Re: [Dnsmasq-discuss] Failing to get DHCP responses on OpenBSD
On Sun, 8 Dec 2019 11:27:56 +0100 Geert Stappers wrote: > Time will tell how many OpenBSD users report here[1] "works for me" works for me, both DHCP and DNS (OpenBSD 6.6, dnsmasq 2.80 from ports) Note that you must not block UDP broadcasts or access to port 67 on the interfaces that are served by DHCP. A ruleset like the example in the PF FAQ will work: https://www.openbsd.org/faq/pf/example1.html -- Fabian ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Failing to get DHCP responses on OpenBSD
Hi, Alright, so I am an idiot. I should have done what you always do and first test with a disabled firewall instead of banging my head against the network config for three days. Things work fine with the firewall out of the way. The hint that got me there came from the dnsmasq FAQ. It mentions that the ISC dhcpd (from which the OpenBSD dhcpd is derived) may bypass the kernel firewall entirely. Fabian ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Failing to get DHCP responses on OpenBSD
On Sun, Dec 08, 2019 at 01:29:45AM +0200, Fabian wrote: > > I was playing around a bit more with fstat and netstat and noticed one > difference between dhcpd and dnsmasq - dhcpd binds to bpf (Berkeley > Packet Filter) and not a datagram socket like dnsmasq does. I > definitely see a UDP datagram coming in for port 67 with tcpdump when > dhcpd is running and it is replying instantly with a UDP datagram. So > something makes the bpf socket see the traffic while the datagram > socket does not? > > OTOH, why would I be the only OpenBSD user that has that issue? Maybe > there is some fancy OpenBSD security mechanism that I am not aware of? > When I run dnsmasq for testing, I am running as root. Running it with > the regular rc scripts, it runs with user _dnsmasq. I am getting the > same behavior from dnsmasq in both cases however. Time will tell how many OpenBSD users report here[1] "works for me" I think it is wise to check meanwhile OpenBSD communities for success story with dnsmasq. Groeten Geert Stappers [1] this mailinglist with it is mailinglist archive -- Leven en laten leven ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Failing to get DHCP responses on OpenBSD
On Sat, 7 Dec 2019 21:44:08 +0100 Geert Stappers wrote: > A. stop dnsmasq and check again what fstat says about port 67 Nothing else is listening on that port. > B. try only 1 interface (add the others I/F when 1 works) Could not make that work. :-( > > inet 182.227.21.34 netmask 0xe000 broadcast 182.227.21.255 > > FWIW: > netmask and broadcast don't match. Make the broadcast 182.227.31.255 > to match the netmask Sorry, my mistake, I had replaced the real IP address by some made up numbers. I was playing around a bit more with fstat and netstat and noticed one difference between dhcpd and dnsmasq - dhcpd binds to bpf (Berkeley Packet Filter) and not a datagram socket like dnsmasq does. I definitely see a UDP datagram coming in for port 67 with tcpdump when dhcpd is running and it is replying instantly with a UDP datagram. So something makes the bpf socket see the traffic while the datagram socket does not? OTOH, why would I be the only OpenBSD user that has that issue? Maybe there is some fancy OpenBSD security mechanism that I am not aware of? When I run dnsmasq for testing, I am running as root. Running it with the regular rc scripts, it runs with user _dnsmasq. I am getting the same behavior from dnsmasq in both cases however. -- Fabian ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Failing to get DHCP responses on OpenBSD
On Sat, Dec 07, 2019 at 09:38:07PM +0200, dnsm...@mailfri.com wrote: > Hi, > > I am trying to run the dnsmasq 2.80 port on my OpenBSD home router and > am failing miserably at soliciting any response for DHCP requests. I am > reasonably sure that my firewall and routing settings are good because > the dhcpd that comes with OpenBSD works just fine (and I can see DHCP > requests on interface em2 with tcpdump). > > I tried all sorts of combinations of bindings, interface, dhcp-range, > etc. but I keep getting output like this and nothing else: > > $ dnsmasq -d -q --log-dhcp --interface=em1 --interface=em2 --interface=em3 > --dhcp-range=172.16.10.32,172.16.10.127 > --dhcp-range=172.16.11.32,172.16.11.127 > --dhcp-range=172.16.12.32,172.16.12.127 --dhcp-authoritative > dnsmasq: started, version 2.80 cachesize 150 > dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP > DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect no-inotify > dumpfile > dnsmasq-dhcp: DHCP, IP range 172.16.12.32 -- 172.16.12.127, lease time 1h > dnsmasq-dhcp: DHCP, IP range 172.16.11.32 -- 172.16.11.127, lease time 1h > dnsmasq-dhcp: DHCP, IP range 172.16.10.32 -- 172.16.10.127, lease time 1h > dnsmasq: reading /etc/resolv.conf > dnsmasq: using nameserver 43.23.18.136#53 > dnsmasq: using nameserver 43.23.18.135#53 > dnsmasq: read /etc/hosts - 2 addresses > > > fstat tells me that dnsmasq is bound to *:67 (i.e. port 67 on all > interfaces) as it should. Any ideas what else I could try still? And > is there some sort of debug setting that would allow me to see if > dnsmasq sees the DHCP requests and what it decides to do with them? That is '--log-dhcp', you have it already active. But you are stuck. Here some "last resort actions" A. stop dnsmasq and check again what fstat says about port 67 B. try only 1 interface (add the others I/F when 1 works) > Here is my network interface configuration: > > $ ifconfig > lo0: flags=8049 mtu 32768 > index 6 priority 0 llprio 3 > groups: lo > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 > inet 127.0.0.1 netmask 0xff00 > em0: flags=a08843 > mtu 1500 > lladdr 00:0d:1a:e3:81:62 > description: WAN > index 1 priority 0 llprio 3 > groups: egress > media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause) > status: active > inet 182.227.21.34 netmask 0xe000 broadcast 182.227.21.255 FWIW: netmask and broadcast don't match. Make the broadcast 182.227.31.255 to match the netmask > inet6 fe80::20e:c4ff:fed2:829d%em0 prefixlen 64 scopeid 0x1 > em1: flags=8843 mtu 1500 > lladdr 00:0d:1a:e3:81:63 > description: WIFI > index 2 priority 0 llprio 3 > media: Ethernet autoselect (none) > status: no carrier > inet 172.16.12.1 netmask 0xff00 broadcast 172.16.12.255 > em2: flags=8843 mtu 1500 > lladdr 00:0d:1a:e3:81:64 > description: Intra > index 3 priority 0 llprio 3 > media: Ethernet autoselect (1000baseT > full-duplex,master,rxpause,txpause) > status: active > inet 172.16.10.1 netmask 0xff00 broadcast 172.16.10.255 > em3: flags=8843 mtu 1500 > lladdr 00:0d:1a:e3:81:65 > description: DMZ > index 4 priority 0 llprio 3 > media: Ethernet autoselect (none) > status: no carrier > inet 172.16.11.1 netmask 0xff00 broadcast 172.16.11.255 > enc0: flags=0<> > index 5 priority 0 llprio 3 > groups: enc > status: active > pflog0: flags=141 mtu 33136 > index 7 priority 0 llprio 3 > groups: pflog > Groeten Geert Stappers -- Leven en laten leven ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Failing to get DHCP responses on OpenBSD
Hi, I am trying to run the dnsmasq 2.80 port on my OpenBSD home router and am failing miserably at soliciting any response for DHCP requests. I am reasonably sure that my firewall and routing settings are good because the dhcpd that comes with OpenBSD works just fine (and I can see DHCP requests on interface em2 with tcpdump). I tried all sorts of combinations of bindings, interface, dhcp-range, etc. but I keep getting output like this and nothing else: $ dnsmasq -d -q --log-dhcp --interface=em1 --interface=em2 --interface=em3 --dhcp-range=172.16.10.32,172.16.10.127 --dhcp-range=172.16.11.32,172.16.11.127 --dhcp-range=172.16.12.32,172.16.12.127 --dhcp-authoritative dnsmasq: started, version 2.80 cachesize 150 dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect no-inotify dumpfile dnsmasq-dhcp: DHCP, IP range 172.16.12.32 -- 172.16.12.127, lease time 1h dnsmasq-dhcp: DHCP, IP range 172.16.11.32 -- 172.16.11.127, lease time 1h dnsmasq-dhcp: DHCP, IP range 172.16.10.32 -- 172.16.10.127, lease time 1h dnsmasq: reading /etc/resolv.conf dnsmasq: using nameserver 43.23.18.136#53 dnsmasq: using nameserver 43.23.18.135#53 dnsmasq: read /etc/hosts - 2 addresses fstat tells me that dnsmasq is bound to *:67 (i.e. port 67 on all interfaces) as it should. Any ideas what else I could try still? And is there some sort of debug setting that would allow me to see if dnsmasq sees the DHCP requests and what it decides to do with them? Here is my network interface configuration: $ ifconfig lo0: flags=8049 mtu 32768 index 6 priority 0 llprio 3 groups: lo inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 inet 127.0.0.1 netmask 0xff00 em0: flags=a08843 mtu 1500 lladdr 00:0d:1a:e3:81:62 description: WAN index 1 priority 0 llprio 3 groups: egress media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause) status: active inet 182.227.21.34 netmask 0xe000 broadcast 182.227.21.255 inet6 fe80::20e:c4ff:fed2:829d%em0 prefixlen 64 scopeid 0x1 em1: flags=8843 mtu 1500 lladdr 00:0d:1a:e3:81:63 description: WIFI index 2 priority 0 llprio 3 media: Ethernet autoselect (none) status: no carrier inet 172.16.12.1 netmask 0xff00 broadcast 172.16.12.255 em2: flags=8843 mtu 1500 lladdr 00:0d:1a:e3:81:64 description: Intra index 3 priority 0 llprio 3 media: Ethernet autoselect (1000baseT full-duplex,master,rxpause,txpause) status: active inet 172.16.10.1 netmask 0xff00 broadcast 172.16.10.255 em3: flags=8843 mtu 1500 lladdr 00:0d:1a:e3:81:65 description: DMZ index 4 priority 0 llprio 3 media: Ethernet autoselect (none) status: no carrier inet 172.16.11.1 netmask 0xff00 broadcast 172.16.11.255 enc0: flags=0<> index 5 priority 0 llprio 3 groups: enc status: active pflog0: flags=141 mtu 33136 index 7 priority 0 llprio 3 groups: pflog -- Fabian ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss