I just configured a second LAN interface configured as “Blue” (guests), it’s enp3s6f1 :
I enabled the DHCP server to give adresses on a distinct subnet :
But I discovered that clients connected on that interface were assigned adresses for the green interface, 10.10.5.X !
Logs :
> Dec 12 15:37:19 cloud dnsmasq-dhcp[8186]: DHCP, IP range 10.10.6.1 – 10.10.6.253, lease time 1d ┤
> Dec 12 15:37:19 cloud dnsmasq-dhcp[8186]: DHCP, IP range 10.10.5.1 – 10.10.5.254, lease time 1d
> Dec 12 15:37:42 cloud dnsmasq-dhcp[8186]: DHCPREQUEST(enp3s6f1) 10.10.5.4 e0:f8:47:28:9a:30
> Dec 12 15:37:42 cloud dnsmasq-dhcp[8186]: DHCPACK(enp3s6f1) 10.10.5.4 e0:f8:47:28:9a:30 MBPdeisonniaux6
Relevant part of /etc/dnsmasq.conf :
# Enable the DHCP server. Addresses will be given out from the range
# <start-addr> to <end-addr> and from statically defined addresses
# given in dhcp-host options.
# See db configuration getprop dnsmasq DhcpStatus
Still there is something I still don’t understand.
I configured the blue interface on a separate subnet as instructed on the wiki and the doc. Allright. But what’s the point in this “guest” interface since setting a different subnet would anyway isolate the two networks ? What’s the difference between two green interfaces on separate subnets and the recommended configuration ?
Firewall policies allow inter-zone traffic accordingly to this schema:
GREEN → BLUE → ORANGE → RED
Traffic is allowed from left to right, blocked from right to left.