[ previous ] [ next ] [ threads ]
 
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  "'sylikc'" <sylikc at gmail dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Different DHCP DNS Server list per Interface
 Date:  Tue, 14 Sep 2004 11:26:26 -0400
I should of pointed out that without a hack I do not know a way to do this
though the default WebGUI. I probably should of held my response - it was
very close to the end of a very long day... ;-)

IMHO the DHCP supplied in devices such as m0n0 is intended to be simple and
lightweight. They generally do not have the full complement of scope
options. The WINS server is supplied, but is the NBT node type? (On a
Windows DHCP server these are usually given out together) I could check, but
I'm too lazy to go upstairs, fire up my son's pc, and do an ipconfig /all.

My advice would be to use a separate DHCP for your LAN, giving you the full
flexibility of scope options. Let the "untrusted" guest users use the DNS
Forwarder on the m0n0 - which should use the DNS supplied by your ISP. Do
not give out WINS to the "untrusted". Your DMZ should be statically assigned
IP - I assume this subnet contains just a few servers. The DMZ could still
use the DNS (and WINS if you need it) on your LAN, but you will need rules
to allow the traffic to the LAN.

_________________________________
James W. McKeand


-----Original Message-----
From: sylikc [mailto:sylikc at gmail dot com] 
Sent: Monday, September 13, 2004 11:15 PM
To: James W. McKeand
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Different DHCP DNS Server list per Interface

James,

> My DHCP/DNS config On my tri-interface m0n0 (WAN, LAN, LAN2) in a nut
shell:
> On my m0n0 DNS is supplied by ISP via DHCP, DNS forwarding is enabled, 
> WAN DNS override is enabled. DHCP is enabled for the LAN2 interface only.
> On my SERVER uses the m0n0's LAN IP as a forwarder for the its DNS
services.

> On my LAN the client machines get IP from DHCP on my SERVER and use 
> the SERVER as DNS.
> On my LAN2 the client machines get IP from DHCP on the m0n0 and use 
> the m0n0's LAN2 IP as DNS.

Enabling DHCP only on the LAN2 interface defeats the purpose of the
question.  (If you don't used DHCP on your LAN, of course you can set DNS to
whatever you want... or using another server to act as DHCP isn't using m0n0
;P).  I would like to run DHCP thru m0n0 on all my interfaces, but assign
different DNS servers per interface.  I'm aware that if you set the DNS
forwarder on, m0n0 provides it's interface IP as the DNS server.  However,
if the WAN DNS override is set to off, in the end all resolution is still
sent to the DNS server I set in general setup.

The functionality I'm looking for, or would like to know if a hack is even
possible for... is the same way the WINS can be configured PER interface.
So, the WINS server on LAN can be different than the WINS server on LAN2
(both handed out via DHCP through m0n0wall).  Is a hack of such a system
even possible?  It would be extremely useful, especially since I plan to
have my LAN use a DNS server over VPN, while I don't want the other
untrusted hosts using that DNS server...


/sylikc

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch