[Dnsmasq-discuss] Firestarter interference
agreig at gmail.com
Fri Sep 16 21:41:51 BST 2005
This email is primarily to document my learning, to hopefully save
someone else some time and frustration getting Firestarter and dnsmasq
working together. As seems to be a common problem, my firewall was
preventing dnsmasq from working as a LAN DHCP server.
By default Firestarter (naturally) denies all inbound connections, so I
attempted to whitelist DHCP packets by adding 'inbound policy rules'.
This turned out to be futile, as Firestarter doesn't consider broadcast
DHCP packets as 'inbound' since it doesn't recognise the destination IP
(255.255.255.255) as belonging to the host. Thus they were classed as
'Unknown' and discarded, regardless of policy rules.
My troubleshooting was complicated by an advanced option I had enabled,
titled "Block broadcasts from external network", which actually dropped
broadcasts on *all* interfaces. I believe this is a bug and will be
following it up.
Firestarter has an explicit option to "Enable DHCP for the local
network" however this turned out to just (re)start ISC dhcpd if you had
it installed. No firewall rules related to the protocol are added by
this option, so it seems a bit of a red herring.
My eventual solution was to add the following line to
/etc/firestarter/user-pre to explicitly allow the DHCP broadcasts early
in the INPUT table:
$IPT -A INPUT -i $INIF -p udp -s 0.0.0.0 --sport 68 -d 255.255.255.255
--dport 67 -j ACCEPT
I hope this tale didn't bore you all too much, and will be useful to
More information about the Dnsmasq-discuss