[Dnsmasq-discuss] Re: Can not get Dnsmasq to work

Joel Freiberg Joel Freiberg <jefrat72@gmail.com>
Mon, 25 Apr 2005 13:25:03 -0700

 Thank you for the reply.
> The problem was with the firewall, I had to let port 67 thru and in
> /etc/shorewall/interface put in the "dhcp" option on eth1 of the
> Redwall box.  Plus I changed my eth1 interface (Redwall again) from
> to  It is now getting DHCP.  Big moral
> victory for this Linux newbie!
> Thanks again!

=3D =3D =3D Original message =3D =3D =3D

Joel Freiberg wrote:
> I am trying to set up a redwall 0.5.5 firewall and use dnsmasq for
> DNS/DHCP. Off of the Redwall box I have a Redhat 9 virtual machine
> (Virtual PC 2004) running on a XP box.  We have 5 IPs from SBC and I'd
> like to use one for a pure Linux network.
> Let me explain briefly my network setup, let me know if you need more inf=
> I have two nics in the Redwall box, eth0 to SBC, eth1 for my
> internal-LAN.  I use Shorewall to route/firewall traffic.  I ran a
> cable from Redwall eth1 into a hub and connect from the hub to the
> second nic on my XP box (eth1 in XPs eyes) for my RH9 VM.  In the
> Virtual PC settings I set the second nic (a DLink DFE-530TX+) to be
> "adapter 1" or the nic to be used by RH9.  It works just fine if I
> connect it to my other network (off a Netgear router/firewall), I can
> get internet with no problems and pick up a different IP then eth0 on
> my XP box so I know the NIC is fine.
> However, I want RH9 to pick up DHCP from my Dnsmasq on my Redwall box,
> and so far I can not get it to do so.
> Hopefully the above isn't too confusing, I just wanted to give you an
> idea of what I'm trying to do.

I'm boggled.

> /etc/dnsmasq/dnsmasq.conf
>   domain-needed
>   bogus-priv
>   filt erwin2k
>   interface=3Dlo
>   interface=3Deth1
>   expand-hosts
>   domain=3Ddmlinux.local
>   dhcp-range=3D192.168.0.10,,120h
That looks fine.

I'd worry about firewall rules on the redwall box. For DHCP to work,
packets for ports 67 and 68 have to get through, even if they are sent
to the local broadcast address ( and from ( Can
you turn on logging and check fro any packets being dropped to/from
ports 67 and 68?