DHCP server giving adresses belonging to another interface

NethServer Version: 7.4
Module: DHCP


I just configured a second LAN interface configured as “Blue” (guests), it’s enp3s6f1 :

I enabled the DHCP server to give adresses on a distinct subnet :

But I discovered that clients connected on that interface were assigned adresses for the green interface, 10.10.5.X !

Logs :
> Dec 12 15:37:19 cloud dnsmasq-dhcp[8186]: DHCP, IP range –, lease time 1d ┤
> Dec 12 15:37:19 cloud dnsmasq-dhcp[8186]: DHCP, IP range –, lease time 1d
> Dec 12 15:37:42 cloud dnsmasq-dhcp[8186]: DHCPREQUEST(enp3s6f1) e0:f8:47:28:9a:30
> Dec 12 15:37:42 cloud dnsmasq-dhcp[8186]: DHCPACK(enp3s6f1) e0:f8:47:28:9a:30 MBPdeisonniaux6

Relevant part of /etc/dnsmasq.conf :

# Enable the DHCP server. Addresses will be given out from the range
# <start-addr> to <end-addr> and from statically defined addresses
# given in dhcp-host options. 
# See db configuration getprop dnsmasq DhcpStatus

Any idea ? Bug ?

At first glanse: Your subnetmask of for 10.10.5.x is overlapping 10.10.6.x subnet


ARGH :fearful:

My bad :frowning: Thats a remnant of an old configuration. I changed the DHCP range but not the interface’s mask.

Thanks @robb, I had the answer in front of my eyes.

PS / Did I mention that @pagaille means more or less “mess” or “confusion” in english ? :smiley:

Don’ t worry…confusion is my middle name… lol
please mark the correct answer so the topic gets marked as solved

Still there is something I still don’t understand.

I configured the blue interface on a separate subnet as instructed on the wiki and the doc. Allright. But what’s the point in this “guest” interface since setting a different subnet would anyway isolate the two networks ? What’s the difference between two green interfaces on separate subnets and the recommended configuration ?

Firewall policies allow inter-zone traffic accordingly to this schema:
Traffic is allowed from left to right, blocked from right to left.


With two green interfaces they can access each other because they are routed and allowed by policy.


Oh RIGHT, they’re routed. That’s the point I was missing.