[Dnsmasq-discuss] New setup. DNS OK, DHCP is silent

Lovelady, Dennis E. dlovelady1 at dtcc.com
Sat Nov 24 14:30:36 GMT 2012


Hi, Folks.  I'm trying to set up a new dhcp server using dnsmasq.  I have the following configuration
>>>
domain-needed
bogus-priv
expand-hosts
domain=***.com # Yeah, I know.  It's masked for internet
dhcp-range=192.168.158.64,192.168.158.191,24h
dhcp-host=90:2b:34:36:ae:bc,papa,192.168.158.3,infinite
dhcp-option=option:router,192.168.158.1
log-queries
log-dhcp
<<<

ifconfig on the server shows:
>>>
eth0      Link encap:Ethernet  HWaddr C0:3F:0E:BC:43:B9
          inet addr:192.168.158.2  Bcast:192.168.158.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:20353 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3409 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:532
          RX bytes:2725952 (2.5 MiB)  TX bytes:692256 (676.0 KiB)
          Interrupt:11
<<<

dnsmasq is  serving DNS just fine, but DHCP seems unresponsive.  The log (/var/log/messages) shows:

delovelady at stora-2 /home/log> tail -100 /home/log/messages|grep dnsmasq
>>>
Nov 24 00:15:40 stora-2 dnsmasq[5952]: exiting on receipt of SIGTERM
--- config change and restart ---
Nov 24 00:15:40 stora-2 dnsmasq[6189]: started, version 2.62 cachesize 150
Nov 24 00:15:40 stora-2 dnsmasq[6189]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN
DHCP DHCPv6 no-Lua TFTP no-conntrack
Nov 24 00:15:40 stora-2 dnsmasq[6189]: reading /etc/resolv.conf
Nov 24 00:15:40 stora-2 dnsmasq[6189]: using nameserver 192.168.158.1#53
Nov 24 00:15:40 stora-2 dnsmasq[6189]: ignoring nameserver 127.0.0.1 - local interface
Nov 24 00:15:40 stora-2 dnsmasq[6189]: read /etc/hosts - 22 addresses
Nov 24 00:20:27 stora-2 dnsmasq[6189]: exiting on receipt of SIGTERM
--- config change and restart ---
Nov 24 00:20:27 stora-2 dnsmasq[6508]: started, version 2.62 cachesize 150
Nov 24 00:20:27 stora-2 dnsmasq[6508]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN
DHCP DHCPv6 no-Lua TFTP no-conntrack
Nov 24 00:20:27 stora-2 dnsmasq[6508]: reading /etc/resolv.conf
Nov 24 00:20:27 stora-2 dnsmasq[6508]: using nameserver 192.168.158.1#53
Nov 24 00:20:27 stora-2 dnsmasq[6508]: ignoring nameserver 127.0.0.1 - local interface
Nov 24 00:20:27 stora-2 dnsmasq[6508]: read /etc/hosts - 22 addresses
<<<

This is on a new network. When I attach a server or PC that is set up for DHCP, no connection gets established.  But if I set up for fixed addresses on the 192.168.158 net, all is well, worldwide.  All systems can access this system via ssh.  The output from iptables -L is very slow (about half a minute), and results in:
sudo iptables -L
>>>
audit_log_user_command(): Connection refused
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
INPUT-INTERNAL  all  --  169.254.0.0/16       anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     tcp  --  anywhere             anywhere            tcp dpt:printer reject-with icmp-port-unreachable
INPUT-INTERNAL  all  --  192.168.158.0/24     anywhere
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
REJECT     tcp  --  anywhere             anywhere            tcp dpt:auth reject-with icmp-admin-prohibited
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain INPUT-INTERNAL (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
<<<<
I have no idea why iptables woulod be so slow to list... (?)  I also don't know why 169.254 is so prominent in that list!  (I'm even less of an itables expert than I am dnsmasq.  But I tried this also after "sudo service iptables stop" to no benefit.)

What else might I provide, and what am I missing?  This looks to me like it should be working, and should be logging its success.  But it's always/usually something I missed, so go ahead; hit me with your best shot.  Please.  :)

Dennis Lovelady
--
"Money is what you'd get on beautifully without if only other people weren't so crazy about it."
       - Margaret Case Harriman



<BR>_____________________________________________________________
<FONT size=2><BR>
DTCC DISCLAIMER: This email and any files transmitted with it are
confidential and intended solely for the use of the individual or
entity to whom they are addressed. If you have received this email
in error, please notify us immediately and delete the email and any
attachments from your system. The recipient should check this email
and any attachments for the presence of viruses.  The company
accepts no liability for any damage caused by any virus transmitted
by this email.</FONT>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20121124/78f4b9e8/attachment.html>


More information about the Dnsmasq-discuss mailing list