IPX' on this system. > netstat: no support for `AF AX25' on this system. > netstat: no support for `AF X25' on this system. > netstat: no support for `AF NETROM' on this system. > > So whats wrong here? Has dnsmasq problems with interfaces named p1p1, > p2p1 etc. ? > > Tfh! > Oliver > > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss