# Dnsmasq issues

## vaguy02

Everyone,

I'm having issues with my router setup (new). I have dnsmasq set up, to listen on 4 interfaces, and I have dhcp-ranges set up for each interface and iptables rules set up accordingly. But some computers get a address no problem, others get addresses but no internet connectivity and some don't get addresses at all. I'm at a loss. I'm not sure what to do.

dnsmasq.conf

 *Quote:*   

> 
> 
> dhcp-range=eth1,192.168.0.100,192.168.0.250,255.255.0.0,72h
> 
> dhcp-range=eth2,192.168.1.100,192.168.1.250,255.255.0.0,72h
> ...

 

ifconfig

 *Quote:*   

> 
> 
> eth0      Link encap:Ethernet  HWaddr <<external mac>>
> 
>           inet addr:<<external ip>>  Bcast:<<bcast>>  Mask:<<mask>>
> ...

 

 *Quote:*   

> 
> 
> #First we flush our current rules
> 
> echo "Starting Firewall"
> ...

 

Let me know if you need anything else.

----------

## di1bert

Not related, but still worth thinking about...

If you're going to hide your public IP address, hide your broadcast and netmask addresses as well. Anyone worth their salt in

networking can easily find you public IP address using those last two pieces of information....

-em

----------

## think4urs11

just for my understanding:

why do you use /16 networks internally when each of your scopes would fit in a /24 as well?

----------

## vaguy02

 *Quote:*   

> If you're going to hide your public IP address, hide your broadcast and netmask addresses as well. Anyone worth their salt in 
> 
> networking can easily find you public IP address using those last two pieces of information.... 

 

Not actually on that IP anymore, but either way, good call   :Twisted Evil: 

 *Quote:*   

> why do you use /16 networks internally when each of your scopes would fit in a /24 as well?

 

This was done to allow communications between computers on different C networks. Ie. 192.168.1.108 can talk to 192.168.0.153

----------

## cyrillic

 *vaguy02 wrote:*   

>  *Quote:*   why do you use /16 networks internally when each of your scopes would fit in a /24 as well? 
> 
> This was done to allow communications between computers on different C networks. Ie. 192.168.1.108 can talk to 192.168.0.153

 

This will prevent them from communicating, unless you have your router's eth1, eth2, eth3, and eth4 all plugged into a common hub / switch.

----------

## vaguy02

Okay, Now I'm throughly confused. I thought 255.255.0.0 was less restrictive, not more restrictive than 255.255.255.0? Apparently I don't fully understand masking then.

But either way, I don't think that addresses my concern, because even if they are unable to communicate between networks, they should be able to get a DHCP address on that network from the router using the eth for that network, correct?

And no, the only common point between all 4 networks is my router. There is no switch or hub common to each part.

----------

## cyrillic

If you use 255.255.0.0 as your netmask, then 192.168.1.108 will think that 192.168.0.153 is on the same network segment, and will try (unsuccessfully) to communicate directly with it.

If you use 255.255.255.0 as your netmask, then 192.168.1.108 will think that 192.168.0.153 is on a different network, and will try to contact it via the default gateway (your router).

BTW, None of this should affect DHCP.

----------

## vaguy02

 *Quote:*   

> BTW, None of this should affect DHCP.

 

Agreed. But I will make the masking changes you suggested. Thanks

I still believe I have something wrong in the dnsmasq settings, it should be able to do this without issue.

----------

## think4urs11

After rereading the infos you've provided and without checking that on a test system...

It can be possible that the incorrect usage of network masks and broadcast addresses is the root cause for your issue.

Having an IP address 192.168.[0123].1, network mask 255.255.0.0 and a broadcast address of 192.168.[0123].255 is nothing but plain wrong. Either the mask is too wide or the broadcast address needs to be 192.168.255.255 on _all_ eth1-4 interfaces. (I'd narrow the mask to /24)

The DHCP server gets confused about which interface to use when it tries to send the answer to an incoming dhcp request back to the requesting client.

----------

## cyrillic

I wasn't even thinking from the router's point of view, but yeah having the wrong broadcast address could really confuse things, including DHCP.

----------

## vaguy02

That might have been it. I don't see any issues so far.....

Can I ask a related question? I have the firewall working on the filtering side of things, but the nat, mangle  etc are pretty wide open, but everytime I try to close off those, I keep getting locked out. Are there any good guides on nat and mangle filter like the packet filter side?

----------

