[Dnsmasq-discuss] dnsmasq / dns server / iptables config glitch?

Adam Hardy adam.ant at cyberspaceroad.com
Wed Nov 25 20:54:30 GMT 2009


OK I merged the hosts 127.0.1.1 names onto 127.0.0.1 with no ill effects so far, 
and with bind-address set to 0.0.0.0 I can see it listening to 0.0.0.0 also no 
ill effects. I just have to make sure now that I've got it covered from the 
outside world in iptables.

Thanks v. much for the help

Adam

Mark Beierl on 24/11/09 20:37, wrote:
> Not a problem... just trying to help too :)
> 
> The 127.0.1.1 is a common thing these days, but I don't know why.  Yes 
> you can merge them into one 127.0.0.1 line.
> 
> Rance Hall seemed to have hit the config entry on the head:
> 
> bind-address 0.0.0.0 
> instead of isengard.  Due to isengard resolving to localhost/127.0.0.1 
> (or 127.0.1.1 as the case may be), it is still the same as telling mysql 
> to listen only to localhost, so that change made no real difference.  
> You must tell mysql explicitly to listen to all addresses (0.0.0.0) with 
> the bind-addresses listed above.
> 
> Regards,
> Mark
> 
> Adam Hardy wrote:
>> I'm sorry, I must be quite annoying, giving stupid answers to the most 
>> basic networking questions. I checked in /etc/hosts:
>>
>> 127.0.0.1    localhost
>> 127.0.1.1    isengard.localdomain    isengard
>>
>> I didn't edit /etc/hosts myself so I'm not sure why 127.0.1.1 is in 
>> there. My lo interface according to ifconfig is 127.0.0.1
>>
>> Before my previous email, I had also edited my mysql config via the 
>> my.cnf file to make the bind-address=isengard. I guess that explains 
>> the netstat output.
>>
>> But I have no idea why 127.0.1.1 is there as well as 127.0.0.1 - what 
>> installation programs would have written that, other than the debian 
>> system install?
>>
>> If it was just from the system installation, can I get rid of 
>> 127.0.1.1 and use all on one line:
>>
>> 127.0.0.1 localhost isengard.localdomain isengard
>>
>> I also don't know whether to put some extra lines in my dnsmasq.conf 
>> and dhclient.conf, for instance in dnsmasq.conf the example
>>
>> server=/localnet/192.168.0.1
>>
>> looks useful, judging from the other stuff I just dealt with, although 
>> I'm not sure what purpose it serves.
>>
>> The external NIC using dhclient.conf to get its IP address from the 
>> modem seems to be rewriting /etc/resolv.conf. Does dnsmasq deal with 
>> this on its own or is there a setting I should be using?
>>
>> My dhclient.conf seems OK:
>>
>> option rfc3442-classless-static-routes code 121 = array of unsigned 
>> integer 8;
>> request subnet-mask, broadcast-address, time-offset, routers,
>>     domain-name, domain-name-servers, domain-search, host-name,
>>     netbios-name-servers, netbios-scope, interface-mtu,
>>     rfc3442-classless-static-routes;
>>
>>
>> Regards
>> Adam
>>
>>
>>
>> Mark Beierl on 24/11/09 14:28, wrote:
>>  
>>> The TIME_WAIT is not an active socket, it's the remnant of a previous 
>>> connection.  I have no idea at all why mysqld has moved to 
>>> 127.0.1.1.  Is the bind address config line set to the host name and 
>>> is the host name entry in /etc/hosts 127.0.1.1?
>>>
>>> Unfortunately, I know very little about mysql, so I can't point you 
>>> in the right direction for configuration...
>>>
>>> Regards,
>>> Mark
>>>
>>> Adam Hardy wrote:
>>>    
>>>> You're right. The result from netstat was:
>>>>
>>>>
>>>> tcp   0   0 127.0.0.1:3306   0.0.0.0:*  LISTEN 2557/mysqld
>>>>
>>>> after changing the bindaddress config in the mysql config as per the 
>>>> docs to free up networking, it then gives this result:
>>>>
>>>> adam at isengard:~$ sudo netstat -napt | grep 3306
>>>> tcp   0   0 127.0.1.1:3306    0.0.0.0:*       LISTEN      16473/mysqld
>>>> tcp   0   0 127.0.1.1:53067   127.0.1.1:3306  TIME_WAIT   -
>>>>
>>>> which looks weird. But then it's probably just because I don't have 
>>>> much experience in this area. Why has it switched over to 127.0.1.1 ?
>>>>
>>>> Thanks
>>>> Adam
>>>>
>>>>
>>>> Mark Beierl on 23/11/09 19:00, wrote:
>>>>  
>>>>      
>>>>> Silly thought but - is mysql configured to listen to 127.0.0.1 
>>>>> only? Something like
>>>>>
>>>>> sudo netstat -napt | grep 3306
>>>>>
>>>>> ought to show if mysql is listening on 127.0.0.1:3306 or 0.0.0.0:3306.
>>>>>
>>>>> Regards,
>>>>> Mark
>>>>>
>>>>> Adam Hardy wrote:
>>>>>           
>>>>>> Thought I had a simple problem but I don't really find anything 
>>>>>> relevant on the web and I'm not getting any responses to my 
>>>>>> questions here.
>>>>>>
>>>>>> Just a pointer in the right direction would be helpful - something 
>>>>>> to put me back on the scent?
>>>>>>
>>>>>> Thanks
>>>>>> Adam
>>>>>>
>>>>>> Adam Hardy on 20/11/09 20:38, wrote:
>>>>>>  
>>>>>>               
>>>>>>> I have a lan with a gateway machine running an ADSL modem and two 
>>>>>>> NICs with iptables and dnsmasq.
>>>>>>>
>>>>>>> It also runs mysql and tomcat but is currently just a simple 
>>>>>>> gateway, I'm not trying to configure any DMZ or fancier stuff 
>>>>>>> like that.
>>>>>>>
>>>>>>> My problem is that I can access mysql using 'localhost:3306' but 
>>>>>>> I can't access it on the same box when using the machine name 
>>>>>>> e.g. 'isengard:3306' and my guess is that I have mis-configured 
>>>>>>> either dnsmasq or iptables.
>>>>>>>
>>>>>>> I figure that my command "mysql --host=isengard" is probably 
>>>>>>> being resolved as external and then getting blocked by the firewall.
>>>>>>>
>>>>>>> My dnsmasq config file, based on the example config but with 
>>>>>>> comments removed, is:
>>>>>>>
>>>>>>> domain-needed
>>>>>>> bogus-priv
>>>>>>> filterwin2k
>>>>>>> local=/localdomain/
>>>>>>> domain=localdomain
>>>>>>> dhcp-range=192.168.0.3,192.168.0.254
>>>>>>> dhcp-option=option:router,192.168.0.2
>>>>>>> dhcp-option=option:mtu,1500
>>>>>>>
>>>>>>> and my resolv.conf file is:
>>>>>>>
>>>>>>> nameserver 194.74.65.68
>>>>>>>
>>>>>>> and I think this is getting continually rewritten by dhcp with 
>>>>>>> the nameserver info from the dhcp server on the modem which gives 
>>>>>>> the outside NIC its internet ip address.
>>>>>>>
>>>>>>> Does this make any sense? Or rather does anyone see where my 
>>>>>>> situation is foobarred?




More information about the Dnsmasq-discuss mailing list