» »

Dnsmasq problem

Dnsmasq problem

Matthai ::

Na OrangePi Zero postavljam wifi access point. Gor teče Armbian Bionic.

wlan0 vmesnik ima fiksni IP: 172.16.0.1.

Postavil sem hostap, dela super, se povežem na omrežje, dobim IP naslov in lahko pingam 172.16.0.1.

Ne dela pa DNS resolving. Lahko pa recimo pingam 8.8.8.8. Za DNS uporabljam dnsmasq.

Tole je konfiguracija:

cat /etc/dnsmasq.conf
port=53
domain-needed
bogus-priv

resolv-file=/etc/dnsmasq/resolv.conf
interface=wlan0
listen-address=172.16.0.1
bind-interfaces
addn-hosts=/etc/dnsmasq/hosts.conf
dhcp-range=172.16.0.50,172.16.0.150,12h
dhcp-leasefile=/var/lib/misc/dnsmasq.leases


Tole je vsebina v configu omenjenih datotek:

cat /etc/dnsmasq/resolv.conf
nameserver 127.0.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4


cat /etc/dnsmasq/hosts.conf
172.16.0.1 orangepi.wifi
172.16.0.1 www.orangepi.wifi


Kakšna ideja kje je težava? Iz same OrangePi Zero naprave lahko normalno pingam katerikoli FQDN... Dnsmasq pa sicer čisto lepo teče:

sudo service dnsmasq status
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
   Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2019-03-06 20:44:16 UTC; 6min ago
  Process: 1775 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exited, status=0/SUCCESS)
  Process: 1809 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
  Process: 1804 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
  Process: 1803 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
 Main PID: 1808 (dnsmasq)
    Tasks: 14 (limit: 855)
   CGroup: /system.slice/dnsmasq.service
           ├─1808 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service
           ├─1902 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service
           ├─1903 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service
           ├─1904 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service
           ├─1905 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service
           ├─1906 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service
           ├─1907 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service
           ├─1908 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service
           ├─1909 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service
           ├─1910 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service
           ├─1911 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service
           ├─1912 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service
           ├─1913 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service
           └─1914 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service

Mar 06 20:44:14 orangepizero dnsmasq[1808]: read /etc/dnsmasq/hosts.conf - 2 addresses
Mar 06 20:44:15 orangepizero dnsmasq[1808]: reading /run/dnsmasq/resolv.conf
Mar 06 20:44:15 orangepizero dnsmasq[1808]: using nameserver 8.8.8.8#53
Mar 06 20:44:15 orangepizero dnsmasq[1808]: using nameserver 127.0.0.53#53
Mar 06 20:44:15 orangepizero dnsmasq[1809]: /etc/resolvconf/update.d/libc: Warning: /etc/resolv.conf is not a symbolic link to /run/resolvconf/resolv.conf
Mar 06 20:44:16 orangepizero systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
Mar 06 20:44:44 orangepizero dnsmasq-dhcp[1808]: DHCPREQUEST(wlan0) 172.16.0.110 XXXXXXxxxxx
Mar 06 20:44:44 orangepizero dnsmasq-dhcp[1808]: DHCPACK(wlan0) 172.16.0.110 XXXXXXxxxxx XxXx
Mar 06 20:48:24 orangepizero dnsmasq-dhcp[1808]: DHCPREQUEST(wlan0) 172.16.0.74 XXXXXXxxxxx
Mar 06 20:48:24 orangepizero dnsmasq-dhcp[1808]: DHCPACK(wlan0) 172.16.0.74 XXXXXXxxxxx XxXx
Kind of an asshole at first sight, but actually a nice guy
when you get to know me personally. :)

Matthai ::

Še tole, ko se povežem gor, ping orangepi.wifi ne vrne rezultatov... Oz., ping: orangepi.wifi: Ime ali storitev ni poznana

nmap 172.16.0.1

pa pravi takole:

Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-06 22:01 CET
Nmap scan report for <strong>orangepi.wifi</strong> (172.16.0.1)
Host is up (0.015s latency).
Not shown: 998 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
53/tcp open  domain

Nmap done: 1 IP address (1 host up) scanned in 5.16 seconds
Kind of an asshole at first sight, but actually a nice guy
when you get to know me personally. :)

BlaY0 ::

V /etc/dnsmasq.conf daš:

domain=orangepi.wifi
no-resolve
server 8.8.8.8
server 8.8.4.4
local=/orangepi.wifi/


...v /etc/dnsmasq/resolv.conf pa samo:

nameserver 127.0.0.1


...in si zmagal.

Zgodovina sprememb…

  • spremenilo: BlaY0 ()

Matthai ::

Niti ne...

Če ne dam:

interface=wlan0
listen-address=172.16.0.1
bind-interfaces


Se Dnsmasq ne zažene:

sudo service dnsmasq status

? dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
   Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Wed 2019-03-06 22:37:30 UTC; 2s ago
  Process: 1695 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exited, status=0/SUCCESS)
  Process: 1622 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
  Process: 1776 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=2)
  Process: 1775 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
 Main PID: 1621 (code=exited, status=0/SUCCESS)

Mar 06 22:37:30 orangepizero systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Mar 06 22:37:30 orangepizero dnsmasq[1775]: dnsmasq: syntax check OK.
Mar 06 22:37:30 orangepizero dnsmasq[1776]: dnsmasq: failed to create listening socket for port 53: Address already in use
Mar 06 22:37:30 orangepizero dnsmasq[1776]: failed to create listening socket for port 53: Address already in use
Mar 06 22:37:30 orangepizero dnsmasq[1776]: FAILED to start up
Mar 06 22:37:30 orangepizero systemd[1]: dnsmasq.service: Control process exited, code=exited status=2
Mar 06 22:37:30 orangepizero systemd[1]: dnsmasq.service: Failed with result 'exit-code'.
Mar 06 22:37:30 orangepizero systemd[1]: Failed to start dnsmasq - A lightweight DHCP and caching DNS server.
Kind of an asshole at first sight, but actually a nice guy
when you get to know me personally. :)

BlaY0 ::

Pardon, dodaš, ne daš. Sem mislil da bo to samoumevno pa zgleda ni :P

Kje imaš pa bridge v katerem je wlan in eth interface? AP brez bridgea bo bolj švoh uporaben...

Matthai ::

Ja, sem tudi dodal, pa sicer service dela, ne pushne pa DNS serverjev.

Drugace imam posredovanje prometa reseno z iptables... kot receno na klientu ping na 8.8.8.8 dela, ping na www.google.com pa ne.
Kind of an asshole at first sight, but actually a nice guy
when you get to know me personally. :)

Zgodovina sprememb…

  • spremenil: Matthai ()

Matthai ::

Se pravi takole:

sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"


in:

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
Kind of an asshole at first sight, but actually a nice guy
when you get to know me personally. :)

Matthai ::

Torej, trenutni /etc/dnsmasq.conf:

# Configuration file for dnsmasq.
port=53
domain-needed
bogus-priv

resolv-file=/etc/dnsmasq/resolv.conf
no-resolv

server=8.8.8.8
server=8.8.4.4

interface=wlan0
listen-address=172.16.0.1
bind-interfaces

addn-hosts=/etc/dnsmasq/hosts.conf

dhcp-range=172.16.0.50,172.16.0.150,12h

dhcp-leasefile=/var/lib/misc/dnsmasq.leases

domain=orangepi.wifi
local=/orangepi.wifi/


Vse skupaj sicer zaženem takole (kot root):
nmcli radio wifi off
rfkill unblock wlan
ifconfig wlan0 172.16.0.1 netmask 255.255.255.0 broadcast 172.16.0.255
service dnsmasq restart
/usr/sbin/hostapd /etc/hostapd/hostapd.conf
Kind of an asshole at first sight, but actually a nice guy
when you get to know me personally. :)

BlaY0 ::

A:
dig @172.16.0.1 -x 8.8.8.8
...vrne kaj? Kaj pa vrne:
nmap --script broadcast-dhcp-discover

Zgodovina sprememb…

  • spremenilo: BlaY0 ()

Matthai ::

Oboje sem pognal pri sebi (ko sem bil povezan na Wifi), ter Na OrangePi. V obeh primerih je isto:

dig @172.16.0.1 -x 8.8.8.8


; <<>> DiG 9.11.3-1ubuntu1.5-Ubuntu <<>> @172.16.0.1 -x 8.8.8.8
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53355
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;8.8.8.8.in-addr.arpa.		IN	PTR

;; ANSWER SECTION:
8.8.8.8.in-addr.arpa.	20689	IN	PTR	google-public-dns-a.google.com.

;; Query time: 60 msec
;; SERVER: 172.16.0.1#53(172.16.0.1)
;; WHEN: Fri Mar 08 22:07:24 UTC 2019
;; MSG SIZE  rcvd: 93


Enako v obeh primerih:

sudo nmap --script broadcast-dhcp-discover


Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-08 22:09 UTC
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 12.31 seconds
Kind of an asshole at first sight, but actually a nice guy
when you get to know me personally. :)

Matthai ::

Če kaj pomaga tole... ko na OPi zaženem OpenVPN (ki nastavi default route, itd.), mi le-ta javi tole:

/etc/resolvconf/update.d/libc: Warning: /etc/resolv.conf is not a symbolic link to /run/resolvconf/resolv.conf


Očitno je torej nekaj čudnega tudi z resolvconf...
Kind of an asshole at first sight, but actually a nice guy
when you get to know me personally. :)

BlaY0 ::

Sej ti OK resolva.

OK, nmpa ti ne izpiše dhcpoferja... poglej v /etc/resolv.conf (na WiFi klientu) če ti kaj nastavi... če je notri samo 127.0.0.1 potem poglej kam ti dhclient zapiše lease file in vanj poglej kaj ti dnsmasq servira za domain-name-servers. Če ni 172.16.0.1, potem ga forcaj tako da v dnsmasq.conf dodaš:
dhcp-option=6,172,16,0,1

Zgodovina sprememb…

  • spremenilo: BlaY0 ()

Matthai ::

Hmm, očitno mi nastavi (v Foobuntu ima sedaj kontrolo nad resolv.conf NetworkManager):

cat /run/systemd/resolve/resolv.conf


nameserver 172.16.0.1
nameserver 8.8.8.8
search orangepi.wifi


In v bistvu zdaj dela... mogoče tudi zato, ker sem še enkrat eksplicitno rekel:

nano /etc/NetworkManager/NetworkManager.conf


[main]
plugins=ifupdown,keyfile

[ifupdown]
managed=false

[keyfile]
unmanaged-devices=mac:aa:aa:bb:bb:ab:ba


oz:

[keyfile]
unmanaged-devices=interface-name:wlan0
Kind of an asshole at first sight, but actually a nice guy
when you get to know me personally. :)

BlaY0 ::

Kolikor vem, če je NetworkManager managed, potem ti za DNS resolving skrbi lokalni dnsmasq in imaš posledično v resolv.conf datoteki samo 127.0.0.1, zato sem ti pa napisal da poglej v DHCP lease file če hočeš videti kakšen dhcpoffer dobiš.


Vredno ogleda ...

TemaSporočilaOglediZadnje sporočilo
TemaSporočilaOglediZadnje sporočilo
»

[Alternatvni Firmware za router] Vprašanja in težave

Oddelek: Operacijski sistemi
51006 (276) BivšiUser2
»

dnsmasq problem

Oddelek: Omrežja in internet
121406 (1146) Matthai
»

Orodje za analizo PCAP datotek

Oddelek: Omrežja in internet
6760 (697) Matthai
»

DHCP server

Oddelek: Omrežja in internet
71143 (953) aleksander10
»

osnove routinga

Oddelek: Omrežja in internet
71065 (829) bjelakrez

Več podobnih tem