What's new

Separate internal DNS vs Guest Access

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

vlord

Regular Contributor
I have wl0.1 and wl1.1 setup as guest wireless access on my home network. I maintain and run internal DNS, however, these servers are not accessible from the guest network. I would like to setup the guest network to utilise external DNS for resolution. Following some other posts, I have configured /jffs/config/dnsmasq.conf as follows:

Code:
ASUSWRT-Merlin RT-AC66U_3.0.0.4 Sun Aug 25 02:38:25 UTC 2013
admin@LH-RTR:/tmp/home/root# cat /jffs/configs/dnsmasq.conf 
pid-file=/var/run/dnsmasq.pid
user=nobody
resolv-file=/tmp/resolv.conf
no-poll
interface=br0
min-port=4096
domain=lords-house.net
expand-hosts
no-negcache
cache-size=1500
dhcp-range=lan,192.168.212.100,192.168.212.199,255.255.255.0,86400s
dhcp-lease-max=253
dhcp-authoritative
dhcp-option=lan,15,lords-house.net
dhcp-option=lan,3,192.168.212.1
dhcp-option=lan,6,192.168.212.5,192.168.212.6
interface=wl0.1
dhcp-range=wl0.1,192.168.212.200,192.168.212.224,255.255.255.0,3600s
dhcp-option=wl0.1,15,24guest.local
dhcp-option=wl0.1,3,192.168.212.1
dhcp-option=wl0.1,6,75.75.75.75,76.76.76.76
interface=wl1.1
dhcp-range=wl1.1,192.168.212.225,192.168.212.250,255.255.255.0,3600s
dhcp-option=wl1.1,15,58guest.local
dhcp-option=wl1.1,3,192.168.212.1
dhcp-option=wl1.1,6,75.75.75.75,76.76.76.76
admin@LH-RTR:/tmp/home/root#

The result of the above is that wl0.1 and wl1.1 are not following the rules that I intended above.

Suggestions?
 
In troubleshooting my own issue, this is from my logs:

Code:
Sep 17 09:20:57 dnsmasq[635]: warning: interface wl0.1 does not currently exist

Normally you can find the names in /etc/config/network but that doesn't exist on this build. Any ideas where to look for interface names and/or how to set wl0.1 to an interface name?
 
In troubleshooting my own issue, this is from my logs:

Code:
Sep 17 09:20:57 dnsmasq[635]: warning: interface wl0.1 does not currently exist

Normally you can find the names in /etc/config/network but that doesn't exist on this build. Any ideas where to look for interface names and/or how to set wl0.1 to an interface name?

That simply means that dnsmasq was started before virtual interfaces got set up. That's not necessarily an indication of a problem.
 
Stopped and restarted dnsmasq after verifying wl0.1 is up.

Code:
admin@LH-RTR:/rom# ifconfig -a
br0        Link encap:Ethernet  HWaddr 50:46:5D:D1:81:A0  
           inet addr:192.168.212.1  Bcast:192.168.212.255  Mask:255.255.255.0
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:392192 errors:0 dropped:0 overruns:0 frame:0
           TX packets:252743 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0 
           RX bytes:57023881 (54.3 MiB)  TX bytes:52419948 (49.9 MiB)

eth0       Link encap:Ethernet  HWaddr 50:46:5D:D1:81:A0  
           inet addr:71.230.212.208  Bcast:71.230.215.255  Mask:255.255.248.0
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:5027089 errors:0 dropped:0 overruns:0 frame:0
           TX packets:3261167 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000 
           RX bytes:2749316963 (2.5 GiB)  TX bytes:837842192 (799.0 MiB)
           Interrupt:4 Base address:0x2000 

eth1       Link encap:Ethernet  HWaddr 50:46:5D:D1:81:A0  
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:330793 errors:0 dropped:0 overruns:0 frame:159776
           TX packets:529863 errors:18 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000 
           RX bytes:120601549 (115.0 MiB)  TX bytes:287895893 (274.5 MiB)
           Interrupt:3 Base address:0x8000 

eth2       Link encap:Ethernet  HWaddr 50:46:5D:D1:81:A4  
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:303967 errors:0 dropped:0 overruns:0 frame:3338850
           TX packets:1385264 errors:36 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000 
           RX bytes:50052432 (47.7 MiB)  TX bytes:1822780939 (1.6 GiB)
           Interrupt:5 Base address:0x8000 

lo         Link encap:Local Loopback  
           inet addr:127.0.0.1  Mask:255.0.0.0
           UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
           RX packets:689 errors:0 dropped:0 overruns:0 frame:0
           TX packets:689 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0 
           RX bytes:136779 (133.5 KiB)  TX bytes:136779 (133.5 KiB)

vlan1      Link encap:Ethernet  HWaddr 50:46:5D:D1:81:A0  
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:1428382 errors:0 dropped:0 overruns:0 frame:0
           TX packets:1494988 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0 
           RX bytes:204204271 (194.7 MiB)  TX bytes:522456027 (498.2 MiB)

vlan2      Link encap:Ethernet  HWaddr 50:46:5D:D1:81:A0  
           BROADCAST MULTICAST  MTU:1500  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0 
           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

wl0.1      Link encap:Ethernet  HWaddr 50:46:5D:D1:81:A1  
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:1824 errors:0 dropped:0 overruns:0 frame:159776
           TX packets:55354 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000 
           RX bytes:183931 (179.6 KiB)  TX bytes:9313875 (8.8 MiB)

wl1.1      Link encap:Ethernet  HWaddr 50:46:5D:D1:81:A5  
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:3338850
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000 
           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

admin@LH-RTR:/rom#

Code:
Sep 17 13:53:35 dnsmasq[670]: started, version 2.65 cachesize 1500
Sep 17 13:53:35 dnsmasq[670]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack
Sep 17 13:53:35 dnsmasq[670]: warning: interface wl0.1 does not currently exist
Sep 17 13:53:35 dnsmasq-dhcp[670]: DHCP, IP range 192.168.22.200 -- 192.168.22.224, lease time 1h
Sep 17 13:53:35 dnsmasq-dhcp[670]: DHCP, IP range 192.168.212.100 -- 192.168.212.199, lease time 1d
 
What appears to be happening is that my guest wireless lan is pinned to br0 for DHCP:

Note my iphone receiving DHCP across br0.

Code:
Sep 17 14:51:45 dnsmasq[928]: started, version 2.65 cachesize 1500
Sep 17 14:51:45 dnsmasq[928]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack
Sep 17 14:51:45 dnsmasq-dhcp[928]: DHCP, IP range 192.168.22.200 -- 192.168.22.224, lease time 1h
Sep 17 14:51:45 dnsmasq-dhcp[928]: DHCP, IP range 192.168.212.100 -- 192.168.212.199, lease time 1d
Sep 17 14:51:45 dnsmasq[928]: read /etc/hosts - 5 addresses
Sep 17 14:51:45 dnsmasq[928]: using nameserver 75.75.76.76#53
Sep 17 14:51:45 dnsmasq[928]: using nameserver 75.75.75.75#53
Sep 17 14:52:29 dnsmasq-dhcp[928]: DHCPREQUEST(br0) 192.168.212.168 3c:d0:f8:30:56:e9 
Sep 17 14:52:29 dnsmasq-dhcp[928]: DHCPACK(br0) 192.168.212.168 3c:d0:f8:30:56:e9 Vincents-iPhone
 
In doing some further research, br0 is a bridge interface of all the internal available interfaces:

Code:
admin@LH-RTR:/tmp/home/root# brctl show
bridge name	bridge id		STP enabled	interfaces
br0		8000.50465dd181a0	yes		vlan1
							eth1
							eth2
							wl0.1
							wl1.1

I deleted wl0.1 and wl1.1 from br0 and created a br1 with IP 192.168.2.1.

Code:
admin@LH-RTR:/tmp/home/root# brctl show
bridge name	bridge id		STP enabled	interfaces
br0		8000.50465dd181a0	yes		vlan1
							eth1
							eth2
br1		8000.50465dd181a1	yes		wl0.1
							wl1.1

I then killall dnsmasq and changed /etc/dnsmasq.conf (get this to work real time then focus on storing changes for reboot).

Code:
admin@LH-RTR:/tmp/home/root# cat /etc/dnsmasq.conf 
pid-file=/var/run/dnsmasq.pid
user=nobody
resolv-file=/tmp/resolv.conf
no-poll
except-interface=eth0
min-port=4096
domain=lords-house.net
expand-hosts
no-negcache
cache-size=1500
dhcp-range=br0,192.168.212.100,192.168.212.199,255.255.255.0,86400s
dhcp-lease-max=253
dhcp-authoritative
dhcp-option=br0,15,lords-house.net
dhcp-option=br0,3,192.168.212.1
dhcp-option=br0,6,192.168.212.5,192.168.212.6
dhcp-range=br1,192.168.2.100,192.168.2.200,255.255.255.0,3600s
dhcp-option=br1,15,guest.local
dhcp-option=br1,3,192.168.2.1
dhcp-option=br1,6,75.75.75.75,76.76.76.76
admin@LH-RTR:/tmp/home/root#

Result was then when asking for dhcp was still pinned to br0:
Code:
Sep 17 17:12:22 dnsmasq[571]: started, version 2.65 cachesize 1500
Sep 17 17:12:22 dnsmasq[571]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack
Sep 17 17:12:22 dnsmasq-dhcp[571]: DHCP, IP range 192.168.2.100 -- 192.168.2.200, lease time 1h
Sep 17 17:12:22 dnsmasq-dhcp[571]: DHCP, IP range 192.168.212.100 -- 192.168.212.199, lease time 1d
Sep 17 17:12:22 dnsmasq[571]: read /etc/hosts - 5 addresses
Sep 17 17:12:22 dnsmasq[571]: using nameserver 75.75.76.76#53
Sep 17 17:12:22 dnsmasq[571]: using nameserver 75.75.75.75#53
Sep 17 17:12:42 dnsmasq-dhcp[571]: DHCPREQUEST(br0) 192.168.212.168 3c:d0:f8:30:56:e9 
Sep 17 17:12:42 dnsmasq-dhcp[571]: DHCPACK(br0) 192.168.212.168 3c:d0:f8:30:56:e9 Vincents-iPhone

And so I'm still stuck..

Thoughts or suggestions on how to have my guest wireless separated with different dhcp scope and dns servers? I saw some other threads where people were trying to do something similar but didn't see a particular success thread.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top