[Dnsmasq-discuss] IPv6 configuration for Android clients
In order to support IPv6 address allocation to Android clients I have tried to extend default Debian NetworkManager Wifi hotspot dnsmasq configuration: 18240 ?S 0:00 /usr/sbin/dnsmasq --conf-file=/dev/null --no-hosts --keep-in-foreground --bind-interfaces --except-interface=lo --clear-on-reload --strict-order --listen-address=10.42.0.1 --dhcp-range=10.42.0.10,10.42.0.254,60m --dhcp-lease-max=50 --dhcp-leasefile=/var/lib/NetworkManager/dnsmasq-wlp1s0.leases --pid-file=/run/nm-dnsmasq-wlp1s0.pid --conf-dir=/etc/NetworkManager/dnsmasq-shared.d with file local.conf in /etc/NetworkManager/dnsmasq-shared.d: enable-ra dhcp-range=::,constructor:wlp1s0,ra-names,slaac,infinite dhcp-authoritative log-dhcp Interface wlps1s0 has these addresses: wlp1s0: flags=4163 mtu 1500 inet 10.42.0.1 netmask 255.255.255.0 broadcast 10.42.0.255 inet6 fe80::14c0:c516:36cb:8b44 prefixlen 64 scopeid 0x20 inet6 2001:db8:0:1::1 prefixlen 64 scopeid 0x0 When I start dnsmasq, I get to syslog: Jan 7 04:46:10 char NetworkManager[18816]: [1578365170.5750] dnsmasq-manager: starting dnsmasq... Jan 7 04:46:10 char dnsmasq[18847]: started, version 2.80 cachesize 150 Jan 7 04:46:10 char dnsmasq[18847]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify dumpfile Jan 7 04:46:10 char dnsmasq[18847]: chown of PID file /run/nm-dnsmasq-wlp1s0.pid failed: Operation not permitted Jan 7 04:46:10 char dnsmasq-dhcp[18847]: DHCP, IP range 10.42.0.10 -- 10.42.0.254, lease time 1h Jan 7 04:46:10 char dnsmasq-dhcp[18847]: DHCPv4-derived IPv6 names on wlp1s0 Jan 7 04:46:10 char dnsmasq-dhcp[18847]: router advertisement on wlp1s0 Jan 7 04:46:10 char dnsmasq-dhcp[18847]: DHCPv4-derived IPv6 names on 2001:db8:0:1::, constructed for wlp1s0 Jan 7 04:46:10 char dnsmasq-dhcp[18847]: router advertisement on 2001:db8:0:1::, constructed for wlp1s0 Jan 7 04:46:10 char dnsmasq-dhcp[18847]: IPv6 router advertisement enabled Jan 7 04:46:10 char dnsmasq[18847]: no servers found in /etc/resolv.conf, will retry Jan 7 04:46:10 char dnsmasq[18847]: cleared cache Jan 7 04:46:10 char dnsmasq-dhcp[18847]: router advertisement on 2001:db8:0:1::, old prefix for wlp1s0 Jan 7 04:46:10 char dnsmasq-dhcp[18847]: DHCPv4-derived IPv6 names on 2001:db8:0:1::, constructed for wlp1s0 Jan 7 04:46:10 char dnsmasq-dhcp[18847]: router advertisement on 2001:db8:0:1::, constructed for wlp1s0 Jan 7 04:46:10 char dnsmasq-dhcp[18847]: router advertisement on 2001:db8:0:1::, old prefix for wlp1s0 When I connect my Android device to this hotspot, I get to syslog: Jan 7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 available DHCP range: 10.42.0.10 -- 10.42.0.254 Jan 7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 vendor class: android-dhcp-9 Jan 7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 DHCPDISCOVER(wlp1s0) a8:3e:0e:ab:65:dd Jan 7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 tags: wlp1s0 Jan 7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 DHCPOFFER(wlp1s0) 10.42.0.214 a8:3e:0e:ab:65:dd Jan 7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 requested options: 1:netmask, 3:router, 6:dns-server, 15:domain-name, Jan 7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 requested options: 26:mtu, 28:broadcast, 51:lease-time, 58:T1, Jan 7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 requested options: 59:T2, 43:vendor-encap Jan 7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 next server: 10.42.0.1 Jan 7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 sent size: 1 option: 53 message-type 2 Jan 7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 sent size: 4 option: 54 server-identifier 10.42.0.1 Jan 7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 sent size: 4 option: 51 lease-time 1h Jan 7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 sent size: 4 option: 58 T1 30m Jan 7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 sent size: 4 option: 59 T2 52m30s Jan 7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 sent size: 4 option: 1 netmask 255.255.255.0 Jan 7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 sent size: 4 option: 28 broadcast 10.42.0.255 Jan 7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 sent size: 4 option: 3 router 10.42.0.1 Jan 7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 sent size: 4 option: 6 dns-server 10.42.0.1 Jan 7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 available DHCP range: 10.42.0.10 -- 10.42.0.254 Jan 7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 vendor class: android-dhcp-9 Jan 7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 DHCPREQUEST(wlp1s0) 10.42.0.214 a8:3e:0e:ab:65:dd Jan 7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 tags: wlp1s0 Jan 7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 DHCPACK(wlp1s0) 10.42.0.214 a8:3e:0e:ab:65:dd Jan 7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 requested options: 1:netmask, 3:router, 6:dns-server, 15:domain-name, Jan 7
[Dnsmasq-discuss] pxe-service line for UEFI system?
Hi. I'm putting together a "booting section" fo my config, where I want to provide various boot images, according to the machine architecture provided by the client. As I understand the pxe-service functionality, there are 2 ways to to netboot: - either provide bootfile-name (67), which the client downloads immediately and executes, or - provide pxe menu, (prompt, items), within option 43, client makes a selection, DHCP provides filename for the selected item, and from there it's the same as the above. The config (attached below [1]) works fine for PC-BIOS, but I just can't get dnsmasq to provide any PXE menu items to X86-64_EFI clients. Tried the CSA keyword (X86-64_EFI), integer (7), removed the skipmenu tag filter, commented out all pxe options specific to other architectures, nada. For the UEFI client (using vmware VM), the provided option 43 only contains the prompt suboption, and end character (the VM doesn't display anything and just goes back to boot menu, but that's down to their PXE ROM, I assume). Double-checked CSA provided by the client, it is indeed 7 (+ PXEClient:Arch:7:UNDI:003016 in VendorClass). What am I missing? The dnsmasq instance is a full DHCP server, not just proxy. I can private-message the full config if you need it. I'm on ubuntu-provided version 2.80-1ubuntu2. Cheers, MZ [1] # set custom tag for matching architectures - used for option that don't have implicit filtering dhcp-match=set:efi-arm64,option:client-arch,11 dhcp-match=set:efi-arm32,option:client-arch,10 dhcp-match=set:efi-x86_64,option:client-arch,7 dhcp-match=set:efi-x86_64,option:client-arch,9 dhcp-match=set:efi-x86,option:client-arch,6 dhcp-match=set:bios,option:client-arch,0 # iPXE will make a 2nd DHCP request with custom user class - this is where we provide path for script to run dhcp-userclass=set:ipxe,iPXE ## Script for iPXE dhcp-boot=tag:ipxe,"http://${dhcp-server}/shared/scripts/main.ipxe; # Don't offer menu to ipxe- or directboot-tagged requests #tag-if=set:directboot,tag:vmware tag-if=set:skipmenu,tag:ipxe tag-if=set:skipmenu,tag:directboot # Directboot mappings dhcp-boot=tag:bios,tag:skipmenu,tag:!ipxe,ipxe/undionly.kpxe dhcp-boot=tag:efi-x86_64,tag:skipmenu,tag:!ipxe,ipxe/ipxe.efi # ...or go through a menu pxe-prompt=tag:!skipmenu,"Where do you want to go today?" # Common menu pxe-service=tag:!skipmenu,x86PC,"Boot from local disk" pxe-service=tag:!skipmenu,X86-64_EFI,"Boot from local disk" # BIOS menu pxe-service=tag:!skipmenu,x86PC,"Raspberry Pi - pxelinux",bios/pxelinux.0 pxe-service=tag:!skipmenu,x86PC,"Raspberry Pi - ipxe - kpxe",ipxe/undionly.kpxe pxe-service=tag:!skipmenu,x86PC,"Raspberry Pi - ipxe - kkpxe",ipxe/undionly.kkpxe # UEFI menu pxe-service=tag:!skipmenu,X86-64_EFI,"Raspberry Pi - ipxe - UEFI",ipxe/ipxe.efi ## Add custom DHCP option for iPXE - extra options for clonezilla cmdline dhcp-option-force=tag:nd1,tag:ipxe,129,"live-netdev=eth1" dhcp-option-force=tag:nd0,tag:ipxe,129,"live-netdev=eth0" ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Single-port mode for TFTP
Simon, You're amazing, thank you so much! - kvaps On Mon, Jan 6, 2020 at 12:06 AM Simon Kelley wrote: > On 30/12/2019 11:51, kvaps wrote: > > Hi Simon, > > > > We're happy to use dnsmasq for organize network booting in Kubernetes, > > it have everything need: DNS-, DHCP- and TFTP-servers. > > > > The only problem is that TFTP protocol in its reference implementation > > is not working behind the NAT, because always sends reply packets from > > random port. > > > > Note that Kubernetes uses NAT for external services, so it's not > > possible to run TFTP-server for external clients there. There is one > > proposed solution for that, it suggests moving away from the RFC and > > implement --single-port option for always reply from the same port which > > was requested by the client. > > > > In this way, the TFTP-packets can be simple NAT'ed back to the client > side. > > > > Take a look on unique features for go-tftp implementation: > > https://github.com/vcabbage/go-tftp#unique-features > > > > And its command line client: > > https://github.com/kvaps/trivialt/ > > > > Best regards > > - kvaps > > > > ___ > > Dnsmasq-discuss mailing list > > Dnsmasq-discuss@lists.thekelleys.org.uk > > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > > > > > Patch done. --tftp-single-port is an option. I tested with all the > tftp-clients easily available and it worked fine. > > > > > http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=66f62650c353e901264a4cf0729d35dbc0ae284d > > > Simon. > > > ___ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss