dnsmasq sanity check?
in [Linux Help]
|
From: Mike Jones on 31 May 2010 12:35 I've got WWW on eth0, and machines on my LAN (eth1) being forwarded through a single machine. I've been using static addresses so far, but dnsmasq looks like a better way to do this, plus it also looks like I can restrict things to specific machines based on their MAC address too. So, working from the man page (whilst tired)... # =================================================== # /etc/dnsmasq.conf interface=eth1 no-hosts dhcp-range=192.168.1.1,static # (Real MAC addresses to be added here) dhcp-host=11:22:33:44:55:66,BOX2,192.168.1.2,infinite dhcp-host=11:22:33:44:55:77,BOX3,192.168.1.3,infinite dhcp-host=11:22:33:44:55:88,BOX4,192.168.1.4,infinite dhcp-host=11:22:33:44:55:99,BOX5,192.168.1.5,infinite domain-needed bogus-priv # add to as required... address=/doubleclick.net/127.0.0.1 # =================================================== ....does this look sane? All I need is for selected machines to be able to connect to and forward through the box acting as a router, that being BOX1 192.168.1.1 If this is a screw up, feel free to point out the glaring mistakes. %) Ta. XP=alt.os.linux,alt.os.linux.slackware FU=alt.os.linux -- *=( http://www.thedailymash.co.uk/ *=( For all your UK news needs.
From: Grant on 31 May 2010 18:14 On Mon, 31 May 2010 16:35:33 +0000 (UTC), Mike Jones <luck(a)dasteem.invalid> wrote: > >I've got WWW on eth0, and machines on my LAN (eth1) being forwarded >through a single machine. I've been using static addresses so far, but >dnsmasq looks like a better way to do this, plus it also looks like I can >restrict things to specific machines based on their MAC address too. > > >So, working from the man page (whilst tired)... > ># =================================================== > ># /etc/dnsmasq.conf > >interface=eth1 >no-hosts >dhcp-range=192.168.1.1,static A modem might claim 192.168.1.1, start higher? End of range? > ># (Real MAC addresses to be added here) >dhcp-host=11:22:33:44:55:66,BOX2,192.168.1.2,infinite >dhcp-host=11:22:33:44:55:77,BOX3,192.168.1.3,infinite >dhcp-host=11:22:33:44:55:88,BOX4,192.168.1.4,infinite >dhcp-host=11:22:33:44:55:99,BOX5,192.168.1.5,infinite I think you're doing it the hard way with MACs (each to 'is own :), don't like look of that 'infinite' (running 'doze boxes here too). > >domain-needed >bogus-priv > ># add to as required... >address=/doubleclick.net/127.0.0.1 FWIW I link in an extra file for this type of entry. > ># =================================================== > >...does this look sane? > >All I need is for selected machines to be able to connect to and forward >through the box acting as a router, that being BOX1 192.168.1.1 > >If this is a screw up, feel free to point out the glaring mistakes. %) Dunno about screw up. Dnsmasq has a fairly good mailing list too, Simon, the author is responsive, as are some of the members. Here's my dhcp section, I still use static IP for linux boxes, casual machines get an address okay here, and windoze boxes are semi-static via dhcp, which is similar to what you're planning above. I'm nowhere near fresh on dnsmasq options as I set this up over five years ago, changing bits along the way, as required. Dnsmasq mail list is good place to visit if you get into trouble. #-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- # network topology # ````````````````` # ---------------- ------------ LAN # ( ) Phone | ADSL Modem | Machines # ( Big Bad Internet )--------| bridge | # ( ) Line | mode | 1000/100/10 # ---------------- ------------ Switch ----- # | -------| | # Public IP | $xf_world | ----- # | | ----- # ------------- | --| | # optional | ppp0/eth0 | --- | ----- # second | | | \ |-- ----- # localnet < - - - - - -| eth2 eth1|-----|/ /|-----| | # not | | | \ |-- ----- # installed | Firewall | --- | ----- # ------------- | --| | # | ----- # | ----- # -------| | # $xf_lnet2 $xf_lnet1 ----- # 192.168.3.0/24 # #-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- # Section 1. Nameserver # `````````````````````` addn-hosts=/usr/local/etc/hosts expand-hosts #neg-ttl=60 #log-queries #log-async interface=eth1 localise-queries bogus-priv filterwin2k # normal DNS -> ISP NS resolv-file=/etc/ppp/resolv.conf # or use google NS #no-resolv #server=8.8.8.8 #server=8.8.4.4 domain-needed local=/grrr.id.au/ mx-host=deltree #mx-target=deltree localmx no-negcache conf-file=/usr/local/etc/deny_domains #-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- # Section 2. DHCP Server # ``````````````````````` domain=grrr.id.au expand-hosts dhcp-authoritative log-dhcp # 192.168.3.192/28 is a ! route so don't use it # 192.168.3.1 - 192.168.3.99 for static IPs dhcp-range=192.168.3.100,192.168.3.129,2h dhcp-host=winpooh,192.168.3.32,8h dhcp-host=winpIII,192.168.3.34,8h dhcp-host=toshiwin,192.168.3.35,8h dhcp-host=sillywin,192.168.3.36,8h dhcp-option=42,192.168.3.3 # This box is NTP server Grant. -- http://bugs.id.au/
From: Grant on 31 May 2010 18:15 On Mon, 31 May 2010 16:35:33 +0000 (UTC), Mike Jones <luck(a)dasteem.invalid> wrote: > >I've got WWW on eth0, and machines on my LAN (eth1) being forwarded >through a single machine. I've been using static addresses so far, but >dnsmasq looks like a better way to do this, plus it also looks like I can >restrict things to specific machines based on their MAC address too. Answered in a different group. Grant. -- http://bugs.id.au/
From: Mike Jones on 31 May 2010 19:01 Responding to Grant: > On Mon, 31 May 2010 16:35:33 +0000 (UTC), Mike Jones > <luck(a)dasteem.invalid> wrote: > > >>I've got WWW on eth0, and machines on my LAN (eth1) being forwarded >>through a single machine. I've been using static addresses so far, but >>dnsmasq looks like a better way to do this, plus it also looks like I >>can restrict things to specific machines based on their MAC address too. >> >> >>So, working from the man page (whilst tired)... >> >># =================================================== >> >># /etc/dnsmasq.conf >> >>interface=eth1 >>no-hosts >>dhcp-range=192.168.1.1,static > > A modem might claim 192.168.1.1, start higher? End of range? Broadband. Thats my router machine running dnsmasq. And from man dnsmasq... The end address may be replaced by the keyword static which tells dnsmasq to enable DHCP for the network specified, but not to dynamically allocate IP addresses. Only hosts which have static addresses given via dhcp-host or from /etc/ethers will be served. > >># (Real MAC addresses to be added here) >>dhcp-host=11:22:33:44:55:66,BOX2,192.168.1.2,infinite >>dhcp-host=11:22:33:44:55:77,BOX3,192.168.1.3,infinite >>dhcp-host=11:22:33:44:55:88,BOX4,192.168.1.4,infinite >>dhcp-host=11:22:33:44:55:99,BOX5,192.168.1.5,infinite > > I think you're doing it the hard way with MACs (each to 'is own :), > don't like look of that 'infinite' (running 'doze boxes here too). >> >>domain-needed >>bogus-priv >> >># add to as required... >>address=/doubleclick.net/127.0.0.1 > > FWIW I link in an extra file for this type of entry. > > >># =================================================== >> >>...does this look sane? >> >>All I need is for selected machines to be able to connect to and forward >>through the box acting as a router, that being BOX1 192.168.1.1 >> >>If this is a screw up, feel free to point out the glaring mistakes. %) > > Dunno about screw up. Dnsmasq has a fairly good mailing list too, > Simon, the author is responsive, as are some of the members. > > Here's my dhcp section, I still use static IP for linux boxes, casual > machines get an address okay here, and windoze boxes are semi-static via > dhcp, which is similar to what you're planning above. > > I'm nowhere near fresh on dnsmasq options as I set this up over five > years ago, changing bits along the way, as required. > > Dnsmasq mail list is good place to visit if you get into trouble. > > #-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- =-=-=- > # network topology > # ````````````````` > # ---------------- ------------ LAN # > ( ) Phone | ADSL Modem | Machines # ( > Big Bad Internet )--------| bridge | # ( ) > Line | mode | 1000/100/10 # ---------------- > ------------ Switch ----- # > | -------| | # Public > IP | $xf_world | ----- # > | | ----- # > ------------- | --| | # optional | > ppp0/eth0 | --- | ----- # second | > | | \ |-- ----- # localnet < - - - - - -| eth2 > eth1|-----|/ /|-----| | # not | > | | \ |-- ----- # installed | Firewall > | --- | ----- # ------------- > | --| | # > | ----- # > | ----- # > -------| | # $xf_lnet2 $xf_lnet1 > ----- # > 192.168.3.0/24 # > #-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- =-=- > # Section 1. Nameserver > # `````````````````````` > > addn-hosts=/usr/local/etc/hosts > expand-hosts > #neg-ttl=60 > #log-queries > #log-async > interface=eth1 > localise-queries > bogus-priv > filterwin2k > > # normal DNS -> ISP NS > resolv-file=/etc/ppp/resolv.conf > > # or use google NS > #no-resolv > #server=8.8.8.8 > #server=8.8.4.4 > > domain-needed > local=/grrr.id.au/ > mx-host=deltree > #mx-target=deltree > localmx > no-negcache > conf-file=/usr/local/etc/deny_domains > > #-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- =-=- > # Section 2. DHCP Server > # ``````````````````````` > > domain=grrr.id.au > expand-hosts > dhcp-authoritative > log-dhcp > > # 192.168.3.192/28 is a ! route so don't use it # 192.168.3.1 - > 192.168.3.99 for static IPs dhcp-range=192.168.3.100,192.168.3.129,2h > > dhcp-host=winpooh,192.168.3.32,8h > dhcp-host=winpIII,192.168.3.34,8h > dhcp-host=toshiwin,192.168.3.35,8h > dhcp-host=sillywin,192.168.3.36,8h > > dhcp-option=42,192.168.3.3 # This box is NTP server > > Grant. Aha! A working conf to play with! Cheers! I've got the thing up and running, but managed to block initial connections with paranoid firewall. I'll dig out the glitch tommorrow. Latest (x=munged for posting)... # ========================================= # Custom-Configuration file for dnsmasq. interface=eth1 no-hosts dhcp-range=192.168.1.10,192.168.1.20 # For non-regular connections # dhcp-host=**:**:**:**:**:**,BOX1,192.168.1.1,12h # dhcp-host=**:**:**:**:**:**,BOX2,192.168.1.2,12h dhcp-host=00:xx:xx:xx:xx:xx,BOX3,192.168.1.3,12h dhcp-host=00:xx:xx:xx:xx:xx,BOX4,192.168.1.4,12h # dhcp-host=**:**:**:**:**:**,BOX5,192.168.1.5,12h domain-needed bogus-priv query-port=xxxx # (> 1024) address=/doubleclick.net/127.0.0.1 # ========================================= -- *=( http://www.thedailymash.co.uk/ *=( For all your UK news needs.
From: Grant on 31 May 2010 19:58
On Mon, 31 May 2010 23:01:02 +0000 (UTC), Mike Jones <luck(a)dasteem.invalid> wrote: >Responding to Grant: > >> On Mon, 31 May 2010 16:35:33 +0000 (UTC), Mike Jones >> <luck(a)dasteem.invalid> wrote: .... >Broadband. Thats my router machine running dnsmasq. > >And from man dnsmasq... > >The end address may be replaced by the keyword static which tells dnsmasq >to enable DHCP for the network specified, but not to dynamically allocate >IP addresses. Only hosts which have static addresses given via dhcp-host >or from /etc/ethers will be served. Fair enough, I've not RTFMd for years ;) > > .... >Aha! A working conf to play with! Cheers! I hope it made more sense than the rewrapped mess your news client produced! > >I've got the thing up and running, but managed to block initial >connections with paranoid firewall. I'll dig out the glitch tommorrow. Progress, you'll get there... Grant. -- http://bugs.id.au/ |