I have 3 hosts each connect to a different VLAN, the DHCP server is working fine, it gives all hosts dynamic IPs. My issue is when it comes to iptables rules I can't prevent host 2,3 from a specific service, I wanted only host 1 to communicate with it. But the issue is all my IPs are dynamic (172.16.28.0/22) so I couldn't figure a way to prevent host 2 and 3 as they all in the same subnet. My query is how can I make dhcp gives a range for all each vlan?
Or how can I make the dhcc on dnsmasq.conf can gives 3 different subnets within the same mask 172.16.28.0/22 for example:
172.16.28.1 to 172.16.28.255 for vlan 1
172.16.29.1 to 172.16.28.255 for vlan 2
172.16.30.1 to 172.16.28.255 for vlan 3
I could've delete all vlans and makes each has its own IPs subnet but then I think I need to create 3 dhcp server for each one, which is I think it is really bad solution doesn't seem professional.
My current dnsmasq.conf:
port=0
domain=cyber.test
dhcp-authoritative
#mask
dhcp-option=1,255.255.252.0
#gateway ip
dhcp-option=3,172.16.31.254
dhcp-option=4,8.8.8.8
#time to live
dhcp-option=23,31
dhcp-range=172.25.28.1,172.25.28.220,255.255.252.0,40m
That gives all the ips 172.16.28.0/22 dynamic but as I said I have to distinuges between each vlan so I can allow/prevent in iptables in firewall. So how can I create dnsmasq.conf with single dhcp but multiple vlans or multiple subnets