[Cerowrt-devel] dnsmasq ipv6 stuff

[Cerowrt-devel] dnsmasq ipv6 stuff

[Dave Taht]

[-- Attachment #1: Type: text/plain, Size: 3608 bytes --]

I put up the ongoing issues with getting a dhcp-pd prefix assigned to sub
interfaces here:

https://www.bufferbloat.net/issues/422

After prefixes are assigned (somehow)

and after running through the examples in the dnsmasq-test11 tarball,
it sounds like what we want by default is stateless dhcp,
automatic slaac,
automatic naming from dhcp, dhcpv6 and slaac addresses,
and the ability to pick up dynamically assigned prefixes on the interfaces.

I think that's this in /etc/dnsmasq.conf

dhcp-range=se00,1234::, ra-stateless, ra-names
dhcp-range=sw00,1234::, ra-stateless, ra-names
dhcp-range=sw10,1234::, ra-stateless, ra-names
dhcp-range=gw00,1234::, ra-stateless, ra-names
dhcp-range=gw10,1234::, ra-stateless, ra-names

It's kind of unclear to me what 1234 could be replaced with.
"ce30" works for me...

Quick side note -  this is another feature in this release:
"          Add the ability to act as an authoritative DNS
            server. Dnsmasq can now answer queries from the wider 'net
            with local data, as long as the correct NS records are set
            up. Only local data is provided, to avoid creating an open
            DNS relay. Zone transfer is supported, to allow secondary
            servers to be configured."

Not sure how this works. Wider net shouldn't get private As, but AAAAs
would be awesome.

From the other examples in the test tarball

# Do DHCP and Router Advertisements for this subnet. Set the A bit in the
RA
# so that clients can use SLAAC addresses as well as DHCP ones.
#dhcp-range=1234::2, 1234::500, slaac

dhcp-range=1234::, ra-stateless, ra-names
# Enable DHCPv6. Note that the prefix-length does not need to be specified
# and defaults to 64 if missing/
#dhcp-range=1234::2, 1234::500, 64, 12h

# Do Router Advertisements, BUT NOT DHCP for this subnet.
#dhcp-range=1234::, ra-only

# Do Router Advertisements, BUT NOT DHCP for this subnet, also try and
# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack
# hosts. Use the DHCPv4 lease to derive the name, network segment and
# MAC address and assume that the host will also have an
# IPv6 address calculated using the SLAAC alogrithm.
#dhcp-range=1234::, ra-names

# Do Router Advertisements, BUT NOT DHCP for this subnet.
# Set the lifetime to 46 hours. (Note: minimum lifetime is 2 hours.)
#dhcp-range=1234::, ra-only, 48h

# Do DHCP and Router Advertisements for this subnet. Set the A bit in the
RA
# so that clients can use SLAAC addresses as well as DHCP ones.
#dhcp-range=1234::2, 1234::500, slaac

# Do DHCP and Router Advertisements for this subnet. Set the A bit in the
RA
# so that clients can use SLAAC addresses as well as DHCP ones.
#dhcp-range=1234::2, 1234::500, slaac

# Do Router Advertisements and stateless DHCP for this subnet. Clients will
# not get addresses from DHCP, but they will get other configuration
information.
# They will use SLAAC for addresses.
#dhcp-range=1234::, ra-stateless

# Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses
# from DHCPv4 leases.
#dhcp-range=1234::, ra-stateless, ra-names

# Do router advertisements for all subnets where we're doing DHCPv6
# Unless overriden by ra-stateless, ra-names, et al, the router
# advertisements will have the M and O bits set, so that the clients
# get addresses and configuration from DHCPv6, and the A bit reset, so the
# clients don't use SLAAC addresses.
#enable-ra




-- 
Dave Täht

Fixing bufferbloat with cerowrt:
http://www.teklibre.com/cerowrt/subscribe.html

[-- Attachment #2: Type: text/html, Size: 4101 bytes --]

Re: [Cerowrt-devel] dnsmasq ipv6 stuff

[Chris Lawrence]

On Tue, Jan 22, 2013 at 1:40 AM, Dave Taht <dave.taht@gmail.com> wrote:
> I think that's this in /etc/dnsmasq.conf
>
> dhcp-range=se00,1234::, ra-stateless, ra-names
> dhcp-range=sw00,1234::, ra-stateless, ra-names
> dhcp-range=sw10,1234::, ra-stateless, ra-names
> dhcp-range=gw00,1234::, ra-stateless, ra-names
> dhcp-range=gw10,1234::, ra-stateless, ra-names
>
> It's kind of unclear to me what 1234 could be replaced with.
> "ce30" works for me...

Using ::1 on each will autoassign the addresses based on the address
of the interface, which seems like a sensible default no matter what
network address you have.  Having said that I found that with
ra-stateless enabled, at least one device on my network would send
DHCPv6 requests that crashed dnsmasq.  So I have:

dhcp-range=::1,constructor:se00,ra-names
(etc.)

I think with test11 that can be further simplified to:

dhcp-range=::1,constructor:*,ra-names

This uses SLAAC only, which seems sufficient for my network purposes.
I tried adding an end to the range to see if that was the problem with
DHCP, but that doesn't seem to help, at least in test10.

The other thing I noticed in 3.7.2-4 is that both dnsmasq and
dnsmasq-dhcpv6 are installed, but the dnsmasq binary is actually the
non-v6 version unless you reinstall the dnsmasq-dhcpv6 package
(according to upstream OpenWRT, only one or the other should be
installed since they conflict).


Chris

Re: [Cerowrt-devel] dnsmasq ipv6 stuff

[Maciej Soltysiak]

[-- Attachment #1: Type: text/plain, Size: 2277 bytes --]

Something doesn't add up for me. Editing /etc/dnsmasq.conf and restarting
yields a process:

/usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf

Now, /var/etc/dnsmasq.conf, being compiled from /etc/config/dhcp doesn't
seem to have the settings from /etc/dnsmasq.conf
Also, things like ra-names in /etc/dnsmasq.conf doesn't seem to add
--enable-ra to runtime options.

Am I wrong in thinking that /etc/dnsmasq.conf, although is pared during
/etc/init.d/dnsmasq restart, does not get you control over options of the
final dnsmasq process?

Regards,
Maciej

On Tue, Jan 22, 2013 at 7:52 PM, Chris Lawrence <lordsutch@gmail.com> wrote:

> On Tue, Jan 22, 2013 at 1:40 AM, Dave Taht <dave.taht@gmail.com> wrote:
> > I think that's this in /etc/dnsmasq.conf
> >
> > dhcp-range=se00,1234::, ra-stateless, ra-names
> > dhcp-range=sw00,1234::, ra-stateless, ra-names
> > dhcp-range=sw10,1234::, ra-stateless, ra-names
> > dhcp-range=gw00,1234::, ra-stateless, ra-names
> > dhcp-range=gw10,1234::, ra-stateless, ra-names
> >
> > It's kind of unclear to me what 1234 could be replaced with.
> > "ce30" works for me...
>
> Using ::1 on each will autoassign the addresses based on the address
> of the interface, which seems like a sensible default no matter what
> network address you have.  Having said that I found that with
> ra-stateless enabled, at least one device on my network would send
> DHCPv6 requests that crashed dnsmasq.  So I have:
>
> dhcp-range=::1,constructor:se00,ra-names
> (etc.)
>
> I think with test11 that can be further simplified to:
>
> dhcp-range=::1,constructor:*,ra-names
>
> This uses SLAAC only, which seems sufficient for my network purposes.
> I tried adding an end to the range to see if that was the problem with
> DHCP, but that doesn't seem to help, at least in test10.
>
> The other thing I noticed in 3.7.2-4 is that both dnsmasq and
> dnsmasq-dhcpv6 are installed, but the dnsmasq binary is actually the
> non-v6 version unless you reinstall the dnsmasq-dhcpv6 package
> (according to upstream OpenWRT, only one or the other should be
> installed since they conflict).
>
>
> Chris
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>

[-- Attachment #2: Type: text/html, Size: 2965 bytes --]

Re: [Cerowrt-devel] dnsmasq ipv6 stuff

[Dave Taht]

[-- Attachment #1: Type: text/plain, Size: 3719 bytes --]

On Tue, Jan 22, 2013 at 1:52 PM, Chris Lawrence <lordsutch@gmail.com> wrote:

> On Tue, Jan 22, 2013 at 1:40 AM, Dave Taht <dave.taht@gmail.com> wrote:
> > I think that's this in /etc/dnsmasq.conf
> >
> > dhcp-range=se00,1234::, ra-stateless, ra-names
> > dhcp-range=sw00,1234::, ra-stateless, ra-names
> > dhcp-range=sw10,1234::, ra-stateless, ra-names
> > dhcp-range=gw00,1234::, ra-stateless, ra-names
> > dhcp-range=gw10,1234::, ra-stateless, ra-names
> >
> > It's kind of unclear to me what 1234 could be replaced with.
> > "ce30" works for me...
>
> Using ::1 on each will autoassign the addresses based on the address
> of the interface, which seems like a sensible default no matter what
> network address you have.  Having said that I found that with
> ra-stateless enabled, at least one device on my network would send
> DHCPv6 requests that crashed dnsmasq.  So I have:
>
> dhcp-range=::1,constructor:se00,ra-names
> (etc.)
>

My own objection to ::1 is that provides both an easy mneumonic for people
to manage their networks AND an easier vector for attacks from the outside
world.

J.random.badscript only has to ping ::1 on every subnet in your delegation
to try and hit all the routers.

That said, I think the humans are going to win on this one, even though the
dns integration with ipv6 and dnsmasq is tighter than it's ever been before.

One thing that does bother me though, from a simplification standpoint, is
I wouldn't mind using up some of that extra address space to gain larger
ephemeral port ranges for things like dns service and to make it easier to
analyze traffic. I remember back in the 90s when we used to have one ip
address per web host.... it was a PITA then  because of address scarcity.

I have been liking ipv6's integration with virtual machines. No more port
forwarding, yea! A raft of unupdated vm machines running boo.


> I think with test11 that can be further simplified to:
>
> dhcp-range=::1,constructor:*,ra-names
>
> This uses SLAAC only, which seems sufficient for my network purposes.
> I tried adding an end to the range to see if that was the problem with
> DHCP, but that doesn't seem to help, at least in test10.
>
>
I won't mind providing some examples of syntax, and I can imagine that a
guest network might use slaac and an internal network try to use dhcp.

The new constructor thing is neat. Though I've read the man page secton on
it 3 times, and still don't get it all.

And now there's a new authoritative dns support documented in the man
page...

It has long been my hope to be able to publish AAAA records in the public
dns, and this will let you do that. Still unclear as to how to just export
AAAAs and not As....

Another one of my hopes has been to get one name for a machine with two
interfaces somehow, someday.

Anyway, I'm liking it...


> The other thing I noticed in 3.7.2-4 is that both dnsmasq and
> dnsmasq-dhcpv6 are installed, but the dnsmasq binary is actually the
> non-v6 version unless you reinstall the dnsmasq-dhcpv6 package
> (according to upstream OpenWRT, only one or the other should be
> installed since they conflict).
>

I may have fixed this in 3.7.3-1, so if it isn't fixed now, let me know.

CONFIG_PACKAGE_dnsmasq=m
CONFIG_PACKAGE_dnsmasq-dhcpv6=y

I'm hoping to get a 3.7.4-1 out with the last of the unaligned hack fixes
out today.


> Chris
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>



-- 
Dave Täht

Fixing bufferbloat with cerowrt:
http://www.teklibre.com/cerowrt/subscribe.html

[-- Attachment #2: Type: text/html, Size: 4886 bytes --]

Re: [Cerowrt-devel] dnsmasq ipv6 stuff

[Chris Lawrence]

On Tue, Jan 22, 2013 at 6:12 PM, Dave Taht <dave.taht@gmail.com> wrote:
> My own objection to ::1 is that provides both an easy mneumonic for people
> to manage their networks AND an easier vector for attacks from the outside
> world.
>
> J.random.badscript only has to ping ::1 on every subnet in your delegation
> to try and hit all the routers.

True, although I think that's pretty much unavoidable given the design
of ipv6 though (isn't ::1 always the router for the subnet)?  You
could always honeypot or Turing pit the other 2^16-(n) subnets if
you're really paranoid about someone finding your router without a
valid IPv6 address to start guessing with.

The source code also seems to support using
dhcp-range=::,constructor=*,ra-names,ra-stateless (etc.).  I'm not
sure what dropping the "1" does, exactly, not having perfect ipv6-foo
skills yet.


Chris

Re: [Cerowrt-devel] dnsmasq ipv6 stuff

[Phil Pennock]

On 2013-01-22 at 19:14 -0500, Chris Lawrence wrote:
> True, although I think that's pretty much unavoidable given the design
> of ipv6 though (isn't ::1 always the router for the subnet)?

No, the router can have any IP within that subnet, but it will also join
various multicast groups.

Link-local multicast is ff02:: and the ::2 address is "all routers", so
given "se00" as a network device name:

 ping6 ff02::2%se00

should elicit a response from every device on the LAN connected to
CeroWRT's first LAN interface, where the device thinks that it's a
router.

Within the multicast assignments (ff0X::) ::1 is all nodes, so

 ping6 ff02::1%se00

gets a response from every machine which has IPv6 configured up,
assuming no packet filters.

This is defined for ff0X for X with 1, 2 and 5 (interface-local (ie,
this machine), link-local and site-local).  Fortunately, IPv6 doesn't
define this for the global scope, ff0e::, otherwise there would be a
teensy amplification factor for a response to a spoofed ICMP source
address sending a ping to ff0e::1.

For CeroWRT and debugging, the other interesting address in ff02:: (so
you need the %device scoping control on the address) is ff02::1:2 for
All_DHCP_Relay_Agents_and_Servers.

-Phil

Re: [Cerowrt-devel] dnsmasq ipv6 stuff

[Török Edwin]

On 01/22/2013 08:52 PM, Chris Lawrence wrote:
> On Tue, Jan 22, 2013 at 1:40 AM, Dave Taht <dave.taht@gmail.com> wrote:
>> I think that's this in /etc/dnsmasq.conf
>>
>> dhcp-range=se00,1234::, ra-stateless, ra-names
>> dhcp-range=sw00,1234::, ra-stateless, ra-names
>> dhcp-range=sw10,1234::, ra-stateless, ra-names
>> dhcp-range=gw00,1234::, ra-stateless, ra-names
>> dhcp-range=gw10,1234::, ra-stateless, ra-names
>>
>> It's kind of unclear to me what 1234 could be replaced with.
>> "ce30" works for me...
> 
> Using ::1 on each will autoassign the addresses based on the address
> of the interface, which seems like a sensible default no matter what
> network address you have.  Having said that I found that with
> ra-stateless enabled, at least one device on my network would send
> DHCPv6 requests that crashed dnsmasq.  So I have:
> 
> dhcp-range=::1,constructor:se00,ra-names
> (etc.)
> 
> I think with test11 that can be further simplified to:
> 
> dhcp-range=::1,constructor:*,ra-names

Only thing that worked for me is one of these two in /etc/dnsmasq.conf:
1. specify prefix explicitly:
dhcp-range=se00,2a02:2f02:1022:a4b7::,ra-names,48h
2. specifiy constructor:se00:
dhcp-range=::1,constructor:se00,ra-names,48h

Also I had to remove dnsmasq and install dnsmasq-dhcpv6 as mentioned in this thread already.

With the above enable-ra seems to be optional.

The other things didn't work, it never sends a RTR-ADVERT, although it sees RTR-SOLICIT:
dhcp-range=se00,::1,slaac,48h
dhcp-range=se00,ce30::,slaac,48h
dhcp-range=::1,constructor=*,slaac,48h
dhcp-range=::1,constructor:*,slaac,48h <-- this crashes immediately

Best regards,
--Edwin

Re: [Cerowrt-devel] dnsmasq ipv6 stuff

[Chris Lawrence]

Simon - I haven't seen this behavior with test12 so far, but if I do
see it again I will try to track down the issue (it's possible that
the problem was related to the misaligned access traps in the mips
kernel that Dave et al have been squashing in the latest CeroWRT
releases).


Chris

On Wed, Jan 30, 2013 at 4:40 PM, Simon Kelley <simon@thekelleys.org.uk> wrote:
> Apologies for starting a new thread, I finally got around to subscribing to
> the list, rather than looking in the archives, so I don't have mails to
> reply to.
>
> Chris Lawrence said:
>
>   Having said that I found that with
>   ra-stateless enabled, at least one device on my network would send
>   DHCPv6 requests that crashed dnsmasq.
>
> Any chance you could reproduce that, and get some tcpdump/wireshark packet
> captures of the offending traffic?
>
> Cheers,
>
> Simon.
>



-- 
Chris Lawrence <lordsutch@gmail.com>

Website: http://www.cnlawrence.com/

[Cerowrt-devel] dnsmasq ipv6 stuff

[Simon Kelley]

Apologies for starting a new thread, I finally got around to subscribing 
to the list, rather than looking in the archives, so I don't have mails 
to reply to.

Chris Lawrence said:

   Having said that I found that with
   ra-stateless enabled, at least one device on my network would send
   DHCPv6 requests that crashed dnsmasq.

Any chance you could reproduce that, and get some tcpdump/wireshark 
packet captures of the offending traffic?

Cheers,

Simon.

Re: [Cerowrt-devel] dnsmasq ipv6 stuff

[Richard Brown]

[Sorry - I realized an earlier request asked to see the auto-generated /var/etc/dnsmasq.conf file. It's appended ]

> I'm still confused about using CeroWrt 3.7.3-2 to give out v6 addresses to my laptop (it's not working). Here's what I see:
> 
> - I'm using the HE.net 6in4 tunnel to get a /48 for my home. The router itself has a good v6 address, and can ping global v6 addresses. 
> 
> - ifconfig in the router shows that each of the five interfaces (se00, sw00, sw10, gw00, gw10) have addresses assigned from my /48 (see the network file below).
> 
> - The only uncommented lines in the /etc/dnsmasq.conf file are a "enable-ra" and a set of dhc-range lines for each of the interfaces. (see below) The prefixes for each of the interfaces match the prefixes in the ifconfig command.
> 
> - I have not modified /etc/config/dhcp, as it didn't seem to make any difference what I put there.
> 
> Any thoughts? Thanks.
> 
> Rich
> 
> =====================================
> root@OpenWrt:/etc# cat /etc/config/network
> 
> config interface 'loopback'
> 	option ifname 'lo'
> 	option proto 'static'
> 	option ipaddr '127.0.0.1'
> 	option netmask '255.0.0.0'
> 
> config interface 'se00'
> 	option ifname 'se00'
> 	option proto 'static'
> 	option ipaddr '172.30.42.1'
> 	option netmask '255.255.255.224'
> 	option ip6assign '64'
> 
> config interface 'ge00'
> 	option ifname 'ge00'
> 	option proto 'dhcp'
> 
> config interface 'ge01'
> 	option ifname '@ge00'
> 	option proto 'dhcpv6'
> 	option broadcast '1'
> 	option metric '2048'
> 	option reqprefix '60'
> 
> config interface 'sw00'
> 	option type 'none'
> 	option proto 'static'
> 	option ipaddr '172.30.42.65'
> 	option netmask '255.255.255.224'
> 	option ip6assign '64'
> 
> config interface 'sw10'
> 	option type 'none'
> 	option proto 'static'
> 	option ipaddr '172.30.42.97'
> 	option netmask '255.255.255.224'
> 	option ip6assign '64'
> 
> config switch
> 	option name 'rtl8366s'
> 	option reset '1'
> 	option enable_vlan '0'
> 	option blinkrate '2'
> 	option max_length '3'
> 
> config switch_vlan
> 	option device 'rtl8366s'
> 	option vlan '1'
> 	option ports '0 1 2 3 5t'
> 
> config switch_port
> 	option device 'rtl8366s'
> 	option port '1'
> 	option led '6'
> 
> config switch_port
> 	option device 'rtl8366s'
> 	option port '2'
> 	option led '9'
> 
> config switch_port
> 	option device 'rtl8366s'
> 	option port '5'
> 	option led '2'
> 
> config interface 'gw00'
> 	option type 'none'
> 	option proto 'static'
> 	option ipaddr '172.30.42.129'
> 	option netmask '255.255.255.224'
> 	option ip6assign '64'
> 
> config interface 'gw10'
> 	option type 'none'
> 	option proto 'static'
> 	option ipaddr '172.30.42.161'
> 	option netmask '255.255.255.224'
> 	option ip6assign '64'
> 
> config interface 'gw01'
> 	option proto 'ahcp'
> 
> config interface 'gw11'
> 	option proto 'ahcp'
> 
> config interface 'henet'
> 	option proto '6in4'
> 	option mtu '1424'
> 	option ttl '64'
> 	option peeraddr '209.51.161.14'
> 	option ip6addr '2001:470:1f06:64::2/64'
> 	option ip6prefix '2001:470:8a63::/48'
> 	option tunneled 'xxxxxx'
> 	option username 'tbxxxxx'
> 	option password 'xxxxx
> 
> ==================
> root@OpenWrt:/etc# cat /etc/dnsmasq.conf 
> # Added 24Jan2013 -reb
> enable-ra
> dhcp-range=se00,2001:470:8a63:2::,ra-stateless,ra-names
> dhcp-range=sw00,2001:470:8a63:3::,ra-stateless,ra-names
> dhcp-range=sw10,2001:470:8a63:4::,ra-stateless,ra-names
> dhcp-range=gw00,2001:470:8a63:0::,ra-stateless,ra-names
> dhcp-range=gw10,2001:470:8a63:1::,ra-stateless,ra-names
> 
==================
root@OpenWrt:/tmp/etc# cat /var/etc/dnsmasq.conf 
# auto-generated config file from /etc/config/dhcp
conf-file=/etc/dnsmasq.conf
dhcp-authoritative
domain-needed
localise-queries
read-ethers
bogus-priv
expand-hosts
dhcp-script=/etc/dnsmasq_net6.sh
cache-size=5000
port=53
domain=home.lan
server=/home.lan/
except-interface=ge00
dhcp-leasefile=/tmp/dhcp.leases
resolv-file=/tmp/resolv.conf.auto
stop-dns-rebind
rebind-localhost-ok


address=/gw.home.lan/172.30.42.1
ptr-record=1.42.30.172.in-addr.arpa,gw.home.lan
address=/wpad.home.lan/172.30.42.1
ptr-record=1.42.30.172.in-addr.arpa,wpad.home.lan


dhcp-range=se00,172.30.42.2,172.30.42.27,255.255.255.224,24h
dhcp-option=se00,42,0.0.0.0
dhcp-option=se00,44,0.0.0.0
dhcp-option=se00,45,0.0.0.0
dhcp-option=se00,46,8
dhcp-range=sw00,172.30.42.66,172.30.42.91,255.255.255.224,24h
dhcp-option=sw00,42,0.0.0.0
dhcp-option=sw00,44,0.0.0.0
dhcp-option=sw00,45,0.0.0.0
dhcp-option=sw00,46,8
dhcp-range=sw10,172.30.42.98,172.30.42.123,255.255.255.224,24h
dhcp-option=sw10,42,0.0.0.0
dhcp-option=sw10,44,0.0.0.0
dhcp-option=sw10,45,0.0.0.0
dhcp-option=sw10,46,8
dhcp-range=gw00,172.30.42.130,172.30.42.155,255.255.255.224,24h
dhcp-option=gw00,42,0.0.0.0
dhcp-option=gw00,44,0.0.0.0
dhcp-option=gw00,45,0.0.0.0
dhcp-option=gw00,46,8
dhcp-range=gw10,172.30.42.162,172.30.42.187,255.255.255.224,24h
dhcp-option=gw10,42,0.0.0.0
dhcp-option=gw10,44,0.0.0.0
dhcp-option=gw10,45,0.0.0.0
dhcp-option=gw10,46,8
no-dhcp-interface=ge00
no-dhcp-interface=gw01
no-dhcp-interface=gw11

Re: [Cerowrt-devel] dnsmasq ipv6 stuff

[Richard Brown]

Folks,

I'm still confused about using CeroWrt 3.7.3-2 to give out v6 addresses to my laptop (it's not working). Here's what I see:

- I'm using the HE.net 6in4 tunnel to get a /48 for my home. The router itself has a good v6 address, and can ping global v6 addresses. 

- ifconfig in the router shows that each of the five interfaces (se00, sw00, sw10, gw00, gw10) have addresses assigned from my /48 (see the network file below).

- The only uncommented lines in the /etc/dnsmasq.conf file are a "enable-ra" and a set of dhc-range lines for each of the interfaces. (see below) The prefixes for each of the interfaces match the prefixes in the ifconfig command.

- I have not modified /etc/config/dhcp, as it didn't seem to make any difference what I put there.

Any thoughts? Thanks.

Rich

=====================================
root@OpenWrt:/etc# cat /etc/config/network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config interface 'se00'
	option ifname 'se00'
	option proto 'static'
	option ipaddr '172.30.42.1'
	option netmask '255.255.255.224'
	option ip6assign '64'

config interface 'ge00'
	option ifname 'ge00'
	option proto 'dhcp'

config interface 'ge01'
	option ifname '@ge00'
	option proto 'dhcpv6'
	option broadcast '1'
	option metric '2048'
	option reqprefix '60'

config interface 'sw00'
	option type 'none'
	option proto 'static'
	option ipaddr '172.30.42.65'
	option netmask '255.255.255.224'
	option ip6assign '64'

config interface 'sw10'
	option type 'none'
	option proto 'static'
	option ipaddr '172.30.42.97'
	option netmask '255.255.255.224'
	option ip6assign '64'

config switch
	option name 'rtl8366s'
	option reset '1'
	option enable_vlan '0'
	option blinkrate '2'
	option max_length '3'

config switch_vlan
	option device 'rtl8366s'
	option vlan '1'
	option ports '0 1 2 3 5t'

config switch_port
	option device 'rtl8366s'
	option port '1'
	option led '6'

config switch_port
	option device 'rtl8366s'
	option port '2'
	option led '9'

config switch_port
	option device 'rtl8366s'
	option port '5'
	option led '2'

config interface 'gw00'
	option type 'none'
	option proto 'static'
	option ipaddr '172.30.42.129'
	option netmask '255.255.255.224'
	option ip6assign '64'

config interface 'gw10'
	option type 'none'
	option proto 'static'
	option ipaddr '172.30.42.161'
	option netmask '255.255.255.224'
	option ip6assign '64'

config interface 'gw01'
	option proto 'ahcp'

config interface 'gw11'
	option proto 'ahcp'

config interface 'henet'
	option proto '6in4'
	option mtu '1424'
	option ttl '64'
	option peeraddr '209.51.161.14'
	option ip6addr '2001:470:1f06:64::2/64'
	option ip6prefix '2001:470:8a63::/48'
	option tunneled 'xxxxxx'
	option username 'tbxxxxx'
	option password 'xxxxx

==================
root@OpenWrt:/etc# cat /etc/dnsmasq.conf 
# Added 24Jan2013 -reb
enable-ra
dhcp-range=se00,2001:470:8a63:2::,ra-stateless,ra-names
dhcp-range=sw00,2001:470:8a63:3::,ra-stateless,ra-names
dhcp-range=sw10,2001:470:8a63:4::,ra-stateless,ra-names
dhcp-range=gw00,2001:470:8a63:0::,ra-stateless,ra-names
dhcp-range=gw10,2001:470:8a63:1::,ra-stateless,ra-names