| View previous topic :: View next topic |
| Author |
Message |
cord
Guru
Joined: 28 Apr 2007
Posts: 344
|
 Posted: Tue Jan 17, 2017 7:08 pm Post subject: How to config NetworkManager's dnsmasq to lease proper IP? |
 |
|
Hello, I have server with 3 network controllers. One is connected to Internet (INTERNET), second - to Local_wired_net (LAN) and the third is wifi-card (WIFI), which I use as Access Point. All three interfaces are controlled by NetworkManager. It started at boot and all connections are up.
But there's problem with 'internal' dnsmasq - no dhcp lease and DNS resolves to LAN and WIFI:
| Code: | | [dnsmasq] failed to bind DHCP server socket: Address already in use |
if I stop /etc/init.d/dnsmasq the error disappears, but no dhcp_lease/DNS_resolves anyway.
I have found that dnsmasq is started by 'nobody':
| Code: | localhost # ps axu | grep dnsmasq
nobody 9515 0.0 0.1 21376 2964 ? S 19:59 0:00 /usr/sbin/dnsmasq --conf-file --no-hosts --keep-in-foreground --bind-interfaces --except-interface=lo --clear-on-reload --strict-order --listen-address=192.168.1.1 --dhcp-range=192.168.1.10,192.168.1.254,60m --dhcp-option=option:router,192.168.1.1 --dhcp-lease-max=50 --pid-file=/run/nm-dnsmasq-wlp2s0.pid
root 17530 0.0 0.1 8364 2216 pts/1 S+ 21:01 0:00 grep --colour=auto dnsmasq
localhost #
|
So it leases 192.168.1.10-192.168.1.254, but where's this value from?
I need 192.168.1.2-192.168.1.3, so where can I set it? |
|
| Back to top |
|
 |
cboldt
Veteran
Joined: 24 Aug 2005
Posts: 1046
|
| Posted: Tue Jan 17, 2017 7:13 pm Post subject: |
|
|
/etc/conf.d/dnsmasq (unlikely place, but who knows)
/etc/dnsmasq.conf
| Code: | | dhcp-range=192.168.0.2,192.168.0.32,255.255.255.0,10h |
Adjust to suit the range of addresses you want dnsmasq to handle for you.
Edit to correct /etc/init.d/dnsmasq to /etc/conf.d/dnsmasq |
|
| Back to top |
|
|
cord
Guru
Joined: 28 Apr 2007
Posts: 344
|
| Posted: Wed Jan 18, 2017 1:41 pm Post subject: |
|
|
I have tried /etc/dnsmasq.conf, nothing change. And the process is another, it has pid-file: /var/run/nm-dnsmasq-wlp2s0.pid not dnsmasq.pid 
So, it takes settings not from /etc/dnsmasq.conf but from anything else. Where is it? |
|
| Back to top |
|
|
cboldt
Veteran
Joined: 24 Aug 2005
Posts: 1046
|
| Posted: Wed Jan 18, 2017 1:54 pm Post subject: |
|
|
Something is sending dnsmasq that long command line, and the command line has priority over the contents of dnsmasq.conf.
Search for the service or application that is sending that dnsmasq command line.
| Code: | grep -r keep-in-foreground /etc/*
grep -r keep-in-foreground /usr/bin/*
grep -r keep-in-foreground /usr/sbin/* |
I picked "keep-in-foreground" out of the long dnsmasq command line because I think that won't be used by anything else, but other strings from that dnsmasq command line might be better. |
|
| Back to top |
|
|
cboldt
Veteran
Joined: 24 Aug 2005
Posts: 1046
|
| Posted: Wed Jan 18, 2017 2:03 pm Post subject: |
|
|
For what it's worth, I don't run networkmanager, but I believe the solution is in that application/service and its configuration file(s). Just saying, I probably can't be of any more help.
I use openrc to start the network, and one machine on the local network starts and runs dnsmasq for the LAN. |
|
| Back to top |
|
|
cord
Guru
Joined: 28 Apr 2007
Posts: 344
|
| Posted: Wed Jan 18, 2017 2:05 pm Post subject: |
|
|
| Well, I find this ...stupid code. |
|
| Back to top |
|
|
cboldt
Veteran
Joined: 24 Aug 2005
Posts: 1046
|
| Posted: Wed Jan 18, 2017 2:12 pm Post subject: |
|
|
From that Ubuntu thread, I gather that networkmanager (nm) builds the dnsmasq command line on the fly, with the logic for that building located in the source code for nm.
I have zero experience with networkmanager. |
|
| Back to top |
|
|
cord
Guru
Joined: 28 Apr 2007
Posts: 344
|
| Posted: Wed Jan 18, 2017 2:19 pm Post subject: |
|
|
| cboldt wrote: | | From that Ubuntu thread, I gather that networkmanager (nm) builds the dnsmasq command line on the fly, with the logic for that building located in the source code for nm. |
Seems to be it.
Maybe I will write bug report. |
|
| Back to top |
|
|
cboldt
Veteran
Joined: 24 Aug 2005
Posts: 1046
|
| Posted: Wed Jan 18, 2017 2:41 pm Post subject: |
|
|
Meanwhile, learn the tools that nm offers for configuration, and if those don't suit you, find another way to skin the cat.
dnsmasq is awesome, IMO. I use it to block sites that are ad-servers for all on the LAN, assign fixed IP to a few devices, people come and go with their phones, laptops and tablets and dnsmasq handles it all. If nm takes over all the dnsmasq config, I am certain I would not use nm on the machine that is doing DNS lookup and assigning LAN IP addresses. |
|
| Back to top |
|
|
cboldt
Veteran
Joined: 24 Aug 2005
Posts: 1046
|
| Posted: Wed Jan 18, 2017 2:45 pm Post subject: |
|
|
Just thinking, there is probably a way to tell nm to NOT act as DHCP server, at which point nm won't call dnsmasq. Then you can run nm to start the netwrk, and separately start dnsmasq (using it's config files) for your LAN.
Out of probably 15 devices consistently on the LAN here, only ONE is DHCP server. I am pretty sure nm has an easy switch to turn off DHCP server, because that is the way nearly all computers, phones, tablets run. They look for a DHCP server, but they aren't one. |
|
| Back to top |
|
|
cord
Guru
Joined: 28 Apr 2007
Posts: 344
|
| Posted: Wed Jan 18, 2017 4:10 pm Post subject: |
|
|
| cboldt wrote: | Just thinking, there is probably a way to tell nm to NOT act as DHCP server, at which point nm won't call dnsmasq. Then you can run nm to start the netwrk, and separately start dnsmasq (using it's config files) for your LAN.
Out of probably 15 devices consistently on the LAN here, only ONE is DHCP server. I am pretty sure nm has an easy switch to turn off DHCP server, because that is the way nearly all computers, phones, tablets run. They look for a DHCP server, but they aren't one. |
Exactly!
And it has that switch - the USE flag:
| Code: | | connection-sharing : Use net-dns/dnsmasq and net-firewall/iptables for connection sharing |
but it's BROKEN!
There's nothing changed enable I that flag or not. The nm always starts nm-dnsmasq if I set to up keyfile for 'WIFI' connection ...and iptables also. Look:
| Code: | Jan 18 17:55:46 [NetworkManager] <info> [1484754946.9594] device (wlp2s0): supplicant interface state: disconnected -> completed
Jan 18 17:55:46 [NetworkManager] <info> [1484754946.9595] device (wlp2s0): Activation: (wifi) Stage 2 of 5 (Device Configure) successful. Started Wi-Fi Hotspot 'mywifi'.
Jan 18 17:55:46 [NetworkManager] <info> [1484754946.9610] device (wlp2s0): state change: config -> ip-config (reason 'none') [50 70 0]
Jan 18 17:55:46 [NetworkManager] <error> [1484754946.9742] modprobe: '/sbin/modprobe ip_tables' exited with error 256 (modprobe: FATAL: Module ip_tables not found in directory /lib/modules/4.7.10-hardened-gnu)
Jan 18 17:55:46 [NetworkManager] <error> [1484754946.9778] modprobe: '/sbin/modprobe iptable_nat' exited with error 256 (modprobe: FATAL: Module iptable_nat not found in directory /lib/modules/4.7.10-hardened-gnu)
Jan 18 17:55:46 [NetworkManager] <error> [1484754946.9837] modprobe: '/sbin/modprobe nf_nat_ftp' exited with error 256 (modprobe: FATAL: Module nf_nat_ftp not found in directory /lib/modules/4.7.10-hardened-gnu)
Jan 18 17:55:46 [NetworkManager] <error> [1484754946.9877] modprobe: '/sbin/modprobe nf_nat_irc' exited with error 256 (modprobe: FATAL: Module nf_nat_irc not found in directory /lib/modules/4.7.10-hardened-gnu)
Jan 18 17:55:46 [NetworkManager] <error> [1484754946.9924] modprobe: '/sbin/modprobe nf_nat_sip' exited with error 256 (modprobe: FATAL: Module nf_nat_sip not found in directory /lib/modules/4.7.10-hardened-gnu)
Jan 18 17:55:46 [NetworkManager] <error> [1484754946.9960] modprobe: '/sbin/modprobe nf_nat_tftp' exited with error 256 (modprobe: FATAL: Module nf_nat_tftp not found in directory /lib/modules/4.7.10-hardened-gnu)
Jan 18 17:55:46 [NetworkManager] <error> [1484754946.9995] modprobe: '/sbin/modprobe nf_nat_pptp' exited with error 256 (modprobe: FATAL: Module nf_nat_pptp not found in directory /lib/modules/4.7.10-hardened-gnu)
Jan 18 17:55:47 [NetworkManager] <error> [1484754947.0034] modprobe: '/sbin/modprobe nf_nat_h323' exited with error 256 (modprobe: FATAL: Module nf_nat_h323 not found in directory /lib/modules/4.7.10-hardened-gnu)
Jan 18 17:55:47 [NetworkManager] <info> [1484754947.0035] Executing: /sbin/iptables --table filter --insert INPUT --in-interface wlp2s0 --protocol tcp --destination-port 53 --jump ACCEPT
Jan 18 17:55:47 [NetworkManager] <warn> [1484754947.0074] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info> [1484754947.0076] Executing: /sbin/iptables --table filter --insert INPUT --in-interface wlp2s0 --protocol udp --destination-port 53 --jump ACCEPT
Jan 18 17:55:47 [NetworkManager] <warn> [1484754947.0116] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info> [1484754947.0117] Executing: /sbin/iptables --table filter --insert INPUT --in-interface wlp2s0 --protocol tcp --destination-port 67 --jump ACCEPT
Jan 18 17:55:47 [NetworkManager] <warn> [1484754947.0164] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info> [1484754947.0166] Executing: /sbin/iptables --table filter --insert INPUT --in-interface wlp2s0 --protocol udp --destination-port 67 --jump ACCEPT
Jan 18 17:55:47 [NetworkManager] <warn> [1484754947.0213] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info> [1484754947.0215] Executing: /sbin/iptables --table filter --insert FORWARD --in-interface wlp2s0 --jump REJECT
Jan 18 17:55:47 [NetworkManager] <warn> [1484754947.0255] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info> [1484754947.0257] Executing: /sbin/iptables --table filter --insert FORWARD --out-interface wlp2s0 --jump REJECT
Jan 18 17:55:47 [NetworkManager] <warn> [1484754947.0298] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info> [1484754947.0300] Executing: /sbin/iptables --table filter --insert FORWARD --in-interface wlp2s0 --out-interface wlp2s0 --jump ACCEPT
Jan 18 17:55:47 [NetworkManager] <warn> [1484754947.0340] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info> [1484754947.0345] Executing: /sbin/iptables --table filter --insert FORWARD --source 192.168.1.0/255.255.255.0 --in-interface wlp2s0 --jump ACCEPT
Jan 18 17:55:47 [NetworkManager] <warn> [1484754947.0390] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info> [1484754947.0393] Executing: /sbin/iptables --table filter --insert FORWARD --destination 192.168.1.0/255.255.255.0 --out-interface wlp2s0 --match state --state ESTABLISHED,RELATED --jump ACCEPT
Jan 18 17:55:47 [NetworkManager] <warn> [1484754947.0442] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info> [1484754947.0457] Executing: /sbin/iptables --table nat --insert POSTROUTING --source 192.168.1.0/255.255.255.0 ! --destination 192.168.1.0/255.255.255.0 --jump MASQUERADE
Jan 18 17:55:47 [NetworkManager] <warn> [1484754947.0507] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <error> [1484754947.0513] device (wlp2s0): share: (wlp2s0) failed to start dnsmasq: Could not find "dnsmasq" binary
Jan 18 17:55:47 [NetworkManager] <info> [1484754947.0515] Executing: /sbin/iptables --table nat --delete POSTROUTING --source 192.168.1.0/255.255.255.0 ! --destination 192.168.1.0/255.255.255.0 --jump MASQUERADE
Jan 18 17:55:47 [NetworkManager] <warn> [1484754947.0564] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info> [1484754947.0568] Executing: /sbin/iptables --table filter --delete FORWARD --destination 192.168.1.0/255.255.255.0 --out-interface wlp2s0 --match state --state ESTABLISHED,RELATED --jump ACCEPT
Jan 18 17:55:47 [NetworkManager] <warn> [1484754947.0624] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info> [1484754947.0627] Executing: /sbin/iptables --table filter --delete FORWARD --source 192.168.1.0/255.255.255.0 --in-interface wlp2s0 --jump ACCEPT
Jan 18 17:55:47 [NetworkManager] <warn> [1484754947.0677] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info> [1484754947.0681] Executing: /sbin/iptables --table filter --delete FORWARD --in-interface wlp2s0 --out-interface wlp2s0 --jump ACCEPT
Jan 18 17:55:47 [NetworkManager] <warn> [1484754947.0733] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info> [1484754947.0736] Executing: /sbin/iptables --table filter --delete FORWARD --out-interface wlp2s0 --jump REJECT
Jan 18 17:55:47 [NetworkManager] <warn> [1484754947.0802] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info> [1484754947.0804] Executing: /sbin/iptables --table filter --delete FORWARD --in-interface wlp2s0 --jump REJECT
Jan 18 17:55:47 [NetworkManager] <warn> [1484754947.0893] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info> [1484754947.0896] Executing: /sbin/iptables --table filter --delete INPUT --in-interface wlp2s0 --protocol udp --destination-port 67 --jump ACCEPT
Jan 18 17:55:47 [NetworkManager] <warn> [1484754947.0949] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info> [1484754947.0956] Executing: /sbin/iptables --table filter --delete INPUT --in-interface wlp2s0 --protocol tcp --destination-port 67 --jump ACCEPT
Jan 18 17:55:47 [NetworkManager] <warn> [1484754947.1075] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info> [1484754947.1077] Executing: /sbin/iptables --table filter --delete INPUT --in-interface wlp2s0 --protocol udp --destination-port 53 --jump ACCEPT
Jan 18 17:55:47 [NetworkManager] <warn> [1484754947.1148] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info> [1484754947.1151] Executing: /sbin/iptables --table filter --delete INPUT --in-interface wlp2s0 --protocol tcp --destination-port 53 --jump ACCEPT
Jan 18 17:55:47 [NetworkManager] <warn> [1484754947.1209] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <warn> [1484754947.1210] device (wlp2s0): Activation: Stage 5 of 5 (IPv4 Commit) start sharing failed.
Jan 18 17:55:47 [NetworkManager] <info> [1484754947.1211] device (wlp2s0): state change: ip-config -> failed (reason 'sharing-start-failed') [70 120 18]
Jan 18 17:55:47 [NetworkManager] <info> [1484754947.1222] policy: disabling autoconnect for connection 'WIFI'.
Jan 18 17:55:47 [NetworkManager] <warn> [1484754947.1240] device (wlp2s0): Activation: failed for connection 'WIFI'
|
So, it doesn't start WIFI without USE="connection-sharing". And why it hardcoded to use iptables? I don't use one, but nftables instead.
However, nm can start wifi in client mode, but if to set mode as "Access Point" - it requires iptables and dnsmasq. |
|
| Back to top |
|
|
cboldt
Veteran
Joined: 24 Aug 2005
Posts: 1046
|
| Posted: Wed Jan 18, 2017 4:14 pm Post subject: |
|
|
So start nm in client mode, and do the access point things (dnsmasq, firewwall) independently.
I don't see that as a USE flag setting, unless the ebuild offers up varying NetworkManager.conf files, depending on the USE flag settings. |
|
| Back to top |
|
|
cord
Guru
Joined: 28 Apr 2007
Posts: 344
|
| Posted: Wed Jan 18, 2017 4:37 pm Post subject: |
|
|
| cboldt wrote: | | So start nm in client mode, and do the access point things (dnsmasq, firewwall) independently. |
Be the client, but act as AP?  |
|
| Back to top |
|
|
cboldt
Veteran
Joined: 24 Aug 2005
Posts: 1046
|
|
| Back to top |
|
|
cord
Guru
Joined: 28 Apr 2007
Posts: 344
|
| Posted: Wed Jan 18, 2017 4:56 pm Post subject: |
|
|
I don't understand. It requires ssid to connect to (if we are client).
| Code: |
# nmcli connection add con-name WIFI ifname wlp2s0 type wifi ip4 192.168.1.1/24
Error: 'ssid' argument is required.
# nmcli connection add con-name WIFI ifname wlp2s0 type wifi ip4 192.168.1.1/24 ssid mywifi
Connection 'WIFI' (3a309748-92dd-4ae8-b0d2-0d74de51c699) successfully added.
# nmcli connection up WIFI
Error: Connection activation failed (reason 'ssid-not-found').
#
|
|
|
| Back to top |
|
|
cboldt
Veteran
Joined: 24 Aug 2005
Posts: 1046
|
| Posted: Wed Jan 18, 2017 5:28 pm Post subject: |
|
|
Hopefully somebody else can help you with nm - I've never used it. I also have never set up a wireless access point. I use them (a couple routers here, one playing router hooked to cable modem, one playing access point), but have not set up a Gentoo box to play access point.
What you are trying to do doesn't depend on using nm to get the job done. I don;t know if it (nm) eventually makes your task easier, or more difficult. |
|
| Back to top |
|
|
cord
Guru
Joined: 28 Apr 2007
Posts: 344
|
| Posted: Wed Jan 18, 2017 6:21 pm Post subject: |
|
|
| Temporally I roll back to hostapd and set the nm to NOT manage wlp2s0 interface. |
|
| Back to top |
|
|
cboldt
Veteran
Joined: 24 Aug 2005
Posts: 1046
|
| Posted: Wed Jan 18, 2017 6:25 pm Post subject: |
|
|
Found this, not sure it is still effective ...
| Quote: | | It is possible to pass custom options to the dnsmasq instance by adding them to files in the "${prefix}/etc/NetworkManager/dnsmasq.d/" directory. |
|
|
| Back to top |
|
|
cord
Guru
Joined: 28 Apr 2007
Posts: 344
|
| Posted: Wed Jan 18, 2017 6:42 pm Post subject: |
|
|
I didn't see any examples to use /etc/NetworkManager/dnsmasq.d/ for DHCP settings (IP-range lease), only for DNS (resolv.conf / hosts).
Well, I will try to check it again tomorrow. Thanks. |
|
| Back to top |
|
|
cboldt
Veteran
Joined: 24 Aug 2005
Posts: 1046
|
| Posted: Wed Jan 18, 2017 7:35 pm Post subject: |
|
|
See the dnsmasq man page for dnsmasq settings. I think nm will use configs it finds in ITS place (/etc/NetworkManager/dnsmasq.d/dnsmasq.conf) as it sets up dnsmasq.
I gave the dnsmasq switch for dhcp range and duration earlier ...
| Code: | | dhcp-range=192.168.0.2,192.168.0.32,255.255.255.0,10h |
Change to suit your network, see if it takes. |
|
| Back to top |
|
|
cord
Guru
Joined: 28 Apr 2007
Posts: 344
|
| Posted: Thu Jan 19, 2017 2:07 pm Post subject: |
|
|
Yeah, Gentoo is the Mystery!
Today I set back to nm and... it's working in AP mode without forced start of "sharing staff" (nm-dnsmasq / iptables). So, I start system-wide dnsmasq (nftables are already configured) and it's all ok now. Looks like some 'cache' is somewhere.
However, there's strange line in the log:
| Code: | | Jan 19 16:02:47 [nm-dispatcher] req:1 'down' [wlp2s0], "/etc/NetworkManager/dispatcher.d/10-openrc-status": complete: failed with Script '/etc/NetworkManager/dispatcher.d/10-openrc-status' exited with error status 1. |
|
|
| Back to top |
|
|
cord
Guru
Joined: 28 Apr 2007
Posts: 344
|
|
| Back to top |
|
|
|
Networking & Security
