[Dnsmasq-discuss] dnsmasq / dns server / iptables config glitch?
Adam Hardy
adam.ant at cyberspaceroad.com
Wed Nov 25 20:54:30 GMT 2009
OK I merged the hosts 127.0.1.1 names onto 127.0.0.1 with no ill effects so far,
and with bind-address set to 0.0.0.0 I can see it listening to 0.0.0.0 also no
ill effects. I just have to make sure now that I've got it covered from the
outside world in iptables.
Thanks v. much for the help
Adam
Mark Beierl on 24/11/09 20:37, wrote:
> Not a problem... just trying to help too :)
>
> The 127.0.1.1 is a common thing these days, but I don't know why. Yes
> you can merge them into one 127.0.0.1 line.
>
> Rance Hall seemed to have hit the config entry on the head:
>
> bind-address 0.0.0.0
> instead of isengard. Due to isengard resolving to localhost/127.0.0.1
> (or 127.0.1.1 as the case may be), it is still the same as telling mysql
> to listen only to localhost, so that change made no real difference.
> You must tell mysql explicitly to listen to all addresses (0.0.0.0) with
> the bind-addresses listed above.
>
> Regards,
> Mark
>
> Adam Hardy wrote:
>> I'm sorry, I must be quite annoying, giving stupid answers to the most
>> basic networking questions. I checked in /etc/hosts:
>>
>> 127.0.0.1 localhost
>> 127.0.1.1 isengard.localdomain isengard
>>
>> I didn't edit /etc/hosts myself so I'm not sure why 127.0.1.1 is in
>> there. My lo interface according to ifconfig is 127.0.0.1
>>
>> Before my previous email, I had also edited my mysql config via the
>> my.cnf file to make the bind-address=isengard. I guess that explains
>> the netstat output.
>>
>> But I have no idea why 127.0.1.1 is there as well as 127.0.0.1 - what
>> installation programs would have written that, other than the debian
>> system install?
>>
>> If it was just from the system installation, can I get rid of
>> 127.0.1.1 and use all on one line:
>>
>> 127.0.0.1 localhost isengard.localdomain isengard
>>
>> I also don't know whether to put some extra lines in my dnsmasq.conf
>> and dhclient.conf, for instance in dnsmasq.conf the example
>>
>> server=/localnet/192.168.0.1
>>
>> looks useful, judging from the other stuff I just dealt with, although
>> I'm not sure what purpose it serves.
>>
>> The external NIC using dhclient.conf to get its IP address from the
>> modem seems to be rewriting /etc/resolv.conf. Does dnsmasq deal with
>> this on its own or is there a setting I should be using?
>>
>> My dhclient.conf seems OK:
>>
>> option rfc3442-classless-static-routes code 121 = array of unsigned
>> integer 8;
>> request subnet-mask, broadcast-address, time-offset, routers,
>> domain-name, domain-name-servers, domain-search, host-name,
>> netbios-name-servers, netbios-scope, interface-mtu,
>> rfc3442-classless-static-routes;
>>
>>
>> Regards
>> Adam
>>
>>
>>
>> Mark Beierl on 24/11/09 14:28, wrote:
>>
>>> The TIME_WAIT is not an active socket, it's the remnant of a previous
>>> connection. I have no idea at all why mysqld has moved to
>>> 127.0.1.1. Is the bind address config line set to the host name and
>>> is the host name entry in /etc/hosts 127.0.1.1?
>>>
>>> Unfortunately, I know very little about mysql, so I can't point you
>>> in the right direction for configuration...
>>>
>>> Regards,
>>> Mark
>>>
>>> Adam Hardy wrote:
>>>
>>>> You're right. The result from netstat was:
>>>>
>>>>
>>>> tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 2557/mysqld
>>>>
>>>> after changing the bindaddress config in the mysql config as per the
>>>> docs to free up networking, it then gives this result:
>>>>
>>>> adam at isengard:~$ sudo netstat -napt | grep 3306
>>>> tcp 0 0 127.0.1.1:3306 0.0.0.0:* LISTEN 16473/mysqld
>>>> tcp 0 0 127.0.1.1:53067 127.0.1.1:3306 TIME_WAIT -
>>>>
>>>> which looks weird. But then it's probably just because I don't have
>>>> much experience in this area. Why has it switched over to 127.0.1.1 ?
>>>>
>>>> Thanks
>>>> Adam
>>>>
>>>>
>>>> Mark Beierl on 23/11/09 19:00, wrote:
>>>>
>>>>
>>>>> Silly thought but - is mysql configured to listen to 127.0.0.1
>>>>> only? Something like
>>>>>
>>>>> sudo netstat -napt | grep 3306
>>>>>
>>>>> ought to show if mysql is listening on 127.0.0.1:3306 or 0.0.0.0:3306.
>>>>>
>>>>> Regards,
>>>>> Mark
>>>>>
>>>>> Adam Hardy wrote:
>>>>>
>>>>>> Thought I had a simple problem but I don't really find anything
>>>>>> relevant on the web and I'm not getting any responses to my
>>>>>> questions here.
>>>>>>
>>>>>> Just a pointer in the right direction would be helpful - something
>>>>>> to put me back on the scent?
>>>>>>
>>>>>> Thanks
>>>>>> Adam
>>>>>>
>>>>>> Adam Hardy on 20/11/09 20:38, wrote:
>>>>>>
>>>>>>
>>>>>>> I have a lan with a gateway machine running an ADSL modem and two
>>>>>>> NICs with iptables and dnsmasq.
>>>>>>>
>>>>>>> It also runs mysql and tomcat but is currently just a simple
>>>>>>> gateway, I'm not trying to configure any DMZ or fancier stuff
>>>>>>> like that.
>>>>>>>
>>>>>>> My problem is that I can access mysql using 'localhost:3306' but
>>>>>>> I can't access it on the same box when using the machine name
>>>>>>> e.g. 'isengard:3306' and my guess is that I have mis-configured
>>>>>>> either dnsmasq or iptables.
>>>>>>>
>>>>>>> I figure that my command "mysql --host=isengard" is probably
>>>>>>> being resolved as external and then getting blocked by the firewall.
>>>>>>>
>>>>>>> My dnsmasq config file, based on the example config but with
>>>>>>> comments removed, is:
>>>>>>>
>>>>>>> domain-needed
>>>>>>> bogus-priv
>>>>>>> filterwin2k
>>>>>>> local=/localdomain/
>>>>>>> domain=localdomain
>>>>>>> dhcp-range=192.168.0.3,192.168.0.254
>>>>>>> dhcp-option=option:router,192.168.0.2
>>>>>>> dhcp-option=option:mtu,1500
>>>>>>>
>>>>>>> and my resolv.conf file is:
>>>>>>>
>>>>>>> nameserver 194.74.65.68
>>>>>>>
>>>>>>> and I think this is getting continually rewritten by dhcp with
>>>>>>> the nameserver info from the dhcp server on the modem which gives
>>>>>>> the outside NIC its internet ip address.
>>>>>>>
>>>>>>> Does this make any sense? Or rather does anyone see where my
>>>>>>> situation is foobarred?
More information about the Dnsmasq-discuss
mailing list