Sure! It's a long story, but perhaps interesting. I got a quad core 2.42
GHz, 8GB ram 128GB SSD WIFI, dual nic, Thin Mini PC
<https://www.amazon.com/gp/product/B01M3WPT91/> off Amazon that I had
intended to use as my home router running pfsense. I have really crappy DSL
at home with an average speed of 1.5Mbps. I have a tablet with 5G and
"unlimited" data that I can tether through USB that occasionally gets
deprioritized. (TMobile aint great but it beats everything else) So my plan
was a router that could switch between DSL and tethered tablet and provide
a hopefully better home internet environment.

The device has USB, two nics and wifi. When I went to install pfsense I
discovered that the wifi and tethered tablet drivers were missing and not
being a linux kernel guy it sounded like a daunting task to get that
working. I had a ubuntu desktop live usb stick that I was using to get
hardware info for the pfsense installation and it seemed to work great. So
I just installed that. I've only ever used linux in vms as servers so this
was also an opportunity to learn a new desktop environment. Aside from the
router, I also have several smart switches
<https://www.tp-link.com/us/products/details/cat-5711_TL-SG105E.html> and
three wireless access points
<https://www.tp-link.com/eg/products/details/cat-12_TL-WA901ND.html>. The
router's wifi didn't cover the whole house and amazon echo's intercom
feature was too cool not to utilize. Long term, I'd like to isolate the
access points on their own vlan (practice good security etc) but that is in
the backlog for after I get the basic configuration working.

So this is where things get interesting. All my linux friends told me I
should start ripping parts out of my ubuntu distro and just use iptables,
shorewall, dhcd, etc. I used to work on Windows at Microsoft and it didn't
make sense to me that Ubuntu developers would not make the best choices of
technologies when building Ubuntu and all ripping out services and swimming
upstream would buy me is that opportunity to relearn why the Ubuntu
developers made the choices they made. So instead of fighting the system I
would embrace it and learn to use it as best as I could. I acknowledge this
is cathedral thinking in the bazaar but I feel like I'm really close to
getting it all working.

Anyway, when I configure network manager to share my wifi and one of my
nics, it runs three copies of dnsmasq like so.

/usr/sbin/dnsmasq
  --no-resolv
  --keep-in-foreground
  --no-hosts
  --bind-interfaces
  --pid-file=/var/run/NetworkManager/dnsmasq.pid
  --listen-address=127.0.1.1
  --cache-size=0
  --conf-file=/dev/null
  --proxy-dnssec
  --enable-dbus=org.freedesktop.NetworkManager.dnsmasq
  --conf-dir=/etc/NetworkManager/dnsmasq.d

/usr/sbin/dnsmasq
  --conf-file
  --no-hosts
  --keep-in-foreground
  --bind-interfaces
  --except-interface=lo
  --clear-on-reload
  --strict-order
  --listen-address=192.168.69.1
  --dhcp-range=192.168.69.10,192.168.69.254,60m
  --dhcp-option=option:router,192.168.69.1
  --dhcp-lease-max=50
  --pid-file=/var/run/nm-dnsmasq-wlp2s0b1.pid
  --conf-dir=/etc/NetworkManager/dnsmasq-shared.d

/usr/sbin/dnsmasq
  --conf-file
  --no-hosts
  --keep-in-foreground
  --bind-interfaces
  --except-interface=lo
  --clear-on-reload
  --strict-order
  --listen-address=192.168.0.254
  --dhcp-range=192.168.0.1,192.168.0.245,60m
  --dhcp-option=option:router,192.168.0.254
  --dhcp-lease-max=50
  --pid-file=/var/run/nm-dnsmasq-enp3s0.pid
  --conf-dir=/etc/NetworkManager/dnsmasq-shared.d

The first one is for dns and I have a conf file in
/etc/NetworkManager/dnsmasq.d with the single line

cache-size=1000

The next one is for dhcp on my wifi and the last one is for dhcp on my nic.
Unfortunately they use the same conf-dir
(/etc/NetworkManager/dnsmasq-shared.d). I currently have one file there
that looks like this

#
# HUBS
dhcp-host=<mac address>,192.168.0.10,den-hub
dhcp-host=<mac address>,192.168.0.11,master-hub
dhcp-host=<mac address>,192.168.0.12,utility-hub
dhcp-host=<mac address>,192.168.0.13,gaming-hub
dhcp-host=<mac address>,192.168.0.14,pantry-hub
#
# WAPS
dhcp-host=<mac address>,192.168.0.20,sunroom-wap
dhcp-host=<mac address>,192.168.0.21,master-wap
dhcp-host=<mac address>,192.168.0.22,gaming-wap
#
# SUNROOM DEVICES
dhcp-host=<mac address>,192.168.0.30,printer
dhcp-host=<mac address>,192.168.0.31,laser
#
# DEN DEVICES
dhcp-host=<mac address>,192.168.0.253,watchdog
#
# MASTER DEVICES
dhcp-host=<mac address>,192.168.0.252,keeper,infinite
dhcp-host=<mac address>,192.168.0.40,wdtv,infinite
dhcp-host=<mac address>,192.168.0.148,kodi,infinite
#
# UTILITY DEVICES
#
# REC ROOM DEVICES
#
# WIRELESS DEVICES

#
# OTHER SETTINGS
#dhcp-ignore=tag:!known
dhcp-lease-max=1000

long term, I'd like to static configure all devices on my home nic and my
wireless and only to do dhcp on the vlan for guest wifi. Then I could
uncomment the dhcp-ignore line and devices would need to be explicitly
added to the conf to get access to anything on my LAN other than the
internet. I feel like if I understood tags better I might be able to figure
out how to do this. Otherwise I might need to see if I can get a PR into
NetworkManager to use different conf-dirs when multiple networks are shared.

So probably more than you were asking for, but I hope it helps.

Go Carefully,

SeanK


On Thu, Jan 3, 2019 at 12:20 PM Simon Kelley <si...@thekelleys.org.uk>
wrote:

> The leftmost 0 means that the leases are infinite, they never expire,
> which might explain why you're running out of leases.
>
> There can be duplicate leases per MAC address, but there should never be
> duplicate leases for an IP address. So I'm interested in finding out how
> you've contrived this situation. Please could you share as much
> information as possible about network and dnsmasq configuration?
>
>
> Cheers,
>
> Simon.
>
>
> On 02/01/2019 04:01, Sean Kelly wrote:
> > when I cat the file I see mutiple entries for the same MAC address, what
> > does this mean?
> >
> > 0 98:de:d0:bb:11:0c 192.168.0.10 * 01:98:de:d0:bb:11:0c
> > 0 98:de:d0:bb:11:0c 192.168.0.10 * 01:98:de:d0:bb:11:0c
> > 0 98:de:d0:2c:0e:4c 192.168.0.20 * 01:98:de:d0:2c:0e:4c
> > 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf
> > 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92
> > 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf
> > 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92
> > 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92
> > 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf
> > 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92
> > 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf
> > 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf
> > 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92
> > 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf
> > 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92
> > 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92
> > 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf
> > 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92
> > 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf
> > 0 44:80:eb:95:2a:b4 192.168.0.66 * 01:44:80:eb:95:2a:b4
> > 0 44:80:eb:95:2a:b4 192.168.0.66 miri-phone 01:44:80:eb:95:2a:b4
> > 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf
> > 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92
> > 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf
> > 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92
> > 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92
> > 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf
> > 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92
> > 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf
> > 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf
> > 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92
> > 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf
> > 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92
> > 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92
> > 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf
> >  Can I trim multiple entriesor is it safe to ignore them? I just
> > recently got the dnsmasq NO LEASES LEFT error and was concerned that
> > these duplicate entries contributed to the dhcp-max-leases count. Can I
> > delete them safely?
> >
> > Go Carefully,
> >
> > SeanK
> >
> > _______________________________________________
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss@lists.thekelleys.org.uk
> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Reply via email to