Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
How to config NetworkManager's dnsmasq to lease proper IP?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
cord
Guru
Guru


Joined: 28 Apr 2007
Posts: 303

PostPosted: Tue Jan 17, 2017 7:08 pm    Post subject: How to config NetworkManager's dnsmasq to lease proper IP? Reply with quote

Hello, I have server with 3 network controllers. One is connected to Internet (INTERNET), second - to Local_wired_net (LAN) and the third is wifi-card (WIFI), which I use as Access Point. All three interfaces are controlled by NetworkManager. It started at boot and all connections are up.
But there's problem with 'internal' dnsmasq - no dhcp lease and DNS resolves to LAN and WIFI:
Code:
[dnsmasq] failed to bind DHCP server socket: Address already in use

if I stop /etc/init.d/dnsmasq the error disappears, but no dhcp_lease/DNS_resolves anyway.
I have found that dnsmasq is started by 'nobody':
Code:
localhost # ps axu | grep dnsmasq
nobody    9515  0.0  0.1  21376  2964 ?        S    19:59   0:00 /usr/sbin/dnsmasq --conf-file --no-hosts --keep-in-foreground --bind-interfaces --except-interface=lo --clear-on-reload --strict-order --listen-address=192.168.1.1 --dhcp-range=192.168.1.10,192.168.1.254,60m --dhcp-option=option:router,192.168.1.1 --dhcp-lease-max=50 --pid-file=/run/nm-dnsmasq-wlp2s0.pid
root     17530  0.0  0.1   8364  2216 pts/1    S+   21:01   0:00 grep --colour=auto dnsmasq
localhost #

So it leases 192.168.1.10-192.168.1.254, but where's this value from?
I need 192.168.1.2-192.168.1.3, so where can I set it?
Back to top
View user's profile Send private message
cboldt
l33t
l33t


Joined: 24 Aug 2005
Posts: 829

PostPosted: Tue Jan 17, 2017 7:13 pm    Post subject: Reply with quote

/etc/conf.d/dnsmasq (unlikely place, but who knows)

/etc/dnsmasq.conf

Code:
dhcp-range=192.168.0.2,192.168.0.32,255.255.255.0,10h


Adjust to suit the range of addresses you want dnsmasq to handle for you.

Edit to correct /etc/init.d/dnsmasq to /etc/conf.d/dnsmasq
Back to top
View user's profile Send private message
cord
Guru
Guru


Joined: 28 Apr 2007
Posts: 303

PostPosted: Wed Jan 18, 2017 1:41 pm    Post subject: Reply with quote

I have tried /etc/dnsmasq.conf, nothing change. And the process is another, it has pid-file: /var/run/nm-dnsmasq-wlp2s0.pid not dnsmasq.pid :!:
So, it takes settings not from /etc/dnsmasq.conf but from anything else. Where is it?
Back to top
View user's profile Send private message
cboldt
l33t
l33t


Joined: 24 Aug 2005
Posts: 829

PostPosted: Wed Jan 18, 2017 1:54 pm    Post subject: Reply with quote

Something is sending dnsmasq that long command line, and the command line has priority over the contents of dnsmasq.conf.

Search for the service or application that is sending that dnsmasq command line.

Code:
grep -r keep-in-foreground /etc/*
grep -r keep-in-foreground /usr/bin/*
grep -r keep-in-foreground /usr/sbin/*


I picked "keep-in-foreground" out of the long dnsmasq command line because I think that won't be used by anything else, but other strings from that dnsmasq command line might be better.
Back to top
View user's profile Send private message
cboldt
l33t
l33t


Joined: 24 Aug 2005
Posts: 829

PostPosted: Wed Jan 18, 2017 2:03 pm    Post subject: Reply with quote

For what it's worth, I don't run networkmanager, but I believe the solution is in that application/service and its configuration file(s). Just saying, I probably can't be of any more help.

I use openrc to start the network, and one machine on the local network starts and runs dnsmasq for the LAN.
Back to top
View user's profile Send private message
cord
Guru
Guru


Joined: 28 Apr 2007
Posts: 303

PostPosted: Wed Jan 18, 2017 2:05 pm    Post subject: Reply with quote

Well, I find this ...stupid code.
Back to top
View user's profile Send private message
cboldt
l33t
l33t


Joined: 24 Aug 2005
Posts: 829

PostPosted: Wed Jan 18, 2017 2:12 pm    Post subject: Reply with quote

From that Ubuntu thread, I gather that networkmanager (nm) builds the dnsmasq command line on the fly, with the logic for that building located in the source code for nm.

I have zero experience with networkmanager.
Back to top
View user's profile Send private message
cord
Guru
Guru


Joined: 28 Apr 2007
Posts: 303

PostPosted: Wed Jan 18, 2017 2:19 pm    Post subject: Reply with quote

cboldt wrote:
From that Ubuntu thread, I gather that networkmanager (nm) builds the dnsmasq command line on the fly, with the logic for that building located in the source code for nm.

Seems to be it.
Maybe I will write bug report.
Back to top
View user's profile Send private message
cboldt
l33t
l33t


Joined: 24 Aug 2005
Posts: 829

PostPosted: Wed Jan 18, 2017 2:41 pm    Post subject: Reply with quote

Meanwhile, learn the tools that nm offers for configuration, and if those don't suit you, find another way to skin the cat.

dnsmasq is awesome, IMO. I use it to block sites that are ad-servers for all on the LAN, assign fixed IP to a few devices, people come and go with their phones, laptops and tablets and dnsmasq handles it all. If nm takes over all the dnsmasq config, I am certain I would not use nm on the machine that is doing DNS lookup and assigning LAN IP addresses.
Back to top
View user's profile Send private message
cboldt
l33t
l33t


Joined: 24 Aug 2005
Posts: 829

PostPosted: Wed Jan 18, 2017 2:45 pm    Post subject: Reply with quote

Just thinking, there is probably a way to tell nm to NOT act as DHCP server, at which point nm won't call dnsmasq. Then you can run nm to start the netwrk, and separately start dnsmasq (using it's config files) for your LAN.

Out of probably 15 devices consistently on the LAN here, only ONE is DHCP server. I am pretty sure nm has an easy switch to turn off DHCP server, because that is the way nearly all computers, phones, tablets run. They look for a DHCP server, but they aren't one.
Back to top
View user's profile Send private message
cord
Guru
Guru


Joined: 28 Apr 2007
Posts: 303

PostPosted: Wed Jan 18, 2017 4:10 pm    Post subject: Reply with quote

cboldt wrote:
Just thinking, there is probably a way to tell nm to NOT act as DHCP server, at which point nm won't call dnsmasq. Then you can run nm to start the netwrk, and separately start dnsmasq (using it's config files) for your LAN.

Out of probably 15 devices consistently on the LAN here, only ONE is DHCP server. I am pretty sure nm has an easy switch to turn off DHCP server, because that is the way nearly all computers, phones, tablets run. They look for a DHCP server, but they aren't one.

Exactly!
And it has that switch - the USE flag:
Code:
connection-sharing  : Use net-dns/dnsmasq and net-firewall/iptables for connection sharing

but it's BROKEN!
There's nothing changed enable I that flag or not. The nm always starts nm-dnsmasq if I set to up keyfile for 'WIFI' connection ...and iptables also. Look:
Code:
Jan 18 17:55:46 [NetworkManager] <info>  [1484754946.9594] device (wlp2s0): supplicant interface state: disconnected -> completed
Jan 18 17:55:46 [NetworkManager] <info>  [1484754946.9595] device (wlp2s0): Activation: (wifi) Stage 2 of 5 (Device Configure) successful.  Started Wi-Fi Hotspot 'mywifi'.
Jan 18 17:55:46 [NetworkManager] <info>  [1484754946.9610] device (wlp2s0): state change: config -> ip-config (reason 'none') [50 70 0]
Jan 18 17:55:46 [NetworkManager] <error> [1484754946.9742] modprobe: '/sbin/modprobe ip_tables' exited with error 256 (modprobe: FATAL: Module ip_tables not found in directory /lib/modules/4.7.10-hardened-gnu)
Jan 18 17:55:46 [NetworkManager] <error> [1484754946.9778] modprobe: '/sbin/modprobe iptable_nat' exited with error 256 (modprobe: FATAL: Module iptable_nat not found in directory /lib/modules/4.7.10-hardened-gnu)
Jan 18 17:55:46 [NetworkManager] <error> [1484754946.9837] modprobe: '/sbin/modprobe nf_nat_ftp' exited with error 256 (modprobe: FATAL: Module nf_nat_ftp not found in directory /lib/modules/4.7.10-hardened-gnu)
Jan 18 17:55:46 [NetworkManager] <error> [1484754946.9877] modprobe: '/sbin/modprobe nf_nat_irc' exited with error 256 (modprobe: FATAL: Module nf_nat_irc not found in directory /lib/modules/4.7.10-hardened-gnu)
Jan 18 17:55:46 [NetworkManager] <error> [1484754946.9924] modprobe: '/sbin/modprobe nf_nat_sip' exited with error 256 (modprobe: FATAL: Module nf_nat_sip not found in directory /lib/modules/4.7.10-hardened-gnu)
Jan 18 17:55:46 [NetworkManager] <error> [1484754946.9960] modprobe: '/sbin/modprobe nf_nat_tftp' exited with error 256 (modprobe: FATAL: Module nf_nat_tftp not found in directory /lib/modules/4.7.10-hardened-gnu)
Jan 18 17:55:46 [NetworkManager] <error> [1484754946.9995] modprobe: '/sbin/modprobe nf_nat_pptp' exited with error 256 (modprobe: FATAL: Module nf_nat_pptp not found in directory /lib/modules/4.7.10-hardened-gnu)
Jan 18 17:55:47 [NetworkManager] <error> [1484754947.0034] modprobe: '/sbin/modprobe nf_nat_h323' exited with error 256 (modprobe: FATAL: Module nf_nat_h323 not found in directory /lib/modules/4.7.10-hardened-gnu)
Jan 18 17:55:47 [NetworkManager] <info>  [1484754947.0035] Executing: /sbin/iptables --table filter --insert INPUT --in-interface wlp2s0 --protocol tcp --destination-port 53 --jump ACCEPT
Jan 18 17:55:47 [NetworkManager] <warn>  [1484754947.0074] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info>  [1484754947.0076] Executing: /sbin/iptables --table filter --insert INPUT --in-interface wlp2s0 --protocol udp --destination-port 53 --jump ACCEPT
Jan 18 17:55:47 [NetworkManager] <warn>  [1484754947.0116] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info>  [1484754947.0117] Executing: /sbin/iptables --table filter --insert INPUT --in-interface wlp2s0 --protocol tcp --destination-port 67 --jump ACCEPT
Jan 18 17:55:47 [NetworkManager] <warn>  [1484754947.0164] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info>  [1484754947.0166] Executing: /sbin/iptables --table filter --insert INPUT --in-interface wlp2s0 --protocol udp --destination-port 67 --jump ACCEPT
Jan 18 17:55:47 [NetworkManager] <warn>  [1484754947.0213] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info>  [1484754947.0215] Executing: /sbin/iptables --table filter --insert FORWARD --in-interface wlp2s0 --jump REJECT
Jan 18 17:55:47 [NetworkManager] <warn>  [1484754947.0255] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info>  [1484754947.0257] Executing: /sbin/iptables --table filter --insert FORWARD --out-interface wlp2s0 --jump REJECT
Jan 18 17:55:47 [NetworkManager] <warn>  [1484754947.0298] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info>  [1484754947.0300] Executing: /sbin/iptables --table filter --insert FORWARD --in-interface wlp2s0 --out-interface wlp2s0 --jump ACCEPT
Jan 18 17:55:47 [NetworkManager] <warn>  [1484754947.0340] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info>  [1484754947.0345] Executing: /sbin/iptables --table filter --insert FORWARD --source 192.168.1.0/255.255.255.0 --in-interface wlp2s0 --jump ACCEPT
Jan 18 17:55:47 [NetworkManager] <warn>  [1484754947.0390] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info>  [1484754947.0393] Executing: /sbin/iptables --table filter --insert FORWARD --destination 192.168.1.0/255.255.255.0 --out-interface wlp2s0 --match state --state ESTABLISHED,RELATED --jump ACCEPT
Jan 18 17:55:47 [NetworkManager] <warn>  [1484754947.0442] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info>  [1484754947.0457] Executing: /sbin/iptables --table nat --insert POSTROUTING --source 192.168.1.0/255.255.255.0 ! --destination 192.168.1.0/255.255.255.0 --jump MASQUERADE
Jan 18 17:55:47 [NetworkManager] <warn>  [1484754947.0507] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <error> [1484754947.0513] device (wlp2s0): share: (wlp2s0) failed to start dnsmasq: Could not find "dnsmasq" binary
Jan 18 17:55:47 [NetworkManager] <info>  [1484754947.0515] Executing: /sbin/iptables --table nat --delete POSTROUTING --source 192.168.1.0/255.255.255.0 ! --destination 192.168.1.0/255.255.255.0 --jump MASQUERADE
Jan 18 17:55:47 [NetworkManager] <warn>  [1484754947.0564] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info>  [1484754947.0568] Executing: /sbin/iptables --table filter --delete FORWARD --destination 192.168.1.0/255.255.255.0 --out-interface wlp2s0 --match state --state ESTABLISHED,RELATED --jump ACCEPT
Jan 18 17:55:47 [NetworkManager] <warn>  [1484754947.0624] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info>  [1484754947.0627] Executing: /sbin/iptables --table filter --delete FORWARD --source 192.168.1.0/255.255.255.0 --in-interface wlp2s0 --jump ACCEPT
Jan 18 17:55:47 [NetworkManager] <warn>  [1484754947.0677] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info>  [1484754947.0681] Executing: /sbin/iptables --table filter --delete FORWARD --in-interface wlp2s0 --out-interface wlp2s0 --jump ACCEPT
Jan 18 17:55:47 [NetworkManager] <warn>  [1484754947.0733] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info>  [1484754947.0736] Executing: /sbin/iptables --table filter --delete FORWARD --out-interface wlp2s0 --jump REJECT
Jan 18 17:55:47 [NetworkManager] <warn>  [1484754947.0802] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info>  [1484754947.0804] Executing: /sbin/iptables --table filter --delete FORWARD --in-interface wlp2s0 --jump REJECT
Jan 18 17:55:47 [NetworkManager] <warn>  [1484754947.0893] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info>  [1484754947.0896] Executing: /sbin/iptables --table filter --delete INPUT --in-interface wlp2s0 --protocol udp --destination-port 67 --jump ACCEPT
Jan 18 17:55:47 [NetworkManager] <warn>  [1484754947.0949] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info>  [1484754947.0956] Executing: /sbin/iptables --table filter --delete INPUT --in-interface wlp2s0 --protocol tcp --destination-port 67 --jump ACCEPT
Jan 18 17:55:47 [NetworkManager] <warn>  [1484754947.1075] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info>  [1484754947.1077] Executing: /sbin/iptables --table filter --delete INPUT --in-interface wlp2s0 --protocol udp --destination-port 53 --jump ACCEPT
Jan 18 17:55:47 [NetworkManager] <warn>  [1484754947.1148] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <info>  [1484754947.1151] Executing: /sbin/iptables --table filter --delete INPUT --in-interface wlp2s0 --protocol tcp --destination-port 53 --jump ACCEPT
Jan 18 17:55:47 [NetworkManager] <warn>  [1484754947.1209] ** Command returned exit status 3.
Jan 18 17:55:47 [NetworkManager] <warn>  [1484754947.1210] device (wlp2s0): Activation: Stage 5 of 5 (IPv4 Commit) start sharing failed.
Jan 18 17:55:47 [NetworkManager] <info>  [1484754947.1211] device (wlp2s0): state change: ip-config -> failed (reason 'sharing-start-failed') [70 120 18]
Jan 18 17:55:47 [NetworkManager] <info>  [1484754947.1222] policy: disabling autoconnect for connection 'WIFI'.
Jan 18 17:55:47 [NetworkManager] <warn>  [1484754947.1240] device (wlp2s0): Activation: failed for connection 'WIFI'

So, it doesn't start WIFI without USE="connection-sharing". And why it hardcoded to use iptables? I don't use one, but nftables instead.
However, nm can start wifi in client mode, but if to set mode as "Access Point" - it requires iptables and dnsmasq.
Back to top
View user's profile Send private message
cboldt
l33t
l33t


Joined: 24 Aug 2005
Posts: 829

PostPosted: Wed Jan 18, 2017 4:14 pm    Post subject: Reply with quote

So start nm in client mode, and do the access point things (dnsmasq, firewwall) independently.

I don't see that as a USE flag setting, unless the ebuild offers up varying NetworkManager.conf files, depending on the USE flag settings.
Back to top
View user's profile Send private message
cord
Guru
Guru


Joined: 28 Apr 2007
Posts: 303

PostPosted: Wed Jan 18, 2017 4:37 pm    Post subject: Reply with quote

cboldt wrote:
So start nm in client mode, and do the access point things (dnsmasq, firewwall) independently.

Be the client, but act as AP? :)
Back to top
View user's profile Send private message
cboldt
l33t
l33t


Joined: 24 Aug 2005
Posts: 829

PostPosted: Wed Jan 18, 2017 4:49 pm    Post subject: Reply with quote

Yep. nm thinks it's the client, but you control the overall setup.

See NetworkManager.conf man page

https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html
Back to top
View user's profile Send private message
cord
Guru
Guru


Joined: 28 Apr 2007
Posts: 303

PostPosted: Wed Jan 18, 2017 4:56 pm    Post subject: Reply with quote

cboldt wrote:
Yep. nm thinks it's the client, but you control the overall setup.

See NetworkManager.conf man page

https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html


I don't understand. It requires ssid to connect to (if we are client).
Code:

# nmcli connection add con-name WIFI ifname wlp2s0 type wifi ip4 192.168.1.1/24   
Error: 'ssid' argument is required.
# nmcli connection add con-name WIFI ifname wlp2s0 type wifi ip4 192.168.1.1/24 ssid mywifi
Connection 'WIFI' (3a309748-92dd-4ae8-b0d2-0d74de51c699) successfully added.
# nmcli connection up WIFI
Error: Connection activation failed (reason 'ssid-not-found').
#
Back to top
View user's profile Send private message
cboldt
l33t
l33t


Joined: 24 Aug 2005
Posts: 829

PostPosted: Wed Jan 18, 2017 5:28 pm    Post subject: Reply with quote

Hopefully somebody else can help you with nm - I've never used it. I also have never set up a wireless access point. I use them (a couple routers here, one playing router hooked to cable modem, one playing access point), but have not set up a Gentoo box to play access point.

What you are trying to do doesn't depend on using nm to get the job done. I don;t know if it (nm) eventually makes your task easier, or more difficult.
Back to top
View user's profile Send private message
cord
Guru
Guru


Joined: 28 Apr 2007
Posts: 303

PostPosted: Wed Jan 18, 2017 6:21 pm    Post subject: Reply with quote

Temporally I roll back to hostapd and set the nm to NOT manage wlp2s0 interface.
Back to top
View user's profile Send private message
cboldt
l33t
l33t


Joined: 24 Aug 2005
Posts: 829

PostPosted: Wed Jan 18, 2017 6:25 pm    Post subject: Reply with quote

Found this, not sure it is still effective ...

Quote:
It is possible to pass custom options to the dnsmasq instance by adding them to files in the "${prefix}/etc/NetworkManager/dnsmasq.d/" directory.
Back to top
View user's profile Send private message
cord
Guru
Guru


Joined: 28 Apr 2007
Posts: 303

PostPosted: Wed Jan 18, 2017 6:42 pm    Post subject: Reply with quote

I didn't see any examples to use /etc/NetworkManager/dnsmasq.d/ for DHCP settings (IP-range lease), only for DNS (resolv.conf / hosts).
Well, I will try to check it again tomorrow. Thanks.
Back to top
View user's profile Send private message
cboldt
l33t
l33t


Joined: 24 Aug 2005
Posts: 829

PostPosted: Wed Jan 18, 2017 7:35 pm    Post subject: Reply with quote

See the dnsmasq man page for dnsmasq settings. I think nm will use configs it finds in ITS place (/etc/NetworkManager/dnsmasq.d/dnsmasq.conf) as it sets up dnsmasq.

I gave the dnsmasq switch for dhcp range and duration earlier ...

Code:
dhcp-range=192.168.0.2,192.168.0.32,255.255.255.0,10h


Change to suit your network, see if it takes.
Back to top
View user's profile Send private message
cord
Guru
Guru


Joined: 28 Apr 2007
Posts: 303

PostPosted: Thu Jan 19, 2017 2:07 pm    Post subject: Reply with quote

Yeah, Gentoo is the Mystery!
Today I set back to nm and... it's working in AP mode without forced start of "sharing staff" (nm-dnsmasq / iptables). So, I start system-wide dnsmasq (nftables are already configured) and it's all ok now. Looks like some 'cache' is somewhere.

However, there's strange line in the log:
Code:
Jan 19 16:02:47 [nm-dispatcher] req:1 'down' [wlp2s0], "/etc/NetworkManager/dispatcher.d/10-openrc-status": complete: failed with Script '/etc/NetworkManager/dispatcher.d/10-openrc-status' exited with error status 1.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum