Best practices for finer control of DHCP and IP Address pools?

[fusionstream]

I've recently taken the time to try and understand dnsmasq (seems pretty straightforward with only a bit of ambiguity in the dnsmasq docs).

Some of the things I'd like to do are
- separate ip ranges depending on interface used and various other parameters (e.g. device class)
- separate dhcp options depending on interface and tag used
- disjoint networks (no access to intranet) depending on various parameters including interface

All of this can be done with dnsmasq. It appears that the best way to get this done is to replace the dnsmasq.conf entirely. What are the implications of this when used in conjunction with the GUI?

On one of my test "guest networks", the "access intranet" option seems to have no bearing on the networks. This guest network also happens to have its SSID hidden. Based on the existing dnsmasq.conf file, the fact that I get an "intranet IP", and ifconfig shows that that interface has no ipv4 address, it would seem that this virtual interface is bridged to my main network. Is this a known issue or expected behaviour?

While I do want ipv6 connectivity, I have no interest in controlling that. Are there any things I should watch out for?

I also see a reference to "lan" in the dnsmasq conf but do not see any "lan" interface or tag. Where does this come from?

Is there a way to manually and completely control the interfaces instead of through the gui?

 

[Jack Yaz]

I've recently taken the time to try and understand dnsmasq (seems pretty straightforward with only a bit of ambiguity in the dnsmasq docs).

Some of the things I'd like to do are
- separate ip ranges depending on interface used and various other parameters (e.g. device class)
- separate dhcp options depending on interface and tag used
- disjoint networks (no access to intranet) depending on various parameters including interface

All of this can be done with dnsmasq. It appears that the best way to get this done is to replace the dnsmasq.conf entirely. What are the implications of this when used in conjunction with the GUI?

On one of my test "guest networks", the "access intranet" option seems to have no bearing on the networks. This guest network also happens to have its SSID hidden. Based on the existing dnsmasq.conf file, the fact that I get an "intranet IP", and ifconfig shows that that interface has no ipv4 address, it would seem that this virtual interface is bridged to my main network. Is this a known issue or expected behaviour?

While I do want ipv6 connectivity, I have no interest in controlling that. Are there any things I should watch out for?

I also see a reference to "lan" in the dnsmasq conf but do not see any "lan" interface or tag. Where does this come from?

Is there a way to manually and completely control the interfaces instead of through the gui?

If you want a "ready-made" solution for guest wireless networks, you could give my script a go: https://www.snbforums.com/threads/y...-merlin-guest-wifi-inc-ssid-vpn-client.45924/

EDIT: I don't have IPv6 on my WAN so its not tested

 

[fusionstream]

If you want a "ready-made" solution for guest wireless networks, you could give my script a go: https://www.snbforums.com/threads/y...-merlin-guest-wifi-inc-ssid-vpn-client.45924/

EDIT: I don't have IPv6 on my WAN so its not tested

Just remembered I have yours installed and it doesn't work with "Access Intranet" so that explains why one of my guest networks is still bridged. That being said, I'd really like to be able to try really wacky configurations (sharing addresses across disjoint networks as 1 example; just to see how it would play) so your script by itself would not be sufficient for my "needs" but thanks and I will still continue using it.

 

[Jack Yaz]

Just remembered I have yours installed and it doesn't work with "Access Intranet" so that explains why one of my guest networks is still bridged. That being said, I'd really like to be able to try really wacky configurations (sharing addresses across disjoint networks as 1 example; just to see how it would play) so your script by itself would not be sufficient for my "needs" but thanks and I will still continue using it.

Yes LAN access is on my to-do (still ). You can use DNS servers on your LAN now, as of a recent version.

It's next on the list once YazFi 3 is out (which will bring amtm compatibility)