[pve-devel] internal dhcp server, where to put dhcp configuration ?

Alexandre DERUMIER aderumier at odiso.com
Sat Aug 24 08:28:16 CEST 2013


>>1) We need to restrict dnsmasq to only reply to configured internal vm 
>>(Iptables Or maybe can we configure directly dnsmasq to only reply for specific mac address ???) 

dnsmasq way:
------------
# Ignore any clients which are not specified in dhcp-host lines
# or /etc/ethers. Equivalent to ISC "deny unknown-clients".
# This relies on the special "known" tag which is set when
# a host is matched.
dhcp-ignore=tag:!known

# Always allocate the host with Ethernet address 11:22:33:44:55:66
# The IP address 192.168.0.60
dhcp-host=11:22:33:44:55:66,192.168.0.60


(But I don't known how to reload dnsmasq config. (We can also pass config options as command line arguments))



----- Mail original ----- 

De: "Alexandre DERUMIER" <aderumier at odiso.com> 
À: "Dietmar Maurer" <dietmar at proxmox.com> 
Cc: "pve.proxmox.com" <pve-devel at pve.proxmox.com> 
Envoyé: Samedi 24 Août 2013 08:10:56 
Objet: Re: [pve-devel] internal dhcp server, where to put dhcp configuration ? 

>>What if some VMs on the bridge require the external dhcp server? 


>>I guess we also can do that with iptables, by restricting access to internal server 
>>for VMs with dhcp configured (or is the an easier way)? 

Yes, I think it should work like this. restriction for macaddress of virtual machines with ip configured by example. 
So it should also works for vm which need an external dhcp server. 

We can add dynamic iptables rules on vm start in pve-bridge script. 



1) We need to restrict dnsmasq to only reply to configured internal vm 
(Iptables Or maybe can we configure directly dnsmasq to only reply for specific mac address ???) 


2) We need to block dhcp queries from configured internal vms to go outside the bridge. 
(we don't want that an external dhcp server respond to this queries) 


----- Mail original ----- 

De: "Dietmar Maurer" <dietmar at proxmox.com> 
À: "Alexandre DERUMIER" <aderumier at odiso.com> 
Cc: "pve.proxmox.com" <pve-devel at pve.proxmox.com> 
Envoyé: Vendredi 23 Août 2013 18:28:24 
Objet: RE: [pve-devel] internal dhcp server, where to put dhcp configuration ? 

> > I think we should block incoming dhcp requests from outside world with 
> > iptables. 
> > As with dhcp, this is random, the fastest dhcp server to respond win. 
> 
> What if some VMs on the bridge require the external dhcp server? 

I guess we also can do that with iptables, by restricting access to internal server 
for VMs with dhcp configured (or is the an easier way)? 
_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 



More information about the pve-devel mailing list