14

How do I configure dnsmasq to only assign addresses on eth0, not wlan0?

Delan Azabani
  • 528
  • 1
  • 4
  • 10

3 Answers3

16

The man page explains it quite nicely. If it's just DHCP you don't want to run on wlan0 then you can use --no-dhcp-interface=wlan0. If you don't want dnsmasq to listen at all on wlan0 then you can use --except-interface=wlan0.

If you only want dnsmasq to listen on eth0 then you can use --interface=eth0.

chicks
  • 3,639
  • 10
  • 26
  • 36
WheresAlice
  • 5,290
  • 2
  • 23
  • 20
16

For those who like me are confusing on why port 53 is still open for all interfaces regardless which option you put in to limit it. There is one more option that need to be turned on.

-z, --bind-interfaces On systems which support it, dnsmasq binds the wildcard address, even when it is listening on only some interfaces. It then discards requests that it shouldn't reply to. This has the advantage of working even when interfaces come and go and change address. This option forces dnsmasq to really bind only the interfaces it is listening on. About the only time when this is useful is when running another nameserver (or another instance of dnsmasq) on the same machine. Setting this option also enables multiple instances of dnsmasq which provide DHCP service to run in the same machine.

Jin Chen
  • 161
  • 1
  • 2
  • This is exactly the kind of thing that it's easy to overlook but it is key in order to make it work with other DHCP solutions (like in my case a QNAP internal services). Someone should take the three main answers and merge them. This saved my day, thanks – Danielo515 Jul 15 '19 at 16:18
  • 1
    This appears to have no effect on DHCP(v6) ports, even with `no-dhcp-interface`, `interface`, etc. I still see `*:67` and `*:547`. (Version `2.82` on FreeBSD; perhaps it's a regression.) – Kevin P. Barry Dec 23 '20 at 08:19
12

This is also possible from the dnsmasq configuration file, and is documented in Simon Kelley's example file at http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq.conf.example:

# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
#interface=
# Or you can specify which interface _not_ to listen on
#except-interface=
Stefan Lasiewski
  • 22,949
  • 38
  • 129
  • 184