Hello All,
I wanted to see about how I can get a separate DHCP range that is in a completely different subnet working via the dnsmasq.postconf file found via this tutorial. Here's a general overview of my setup:
Fios > Enterprise firewall > Static Route on firewall pointing to WAN IP of RT-AC3100 > SSID
Background: RT-AC3100 is in routed mode.
For simplicity and masking purposes, I will use different subnets, but will convey the same message:
Regular DHCP Range via normal/main SSID: 10.240.10.0/25
Guest DHCP Range via Guest SSID: 10.241.11.192/26
Below is the config I added to the dnsmasq.postconf file:
#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh
logger "dnsmasq-dhcp: Configure wl1.1 to have special DHCP"
ifconfig wl1.1 10.241.11.194 netmask 255.255.255.192
iptables -D INPUT -i wl1.1 -j ACCEPT
iptables -I INPUT -i wl1.1 -j ACCEPT
ebtables -t broute -D BROUTING -i wl1.1 -p ipv4 -j DROP
ebtables -t broute -I BROUTING -i wl1.1 -p ipv4 -j DROP
pc_append "
log-dhcp
interface=wl1.1
dhcp-range=wl1.1,10.241.11.195,10.241.11.254,255.255.255.192,86400s
dhcp-option=wl1.1,3,10.241.11.193
dhcp-option=wl1.1,6,208.67.222.222,208.68.220.220
" /tmp/etc/dnsmasq.conf
I have tried changing the ifconfig line to be the first IP in the subnet (.193), as well as the dhcp-option to change it to match what is on the ifconfig line. I've also tried (even though I knew it wouldn't work) adding the dhcp-option to make the next-hop gateway the IP of the router's main DHCP range (the management IP of the LAN SSID). I've gotten to the point where hosts that connect to the guest SSID get an IP in the proper Guest DHCP subnet, but traffic never gets to my firewall. I've tried adding a static route for the Guest DHCP range in the LAN > Route section, I've tried without the route...I'm not really sure what I'm missing here.
I guess my question is: is this even possible (two separate subnets aggregating on the RT-AC3100)? I have to assume the answer is yes, and I'm just missing something blatantly obvious, but I'm out of ideas after tinkering with this for multiple hours. Ultimately, I'd like it so the Guest DHCP range leaves the WAN interface (NAT is disabled) and enter my firewall. With each change, I've restarted the service to ensure it's injecting the latest code into the /etc/dnsmasq file.
Any help or insight would be greatly appreciated.
I wanted to see about how I can get a separate DHCP range that is in a completely different subnet working via the dnsmasq.postconf file found via this tutorial. Here's a general overview of my setup:
Fios > Enterprise firewall > Static Route on firewall pointing to WAN IP of RT-AC3100 > SSID
Background: RT-AC3100 is in routed mode.
For simplicity and masking purposes, I will use different subnets, but will convey the same message:
Regular DHCP Range via normal/main SSID: 10.240.10.0/25
Guest DHCP Range via Guest SSID: 10.241.11.192/26
Below is the config I added to the dnsmasq.postconf file:
#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh
logger "dnsmasq-dhcp: Configure wl1.1 to have special DHCP"
ifconfig wl1.1 10.241.11.194 netmask 255.255.255.192
iptables -D INPUT -i wl1.1 -j ACCEPT
iptables -I INPUT -i wl1.1 -j ACCEPT
ebtables -t broute -D BROUTING -i wl1.1 -p ipv4 -j DROP
ebtables -t broute -I BROUTING -i wl1.1 -p ipv4 -j DROP
pc_append "
log-dhcp
interface=wl1.1
dhcp-range=wl1.1,10.241.11.195,10.241.11.254,255.255.255.192,86400s
dhcp-option=wl1.1,3,10.241.11.193
dhcp-option=wl1.1,6,208.67.222.222,208.68.220.220
" /tmp/etc/dnsmasq.conf
I have tried changing the ifconfig line to be the first IP in the subnet (.193), as well as the dhcp-option to change it to match what is on the ifconfig line. I've also tried (even though I knew it wouldn't work) adding the dhcp-option to make the next-hop gateway the IP of the router's main DHCP range (the management IP of the LAN SSID). I've gotten to the point where hosts that connect to the guest SSID get an IP in the proper Guest DHCP subnet, but traffic never gets to my firewall. I've tried adding a static route for the Guest DHCP range in the LAN > Route section, I've tried without the route...I'm not really sure what I'm missing here.
I guess my question is: is this even possible (two separate subnets aggregating on the RT-AC3100)? I have to assume the answer is yes, and I'm just missing something blatantly obvious, but I'm out of ideas after tinkering with this for multiple hours. Ultimately, I'd like it so the Guest DHCP range leaves the WAN interface (NAT is disabled) and enter my firewall. With each change, I've restarted the service to ensure it's injecting the latest code into the /etc/dnsmasq file.
Any help or insight would be greatly appreciated.
