[Dnsmasq-discuss] Re: Re: DCHP server not assign IP addresses
rune.kock at gmail.com
Tue Nov 18 11:05:31 GMT 2008
On Tue, Nov 18, 2008 at 07:09, Troy Piggins <troy at piggo.com> wrote:
> * Rune Kock wrote :
>>* Troy Piggins wrote:
>>> * Rune Kock wrote :
>>>>* Troy Piggins wrote:
>>>>> My dnsmasq 2.41 doesn't seem to be assigning DHCP IP addresses.
>>>>> Been running the server for some time, but mainly for the DNS
>>>>> side of things. The IP addresses for most machines on my network
>>>>> are static, so hasn't been a problem. But I'm trying to connect
>>>>> to a NAS (WD My Book World Edition) which I believe needs a DHCP
>>>>> server to get an IP address, and I can't interface with it to set
>>>>> it up without one.
>>>> 2) Check your firewall settings. The following is from dnsmasq's FAQ:
>>>> The second potential problem relates to firewall rules: since the ISC
>>>> daemon in some configurations bypasses the kernel firewall rules
>>>> entirely, the ability to run the ISC daemon does not indicate
>>>> that the current configuration is OK for the dnsmasq daemon.
>>>> For the dnsmasq daemon to operate it's vital that UDP packets to
>>>> and from ports 67 and 68 and broadcast packets with source
>>>> address 0.0.0.0 and destination address 255.255.255.255 are not
>>>> dropped by iptables/ipchains.
>>> Both ports allow UDP:
>>> $ sudo iptables-save | grep 67
>>> -A udpincoming_packets -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
>> I'm not entirely fluent in iptables syntax, but to me this sounds like
>> "accept packets with source port 67/68 AND dest port 67/68".
> I see. You're interpretation is correct. I thought the requests
> only came and went on those ports.
>> I believe that you need "accept source port 67/68 OR dest port
> I split the rules up as you suggested.
> It still is not assigning addresses.
I still think that the firewall is the most likely problem. Or is
there some kind of router/wireless between the NAS and your dnsmasq
Try running without any firewall, if that is possible.
Try posting your complete firewall setup; someone on the list may be
able to spot something.
BTW, as Richard pointed out, my suggestion of accepting source or
destination port 67/68, is probably opening more than necessary, thus
creating a small hole in the security of the firewall. I guess that
the correct thing is to allow destination port 67&68, and not fiddle
with source ports at all.
More information about the Dnsmasq-discuss