[Dnsmasq-discuss] dnsmasq / dns server / iptables config glitch?

Tue Nov 24 17:47:36 GMT 2009

I'm sorry, I must be quite annoying, giving stupid answers to the most basic 
networking questions. I checked in /etc/hosts:

127.0.0.1	localhost
127.0.1.1	isengard.localdomain	isengard

I didn't edit /etc/hosts myself so I'm not sure why 127.0.1.1 is in there. My lo 
interface according to ifconfig is 127.0.0.1

Before my previous email, I had also edited my mysql config via the my.cnf file 
to make the bind-address=isengard. I guess that explains the netstat output.

But I have no idea why 127.0.1.1 is there as well as 127.0.0.1 - what 
installation programs would have written that, other than the debian system 
install?

If it was just from the system installation, can I get rid of 127.0.1.1 and use 
all on one line:

127.0.0.1 localhost isengard.localdomain isengard

I also don't know whether to put some extra lines in my dnsmasq.conf and 
dhclient.conf, for instance in dnsmasq.conf the example

server=/localnet/192.168.0.1

looks useful, judging from the other stuff I just dealt with, although I'm not 
sure what purpose it serves.

The external NIC using dhclient.conf to get its IP address from the modem seems 
to be rewriting /etc/resolv.conf. Does dnsmasq deal with this on its own or is 
there a setting I should be using?

My dhclient.conf seems OK:

option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
request subnet-mask, broadcast-address, time-offset, routers,
	domain-name, domain-name-servers, domain-search, host-name,
	netbios-name-servers, netbios-scope, interface-mtu,
	rfc3442-classless-static-routes;

Regards
Adam

Mark Beierl on 24/11/09 14:28, wrote:
> The TIME_WAIT is not an active socket, it's the remnant of a previous 
> connection.  I have no idea at all why mysqld has moved to 127.0.1.1.  
> Is the bind address config line set to the host name and is the host 
> name entry in /etc/hosts 127.0.1.1?
> 
> Unfortunately, I know very little about mysql, so I can't point you in 
> the right direction for configuration...
> 
> Regards,
> Mark
> 
> Adam Hardy wrote:
>> You're right. The result from netstat was:
>>
>>
>> tcp   0   0 127.0.0.1:3306   0.0.0.0:*  LISTEN 2557/mysqld
>>
>> after changing the bindaddress config in the mysql config as per the 
>> docs to free up networking, it then gives this result:
>>
>> adam at isengard:~$ sudo netstat -napt | grep 3306
>> tcp   0   0 127.0.1.1:3306    0.0.0.0:*       LISTEN      16473/mysqld
>> tcp   0   0 127.0.1.1:53067   127.0.1.1:3306  TIME_WAIT   -
>>
>> which looks weird. But then it's probably just because I don't have 
>> much experience in this area. Why has it switched over to 127.0.1.1 ?
>>
>> Thanks
>> Adam
>>
>>
>> Mark Beierl on 23/11/09 19:00, wrote:
>>  
>>> Silly thought but - is mysql configured to listen to 127.0.0.1 only? 
>>> Something like
>>>
>>> sudo netstat -napt | grep 3306
>>>
>>> ought to show if mysql is listening on 127.0.0.1:3306 or 0.0.0.0:3306.
>>>
>>> Regards,
>>> Mark
>>>
>>> Adam Hardy wrote:
>>>    
>>>> Thought I had a simple problem but I don't really find anything 
>>>> relevant on the web and I'm not getting any responses to my 
>>>> questions here.
>>>>
>>>> Just a pointer in the right direction would be helpful - something 
>>>> to put me back on the scent?
>>>>
>>>> Thanks
>>>> Adam
>>>>
>>>> Adam Hardy on 20/11/09 20:38, wrote:
>>>>  
>>>>      
>>>>> I have a lan with a gateway machine running an ADSL modem and two 
>>>>> NICs with iptables and dnsmasq.
>>>>>
>>>>> It also runs mysql and tomcat but is currently just a simple 
>>>>> gateway, I'm not trying to configure any DMZ or fancier stuff like 
>>>>> that.
>>>>>
>>>>> My problem is that I can access mysql using 'localhost:3306' but I 
>>>>> can't access it on the same box when using the machine name e.g. 
>>>>> 'isengard:3306' and my guess is that I have mis-configured either 
>>>>> dnsmasq or iptables.
>>>>>
>>>>> I figure that my command "mysql --host=isengard" is probably being 
>>>>> resolved as external and then getting blocked by the firewall.
>>>>>
>>>>> My dnsmasq config file, based on the example config but with 
>>>>> comments removed, is:
>>>>>
>>>>> domain-needed
>>>>> bogus-priv
>>>>> filterwin2k
>>>>> local=/localdomain/
>>>>> domain=localdomain
>>>>> dhcp-range=192.168.0.3,192.168.0.254
>>>>> dhcp-option=option:router,192.168.0.2
>>>>> dhcp-option=option:mtu,1500
>>>>>
>>>>> and my resolv.conf file is:
>>>>>
>>>>> nameserver 194.74.65.68
>>>>>
>>>>> and I think this is getting continually rewritten by dhcp with the 
>>>>> nameserver info from the dhcp server on the modem which gives the 
>>>>> outside NIC its internet ip address.
>>>>>
>>>>> Does this make any sense? Or rather does anyone see where my 
>>>>> situation is foobarred?