per-pool routers in dhcpd.conf?

Bill Shirley bill at c3po.polymerindustries.biz
Sat Jul 25 16:25:20 UTC 2020 

option routers in the host statement works.  I've used it several times.
If there are many you may want to use a group:
group "IKnowEwe" {
     option routers 192.168.1.21;    # group
     host backup-pc        { hardware ethernet 00:24:99:33:b3:b3; }    # backup-pc
host backup-pc2       { hardware ethernet 00:24:99:33:b3:b4; }    # backup-pc
.
.
}

You can use tcpdump on the DHCP server to see what options are asked for and
what options are sent:
tcpdump -vv -e -n -i eth0 portrange 67-68
Make sure the clients are asking for and receiving option 3.

My DNS runs on my gateway server and I force all devices to use my DNS with
iptables.  In the nat table:
REDIRECT   tcp  --  *      * 192.168.1.0/24        0.0.0.0/0       tcp dpt:53 /* domain inet */ redir ports 53
REDIRECT   udp  --  *      * 192.168.1.0/24        0.0.0.0/0       udp dpt:53 /* domain inet */ redir ports 53

Bill

On 7/25/2020 10:23 AM, Alexis Huxley wrote:
> Hi, I have dhcpd.conf at home containing:
>
> 	host { ... }
> 	...
> 	
> 	subnet 192.168.1.0 netmask 255.255.255.0 {
> 	    option routers 192.168.1.1;
> 	    option domain-name "pasta.net";
> 	    option domain-name-servers 192.168.1.21;
> 	    option ntp-servers time.pasta.net;
> 	
>              #  1-100 are reserved for statically configured hosts.
>
> 	    #  101-150 are reserved for known dynamic hosts (known because they're in host stanzas above).
>              #  e.g. my Android phone on wifi.
> 	    pool {
> 	        range 192.168.1.101 192.168.1.150;
> 	        allow known-clients;
> 	        deny unknown-clients;
> 	    }
> 	
> 	    #  151-200 are for unknown dynamic hosts. e.g. visitors' phones on wifi.
> 	    pool {
> 	        range 192.168.1.151 192.168.1.200;
> 	        allow unknown-clients;
> 	        deny known-clients;
> 	    }
> 	}
>
> This works fine.
>
> I now want to force 'known dynamic hosts'' to use a different gateway.
>
> (In case you're curious: Since, when using wifi, my Android
> phone silently refuses to use the DNS server proposed by the above
> dhcpd.conf, I now want to change the phone's gateway to a masqueraing
> Linux box, where I can hopefully use iptables to force the phone to
> use the DNS server proposed by the DHCP server, and thereby block ads.)
>
> The dhcpd.conf man page says:
>
> 	In general, any parameter can appear anywhere that parameters
> 	are allowed, and will be applied according to the scope in which
> 	the parameter appears.
>
> and I don't see anything special documented about 'option routers'.
>
> So I thought this should work:
>
>          subnet 192.168.1.0 netmask 255.255.255.0 {
>              #option routers 192.168.1.1;               <--- commented out at subnet level
> 	    ...
>
>              pool {
>                  range 192.168.1.101 192.168.1.150;
>                  ...
>                  option routers 192.168.1.32;           <--- this is the different gateway
>              }
>
>              pool {
>                  range 192.168.1.151 192.168.1.200;
>                  ...
>                  option routers 192.168.1.1;            <--- this is the original gateway
>              }
>
> but it looks like *no* host gets told its gateway.
>
> To confirm that it wasn't a problem with my new gateway itself, I
> put the original gateway in *both* pools, i.e. only the *location* of
> the router declaration changes compared to the original configuration:
>
>          subnet 192.168.1.0 netmask 255.255.255.0 {
>              #option routers 192.168.1.1;               <--- commented out at subnet level
> 	    ...
>
>              pool {
>                  range 192.168.1.101 192.168.1.150;
>                  ...
>                  option routers 192.168.1.1;            <--- this is the original gateway
>              }
>
>              pool {
>                  range 192.168.1.151 192.168.1.200;
>                  ...
>                  option routers 192.168.1.1;            <--- this is the original gateway
>              }
>
> The result was the same: no gateway.
>
> My googles didn't turn up anything relevant and my experiments (using
> 'groups' failed), so any advice would be appreciated. I'm using
> isc-dhcp-server 4.4.1 on Debian 10. Thanks!
>
> Alexis
> _______________________________________________
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20200725/b9d41e32/attachment-0001.htm>

More information about the dhcp-users mailing list