[Bug 242869] Re: dnsmasq's dhcp blocked to clients by firestarter
This package has been removed from Ubuntu. Closing all related bugs. ** Changed in: firestarter (Ubuntu) Status: Fix Committed = Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/242869 Title: dnsmasq's dhcp blocked to clients by firestarter To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/242869/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 242869] Re: dnsmasq's dhcp blocked to clients by firestarter
when i ran into this problem again, i opened a the dhcp port for anyone and that worked fine too as i use a non routable ip-range in mij network. hope this helps if someone google's this. ** Changed in: firestarter (Ubuntu) Status: New = Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/242869 Title: dnsmasq's dhcp blocked to clients by firestarter To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/242869/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 242869] Re: dnsmasq's dhcp blocked to clients by firestarter
It could also be that you have a adsl modem what does not resolve all the names for you as you want, like say a Tomson modem, but if you are correct in this, why does it do what it has to do, with the ' user-pre' addition in my case and probably someone elses' . regards. On wo, 2009-07-08 at 15:48 +, ded wrote: dnsmasq takes care of so many headaches for a small network, this problem was really killing me since firestarter is probably the best gui front-end to iptables I've found. But the above problem was plaguing me and the fix to user-pre above didn't seem to help. In case anyone does what I did, I want to post the solution. I cut and pated the above-line from my browser into the user-pre file and it didn't work. What I finally discovered after banging my head on this one for several days was that the --sport and --dport argument got converted to and en-dash or some such non-ascii character by the browser and were invalid. When you past the above, make sure to change them! I found this by running firestarter --start from the command line, which will echo all the iptables errors to the console. I found several other problems with my firestarter configuration this way as well. For example, I found that it was unable to resolve the hostnames I used in several rules, so they weren't getting into the firewall. I had to hard-code IP addresses instead. I hope this helps someone else. Regards, ded -- dnsmasq's dhcp blocked to clients by firestarter https://bugs.launchpad.net/bugs/242869 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 242869] Re: dnsmasq's dhcp blocked to clients by firestarter
dnsmasq takes care of so many headaches for a small network, this problem was really killing me since firestarter is probably the best gui front-end to iptables I've found. But the above problem was plaguing me and the fix to user-pre above didn't seem to help. In case anyone does what I did, I want to post the solution. I cut and pated the above-line from my browser into the user-pre file and it didn't work. What I finally discovered after banging my head on this one for several days was that the --sport and --dport argument got converted to and en-dash or some such non-ascii character by the browser and were invalid. When you past the above, make sure to change them! I found this by running firestarter --start from the command line, which will echo all the iptables errors to the console. I found several other problems with my firestarter configuration this way as well. For example, I found that it was unable to resolve the hostnames I used in several rules, so they weren't getting into the firewall. I had to hard-code IP addresses instead. I hope this helps someone else. Regards, ded -- dnsmasq's dhcp blocked to clients by firestarter https://bugs.launchpad.net/bugs/242869 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 242869] Re: dnsmasq's dhcp blocked to clients by firestarter
jaunty with dnsmasq. bug still present. firestarter launches dnsmasq but blocks traffic to it. The workaround /etc/firestarter/user-pre doesn't seem to work. -- dnsmasq's dhcp blocked to clients by firestarter https://bugs.launchpad.net/bugs/242869 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 242869] Re: dnsmasq's dhcp blocked to clients by firestarter
A useful bit of information here: ISC dhcpd uses raw sockets to grab incoming packets before they pass through the IP stack and IP tables, it therefore doesn't suffer from problems caused by broken firewall rules. Dnsmasq uses standard IP sockets so that all incoming packets are filtered by iptables. It is therefore not the case that having dhcpd work with firestarter means that the problem is solved and firestarter just has to do the same for dnsmasq as for dhcpd. WIth dhpcd the problem is moot, but with dnsmasq firestarter really has to get it right. From the dnsmasq FAQ: Q: I'm using dnsmasq on a machine with the Firestarter firewall, and DHCP doesn't work. What's the problem? A: This a variant on the iptables problem. Explicit details on how to proceed can be found at http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2005q3/000431.html Cheers, SImon. -- dnsmasq's dhcp blocked to clients by firestarter https://bugs.launchpad.net/bugs/242869 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 242869] Re: dnsmasq's dhcp blocked to clients by firestarter
... maybe it's not a bug, but it might be handy to fix this by the install script of dnsmasq if firestarter is detected. ** Description changed: Binary package hint: firestarter server: hardy, clients hardy. In a situation where firestarter is sharing the internet connection and act as a firewall, dnsmasq's dhcp server can not be reached by clients. Shutting down firestarter, all works fine, except the sharing of internet. Enable firstarter again, no dhcp. The iptables rules decide that all destination traffic to 255.255.255.255 from source 0.0.0.0 (unknown) (even if the port is 67-68) will be dropped. (so no new dhcp requests) The workaround was to add the following line to /etc/firestarter/user- pre to explicitly allow the DHCP broadcasts early in the INPUT table: $IPT -A INPUT -i $INIF -p udp -s 0.0.0.0 –sport 68 -d 255.255.255.255 –dport 67 -j ACCEPT (thanks Andrew) But i think firestarter should solve this. All new dhcp resolving is done by sending packets to 255.255.255.255 from source 0.0.0.0. + ... maybe it's not a bug, but it might be handy to fix this by the + install script of dnsmasq if firestarter is detected. + I hope this helps. Regards. ... ow.. and keep up the good work ;) ** Description changed: Binary package hint: firestarter server: hardy, clients hardy. In a situation where firestarter is sharing the internet connection and act as a firewall, dnsmasq's dhcp server can not be reached by clients. Shutting down firestarter, all works fine, except the sharing of internet. Enable firstarter again, no dhcp. The iptables rules decide that all destination traffic to 255.255.255.255 from source 0.0.0.0 (unknown) (even if the port is 67-68) will be dropped. (so no new dhcp requests) The workaround was to add the following line to /etc/firestarter/user- pre to explicitly allow the DHCP broadcasts early in the INPUT table: $IPT -A INPUT -i $INIF -p udp -s 0.0.0.0 –sport 68 -d 255.255.255.255 –dport 67 -j ACCEPT (thanks Andrew) But i think firestarter should solve this. All new dhcp resolving is done by sending packets to 255.255.255.255 from source 0.0.0.0. - ... maybe it's not a bug, but it might be handy to fix this by the - install script of dnsmasq if firestarter is detected. I hope this helps. Regards. ... ow.. and keep up the good work ;) -- dnsmasq's dhcp blocked to clients by firestarter https://bugs.launchpad.net/bugs/242869 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs