How to Configure dnsmasq DHCP Server to Bind to Specific Network Interface (eth0)


2 views

When running dnsmasq as a DHCP server in multi-interface environments, you'll often need to restrict DHCP services to specific network interfaces. This is particularly important for security and network segmentation purposes.

The simplest solution is using the interface directive in your dnsmasq configuration file:


# Only listen on eth0
interface=eth0
# Explicitly ignore wlan0
except-interface=wlan0

For stricter control, combine the interface specification with bind-interfaces:


bind-interfaces
interface=eth0

After making changes, restart dnsmasq and verify:


sudo systemctl restart dnsmasq
sudo netstat -tulnp | grep dnsmasq

You should only see dnsmasq listening on eth0's IP address.

Here's a full sample configuration for DHCP on eth0 only:


# /etc/dnsmasq.conf
port=0
interface=eth0
except-interface=lo
bind-interfaces
dhcp-range=eth0,192.168.1.100,192.168.1.200,255.255.255.0,24h
dhcp-option=eth0,3,192.168.1.1
dhcp-option=eth0,6,8.8.8.8,8.8.4.4

When running dnsmasq as a DHCP server on multi-homed systems, it's common to need service isolation between network interfaces. By default, dnsmasq will listen on all available interfaces unless explicitly configured otherwise.

The interface parameter in dnsmasq.conf provides the most straightforward solution:


# Only listen on eth0 for DHCP requests
interface=eth0
no-dhcp-interface=wlan0

For stricter control, you can combine the bind-interfaces flag with interface specification:


bind-interfaces
interface=eth0

After configuration, verify with these commands:


sudo systemctl restart dnsmasq
sudo netstat -tulnp | grep dnsmasq

Here's a full working example for an eth0-only DHCP server:


# /etc/dnsmasq.conf
interface=eth0
no-dhcp-interface=wlan0
dhcp-range=eth0,192.168.1.100,192.168.1.200,24h
dhcp-option=eth0,3,192.168.1.1
dhcp-option=eth0,6,8.8.8.8,8.8.4.4

If DHCP still responds on wlan0:

  1. Check for multiple dnsmasq instances (ps aux | grep dnsmasq)
  2. Verify no wildcard listen directives exist
  3. Ensure config files are in correct locations

For production environments, consider adding:


dhcp-authoritative
log-dhcp