Running on OpenWrt 21.02.0 r16279-5cc0535800. I'm a bit confused when not adding a DHCP config entry in
/etc/config/dhcp for a certain interface. For example I have the following interfaces:
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option device 'br-lan'
list dns '192.168.1.1'
option ipaddr '192.168.1.1'
config interface 'macvlan'
option proto 'static'
option defaultroute '0'
option netmask '255.255.255.255'
option device 'br-lan.20'
option ipaddr '192.168.1.2'
Which belongs to the same subnet. In the
dhcp config file, I had this configuration only (which is only for the interface
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '60m'
option dhcpv4 'server'
list dhcp_option '6,192.168.1.3'
list ra_flags 'none'
From time to time I would have some weird problem happening on a small percentage of connected devices, they would have their gateway IP set to 192.168.1.2 instead of 192.168.1.1. But my thoughts was that because there isn't a DHCP config entry for interface
macvlan, it should not be serving any DHCP advertisements on it, however I was surprised that this was not true when I ran
tcpdump and checked with
netstat -apn that
dnsmasq was listening on all interfaces and serving on both interfaces. I was able to solve this by creating a DHCP entry for
macvlan and setting
option ignore '1'.
My question is, should I always be doing this for any interface I don't want DHCP handling on? Even the WAN interfaces for example? And why is it that if I don't configure a DHCP entry for the interface, that the
dnsmasq assumes that it is alright to serve DHCP on the interface, wouldn't this be considered a bit of security concern?
I created a new vlan subinterface to test and dhcp was not activated on it. However you have an ip overlap on the 2 interfaces there and it makes sense that something like this might happen.
wan interface has ignore option set by default.
That's the default
wan though right? Cause I have
wanc in addition to
wan (another internet link and wireguard vpn link). These were created from the luci GUI, and I'm checking the
dhcp config and there are no entries for them there (only
wan has a config).
So I think it's best to always set the DHCP config with
option ignore '1' instead of leaving it empty, don't you think so?
I think that your usecase is a bit particular. Under normal circumstances it is not needed to disable it. However it doesn't hurt to do it.
Wouldn't it be easier to just set what interfaces dnsmasq should listen on instead of going this roundabout way of setting what not to listen on?
That's what i thought at first, I was under the impression that by leaving the dhcp entry empty for the interface it would mean that
dnsmasq won't be listening on the interface, but apparently it is not the case
That's not what I was talking about. I was specifically talking about configuring dnsmasq to only listen on specific interfaces. See https://openwrt.org/docs/guide-user/base-system/dhcp
Sorry I misunderstood, now I get what you meant. Your idea does work but I'm disliking it because of having too many config places to achieve my goal. I mean there is the
option ignore '1' in
dhcp config, then there is the
interface option in
dnsmasq config. From the GUI side of things, I'm liking the "Ignore interface" under interface dhcp settings more as it feels more confident. The DNS "General Settings">"Listen Interfaces" is barely a text box without autocomplete and feels hidden with all of the other options around it, plus it makes me wonder what "interface" here means, like are they "OpenWRT interfaces" or the
ip a interfaces (cause in OpenWRT 21 they changed how interfaces work, but I'm guessing that it's the
ip a interfaces)?
In any case, I'll be sticking with the "Ignore interface" or
option ignore '1', so thank you all for sharing and clarifying things for me.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.