<div dir="ltr">Sure! It's a<font face="arial, helvetica, sans-serif"> long story, but perhaps interesting. I got a</font><span style="font-family:arial,helvetica,sans-serif;color:rgb(36,41,46)"> </span><a href="https://www.amazon.com/gp/product/B01M3WPT91/" rel="nofollow" style="color:rgb(3,102,214);font-family:arial,helvetica,sans-serif;box-sizing:border-box;text-decoration-line:none">quad core 2.42 GHz, 8GB ram 128GB SSD WIFI, dual nic, Thin Mini PC</a><font color="#24292e" face="arial, helvetica, sans-serif"> off Amazon that I had intended to use as my home router running pfsense. I have really crappy DSL at home with an average speed of 1.5Mbps. I have a tablet with 5G and "unlimited" data that I can tether through USB that occasionally gets deprioritized. (TMobile aint great but it beats everything else) So my plan was a router that could switch between DSL and tethered tablet and provide a hopefully better home internet environment.</font><div><font color="#24292e" face="arial, helvetica, sans-serif"><br></font></div><div><font color="#24292e" face="arial, helvetica, sans-serif">The device has USB, two nics and wifi. When I went to install pfsense I discovered that the wifi and tethered tablet drivers were missing and not being a linux kernel guy it sounded like a daunting task to get that working. I had a ubuntu desktop live usb stick that I was using to get hardware info for the pfsense installation and it seemed to work great. So I just installed that. I've only ever used linux in vms as servers so this was also an opportunity to learn a new desktop environment. Aside from the router, I also have several <a href="https://www.tp-link.com/us/products/details/cat-5711_TL-SG105E.html">smart switches</a> and three <a href="https://www.tp-link.com/eg/products/details/cat-12_TL-WA901ND.html">wireless access points</a>. The router's wifi didn't cover the whole house and amazon echo's intercom feature was too cool not to utilize. Long term, I'd like to isolate the access points on their own vlan (practice good security etc) but that is in the backlog for after I get the basic configuration working.</font></div><div><font color="#24292e" face="arial, helvetica, sans-serif"><br></font></div><div><font color="#24292e" face="arial, helvetica, sans-serif">So this is where things get interesting. All my linux friends told me I should start ripping parts out of my ubuntu distro and just use iptables, shorewall, dhcd, etc. I used to work on Windows at Microsoft and it didn't make sense to me that Ubuntu developers would not make the best choices of technologies when building Ubuntu and all ripping out services and swimming upstream would buy me is that opportunity to relearn why the Ubuntu developers made the choices they made. So instead of fighting the system I would embrace it and learn to use it as best as I could. I acknowledge this is cathedral thinking in the bazaar but I feel like I'm really close to getting it all working.</font></div><div><font face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif">Anyway, when I configure network manager to share my wifi and one of my nics, it runs three copies of dnsmasq like so.</font></div><div></div><div><font color="#24292e" face="arial, helvetica, sans-serif"><br></font></div><div><font color="#24292e" face="arial, helvetica, sans-serif"><div>/usr/sbin/dnsmasq</div><div> --no-resolv</div><div> --keep-in-foreground</div><div> --no-hosts</div><div> --bind-interfaces</div><div> --pid-file=/var/run/NetworkManager/dnsmasq.pid</div><div> --listen-address=127.0.1.1</div><div> --cache-size=0</div><div> --conf-file=/dev/null</div><div> --proxy-dnssec</div><div> --enable-dbus=org.freedesktop.NetworkManager.dnsmasq</div><div> --conf-dir=/etc/NetworkManager/dnsmasq.d</div><div><br></div><div>/usr/sbin/dnsmasq</div><div> --conf-file</div><div> --no-hosts</div><div> --keep-in-foreground</div><div> --bind-interfaces</div><div> --except-interface=lo</div><div> --clear-on-reload</div><div> --strict-order</div><div> --listen-address=192.168.69.1</div><div> --dhcp-range=192.168.69.10,192.168.69.254,60m</div><div> --dhcp-option=option:router,192.168.69.1</div><div> --dhcp-lease-max=50</div><div> --pid-file=/var/run/nm-dnsmasq-wlp2s0b1.pid</div><div> --conf-dir=/etc/NetworkManager/dnsmasq-shared.d</div><div><br></div><div>/usr/sbin/dnsmasq</div><div> --conf-file</div><div> --no-hosts</div><div> --keep-in-foreground</div><div> --bind-interfaces</div><div> --except-interface=lo</div><div> --clear-on-reload</div><div> --strict-order</div><div> --listen-address=192.168.0.254</div><div> --dhcp-range=192.168.0.1,192.168.0.245,60m</div><div> --dhcp-option=option:router,192.168.0.254</div><div> --dhcp-lease-max=50</div><div> --pid-file=/var/run/nm-dnsmasq-enp3s0.pid</div><div> --conf-dir=/etc/NetworkManager/dnsmasq-shared.d</div><div><br></div><div>The first one is for dns and I have a conf file in /etc/NetworkManager/dnsmasq.d with the single line</div><div><br></div><div>cache-size=1000<br></div></font><font color="#24292e" face="arial, helvetica, sans-serif"><div><br></div><div>The next one is for dhcp on my wifi and the last one is for dhcp on my nic. Unfortunately they use the same conf-dir (/etc/NetworkManager/dnsmasq-shared.d). I currently have one file there that looks like this</div></font><font color="#24292e" face="arial, helvetica, sans-serif"><div><br></div><div><div>#</div><div># HUBS</div><div>dhcp-host=<mac address>,192.168.0.10,den-hub</div><div>dhcp-host=<mac address>,192.168.0.11,master-hub</div><div>dhcp-host=<mac address>,192.168.0.12,utility-hub</div><div>dhcp-host=<mac address>,192.168.0.13,gaming-hub</div><div>dhcp-host=<mac address>,192.168.0.14,pantry-hub</div><div>#</div><div># WAPS</div><div>dhcp-host=<mac address>,192.168.0.20,sunroom-wap</div><div>dhcp-host=<mac address>,192.168.0.21,master-wap</div><div>dhcp-host=<mac address>,192.168.0.22,gaming-wap</div><div>#</div><div># SUNROOM DEVICES</div><div>dhcp-host=<mac address>,192.168.0.30,printer</div><div>dhcp-host=<mac address>,192.168.0.31,laser</div><div>#</div><div># DEN DEVICES</div><div>dhcp-host=<mac address>,192.168.0.253,watchdog</div><div>#</div><div># MASTER DEVICES</div><div>dhcp-host=<mac address>,192.168.0.252,keeper,infinite</div><div>dhcp-host=<mac address>,192.168.0.40,wdtv,infinite</div><div>dhcp-host=<mac address>,192.168.0.148,kodi,infinite</div><div>#</div><div># UTILITY DEVICES</div><div>#</div><div># REC ROOM DEVICES</div><div>#</div><div># WIRELESS DEVICES</div><div><br></div><div>#</div><div># OTHER SETTINGS</div><div>#dhcp-ignore=tag:!known</div></div><div>dhcp-lease-max=1000</div></font><div><font face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif">long term, I'd like to static configure all devices on my home nic and my wireless and only to do dhcp on the vlan for guest wifi. Then I could uncomment the dhcp-ignore line and devices would need to be explicitly added to the conf to get access to anything on my LAN other than the internet. I feel like if I understood tags better I might be able to figure out how to do this. Otherwise I might need to see if I can get a PR into NetworkManager to use different conf-dirs when multiple networks are shared.</font></div><div><font face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif">So probably more than you were asking for, but I hope it helps.</font></div></div><div><font face="arial, helvetica, sans-serif"><br></font></div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Go Carefully,<div><br></div><div>SeanK</div></div></div></div><br></div><br><div class="gmail_quote"><div dir="ltr">On Thu, Jan 3, 2019 at 12:20 PM Simon Kelley <<a href="mailto:simon@thekelleys.org.uk">simon@thekelleys.org.uk</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">The leftmost 0 means that the leases are infinite, they never expire,<br>
which might explain why you're running out of leases.<br>
<br>
There can be duplicate leases per MAC address, but there should never be<br>
duplicate leases for an IP address. So I'm interested in finding out how<br>
you've contrived this situation. Please could you share as much<br>
information as possible about network and dnsmasq configuration?<br>
<br>
<br>
Cheers,<br>
<br>
Simon.<br>
<br>
<br>
On 02/01/2019 04:01, Sean Kelly wrote:<br>
> when I cat the file I see mutiple entries for the same MAC address, what<br>
> does this mean?<br>
> <br>
> 0 98:de:d0:bb:11:0c 192.168.0.10 * 01:98:de:d0:bb:11:0c<br>
> 0 98:de:d0:bb:11:0c 192.168.0.10 * 01:98:de:d0:bb:11:0c<br>
> 0 98:de:d0:2c:0e:4c 192.168.0.20 * 01:98:de:d0:2c:0e:4c<br>
> 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf<br>
> 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92<br>
> 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf<br>
> 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92<br>
> 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92<br>
> 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf<br>
> 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92<br>
> 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf<br>
> 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf<br>
> 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92<br>
> 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf<br>
> 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92<br>
> 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92<br>
> 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf<br>
> 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92<br>
> 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf<br>
> 0 44:80:eb:95:2a:b4 192.168.0.66 * 01:44:80:eb:95:2a:b4<br>
> 0 44:80:eb:95:2a:b4 192.168.0.66 miri-phone 01:44:80:eb:95:2a:b4<br>
> 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf<br>
> 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92<br>
> 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf<br>
> 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92<br>
> 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92<br>
> 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf<br>
> 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92<br>
> 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf<br>
> 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf<br>
> 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92<br>
> 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf<br>
> 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92<br>
> 0 00:90:a9:6a:0b:92 192.168.0.40 * 01:00:90:a9:6a:0b:92<br>
> 0 00:1a:62:01:17:cf 192.168.0.252 * 01:00:1a:62:01:17:cf<br>
> Can I trim multiple entriesor is it safe to ignore them? I just<br>
> recently got the dnsmasq NO LEASES LEFT error and was concerned that<br>
> these duplicate entries contributed to the dhcp-max-leases count. Can I<br>
> delete them safely?<br>
> <br>
> Go Carefully,<br>
> <br>
> SeanK<br>
> <br>
> _______________________________________________<br>
> Dnsmasq-discuss mailing list<br>
> <a href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">Dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
> <a href="http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss" rel="noreferrer" target="_blank">http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss</a><br>
> <br>
<br>
_______________________________________________<br>
Dnsmasq-discuss mailing list<br>
<a href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">Dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
<a href="http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss" rel="noreferrer" target="_blank">http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss</a><br>
</blockquote></div>