Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 27

Thread: DHCP/DNS Server

  1. #11
    Master Untangler
    Join Date
    Oct 2013
    Posts
    188

    Default

    Is having the ability to configure multiple address pools on the same interface (for purposes of supporting DHCP-relay agents) going to be in the road map?

  2. #12
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,442

    Default

    Quote Originally Posted by oj88 View Post
    Is having the ability to configure multiple address pools on the same interface (for purposes of supporting DHCP-relay agents) going to be in the road map?
    No, not in the GUI. But you are welcome to suggest that. There is the light bulb icon, top right of the GUI screen.
    https://forums.untangle.com/announcements/43399-feature-requests-bug-reports.html
    It looks like there is a suggestion to up-vote here, already:
    https://untanglengfirewall.featureupvote.com/suggestions/40272/dhcp-relay-gui

    However people are successfully doing DHCP-Relay with dnsmasq now. See these posts for some hints:
    https://forums.untangle.com/networking/43032-dhcp-relay.html

    https://forums.untangle.com/networking/43343-dnsmasq-dhcp-relay-target-ignores-relay-server-ip.html

    Any downstream bugs that were mentioned have been resolved. Good practice would be to explicitly provide dnsmasq with the netmask, as indicated in my posts, (in the above threads).
    Last edited by Jim.Alles; 07-24-2020 at 09:32 AM.
    oj88 likes this.

  3. #13
    Untanglit
    Join Date
    Jul 2020
    Posts
    15

    Default

    Hello,
    I was looking for a way to setup multiple DHCP pools on the same interface. Is that possible with Untangle ?
    Thanks.

  4. #14
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,442

    Default

    Quote Originally Posted by filosad View Post
    Hello,
    I was looking for a way to setup multiple DHCP pools on the same interface. Is that possible with Untangle ?
    Thanks.
    It is.

    Because it is possible in dnsmasq.

    The place to configure that in NGFW is in [Advanced], which is a blank slate for you to get creative on. Here is a screenshot of part of mine.
    This does not address your application, it only indicates the location in the GUI that it can be configured.

    advanced.png


    Please note that when you configure dnsmasq in this way, NGFW does save the settings during upgrades and reboots, to include backup & restore.
    Last edited by Jim.Alles; 07-25-2020 at 07:42 AM.

  5. #15
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,946

    Default

    Yeah it's possible, I'm still stuck on the why...

    I used to be like that, make this huge range, put excluded bits in the middle.

    But now, I guess I'm just lazy. If I need to exclude a range from DHCP I just don't serve it, I use those for static devices. I no longer have servers at the bottom, and network gear at the top of a range. Everything just goes into the bottom. Each block of addresses nice and contiguous.

    The way I think about it now, if I need more than one division for organization, that's when I separate devices into separate IP Networks entirely. The end result is a design that's far more scalable, and when you finally ramp up to the point of needing DHCP relays you can still operate as expected.

    So I'm still stuck on why...

    Yes, this can be done, even through the GUI, but again... why?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #16
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,442

    Default

    Consistency is the most important, I have found (especially as we get older ).
    Here comes the Boolean NOT logic (inside joke - I had to read your post twice.):

    At home, I make my single DHCP range in the middle.
    like .100 to .249

    On some VLANs that won't carry infrastructure bits, .50 to .250

    I put my a printer at a single address consistently at all locations in that lower whitespace
    I put a key desktop client static at another one.
    Of course, NGFW lives down there.

    At the top whitespace, I'll put the Wi-Fi AP's, and a couple of switches.

    And for client devices I want to pay specific attention to, I allow dnsmasq to pick the IP address w/ DHCP, and push the [+] to get it in the "Static DHCP Entries" list.

    Then I will add the few static configured devices (like printer, etc.) in that same list (typing in the MAC address) in order to document them. Don't forget that dnmasq works with the whole (valid) subnet - not just the specified range for DHCP lease assignments.

    In a small network with 25-32 devices, this also gives the dnsmasq DHCP lease selection/assignment algorithm the headroom of 150-200 addresses to work with, for more consistent assignments.

    YMMV!
    Last edited by Jim.Alles; 07-25-2020 at 10:08 AM.

  7. #17
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,283

    Default

    a cool thing that works with dnsmasq's DHCP is that you can define static DHCP assignments outside of the dynamic range. So I usually make my dynamically assigned range .100 to .199 to be used by regular client devices, and then add static assignments in the under .100 and above .200 range for other devices I want to have static addresses still administered by DHCP. This keeps everything nice and orderly.
    Some DHCP servers won't allow a static assignment that's not within the defined dynamic pool.

  8. #18
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,442

    Default

    Quote Originally Posted by johnsonx42 View Post
    a cool thing that works with dnsmasq's DHCP is that you can define static DHCP assignments outside of the dynamic range. So I usually make my dynamically assigned range .100 to .199 to be used by regular client devices, and then add static assignments in the under .100 and above .200 range for other devices I want to have static addresses still administered by DHCP. This keeps everything nice and orderly.
    Some DHCP servers won't allow a static assignment that's not within the defined dynamic pool.
    Exactly.

    And as I ponder this, I know that the information that dnsmasq has about it's DHCP leases is used to inform other logic. In turn, I think adding the static (reserved) assignments helps inform NGFW's awareness of Hostnames. I haven't dug in to verify why I think this is, however.

    It can't hurt
    Last edited by Jim.Alles; 07-28-2020 at 01:27 PM.

  9. #19
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,946

    Default

    Quote Originally Posted by Jim.Alles View Post
    Exactly.

    And as I ponder this, I know that the information that dnsmasq has about it's DHCP leases is used to inform other logic. In turn, I think adding the static (reserved) assignments helps inform NGFW's awareness of Hostnames. I haven't dug in to verify why I think this is, however.

    It can't hurt
    Because the registered host names populate DNSMasq's DNS, those lookups known to Untangle populate the reports by extension automatically. You can do the same thing with properly forwarded zones for more complex networks, but DNSMasq doing DNS and DHCP at the same time means we get a single service to mine for data for hostnames, mac addresses, and IP addresses. Reports uses that data every chance it can!
    Jim.Alles likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #20
    Untangler
    Join Date
    Dec 2017
    Posts
    88

    Default

    Hate to drum this up, but I had a question....

    I am wondering if it is possible; based on a specific MAC Address to utilize the DHCP to assign not just the IP, but the DNS servers as well. I have a feeling I might be able to do this with DNSMASQ, but I'm a little shaky on the configuration of it.

    For my solaredge inverter I would like to set to the 8.8.8.8, 8.8.4.4 DNS servers to avoid issues; while on the computers and mobile devices utilize another DNS server (NextDns).

    I am not sure this would be better configured with VLANs, but I'm not 100% sure how to properly configure a VLAN
    Last edited by flynhawaiian; 07-29-2020 at 12:40 PM.

Page 2 of 3 FirstFirst 123 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2