Skip to content

Instantly share code, notes, and snippets.

@tienthanh2509

tienthanh2509/dnsmasq.conf

Created February 15, 2021 11:20
Show Gist options
  • Save tienthanh2509/ef14d2bf0cf0480ea45839d1071627fa to your computer and use it in GitHub Desktop.
Save tienthanh2509/ef14d2bf0cf0480ea45839d1071627fa to your computer and use it in GitHub Desktop.
Download ZIP
Additional subnet/interface for dnsmasq
Raw
dnsmasq.conf
# Guest network
interface=interface:br-guest
listen-address=192.168.3.1
dhcp-range=interface:br-guest,192.168.3.50,192.168.3.250,255.255.255.0,1h
dhcp-option=interface:br-guest,6,8.8.8.8,8.8.4.4
dhcp-option=interface:br-guest,15,guest.pt-infra.net
@tienthanh2509
Copy link
Author 

iptables -I INPUT -i br-guest -p udp --dport 67:68 --sport 67:68 -j ACCEPT
iptables -A INPUT -i br-guest -j ACCEPT
iptables -A FORWARD -i br-guest -o br-guest -j ACCEPT
iptables -A FORWARD ! -o br-guest -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -A FORWARD -i br-guest -j ACCEPT

NAT

iptables -t nat -A POSTROUTING -s 192.168.3.0/24 -d 192.168.3.0/24 -o br-guest -j SNAT --to-source 192.168.3.1
iptables -t nat -A POSTROUTING -s 192.168.3.0/24 -o ppp0 -j SNAT --to-source <public/external ip>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment