[Dnsmasq-discuss] Re: DCHP server not assign IP addresses

Tue Nov 18 04:04:28 GMT 2008

On Tue, Nov 18, 2008 at 04:05, Troy Piggins <troy at piggo.com> wrote:
> * Rune Kock wrote :
>>* Troy Piggins wrote:
>>
>>> My dnsmasq 2.41 doesn't seem to be assigning DHCP IP addresses.
>>> Been running the server for some time, but mainly for the DNS
>>> side of things.  The IP addresses for most machines on my network
>>> are static, so hasn't been a problem.  But I'm trying to connect
>>> to a NAS (WD My Book World Edition) which I believe needs a DHCP
>>> server to get an IP address, and I can't interface with it to set
>>> it up without one.
>>>
> [...]
>> 2) Check your firewall settings.  The following is from dnsmasq's FAQ:
>>
>>    The first thing to check is the broadcast address set for the
>>    ethernet interface. This is normally the adddress on the connected
>>    network with all ones in the host part. For instance if the
>>    address of the ethernet interface is 192.168.55.7 and the netmask
>>    is 255.255.255.0 then the broadcast address should be
>>    192.168.55.255. Having a broadcast address which is not on the
>>    network to which the interface is connected kills things stone
>>    dead.
>
> Not sure where this is set in dnsmasq.conf?  The only things I
> have set are shown below[1].  Everything else, I assume, is the
> default.  I searched the excellently commented dnsmasq.conf file
> for "broadcast", and thought I'd try the "dhcp-authoritative"
> command to see if that helped.  It didn't.

Well, this part is about the setup of the network interface.  Check
with ifconfig.

> The only other thing I could find was:
>
> # Send options to hosts which ask for a DHCP lease.
> # See RFC 2132 for details of available options.
> # Note that all the common settings, such as netmask and
> # broadcast address, DNS server and default route, are given
> # sane defaults by dnsmasq. You very likely will not need any
> # any dhcp-options. If you use Windows clients and Samba, there
> # are some options which are recommended, they are detailed at
> # the
> # end of this section.
> # For reference, the common options are:
> # subnet mask - 1
> # default router - 3
> # DNS server - 6
> # broadcast address - 28
>
> But couldn't find what the 28 signified.  Shed any light?

This is irrelevant.  It's about specifying broadcast to the client.

>>    The second potential problem relates to firewall rules: since the ISC
>>    daemon in some configurations bypasses the kernel firewall rules
>>    entirely, the ability to run the ISC daemon does not indicate
>>    that the current configuration is OK for the dnsmasq daemon.
>>    For the dnsmasq daemon to operate it's vital that UDP packets to
>>    and from ports 67 and 68 and broadcast packets with source
>>    address 0.0.0.0 and destination address 255.255.255.255 are not
>>    dropped by iptables/ipchains.
>
> Both ports allow UDP:
>
> $ sudo iptables-save | grep 67
> -A udpincoming_packets -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT

I'm not entirely fluent in iptables syntax, but to me this sounds like
"accept packets with source port 67/68 AND dest port 67/68".  I
believe that you need "accept source port 67/68 OR dest port 67/68".