[Dnsmasq-discuss] dnasmasq/ntp/shorewall conandrum: can't make clients query locally ...
Jim Alles
kb3tbx at gmail.com
Mon Mar 2 16:46:02 GMT 2015
looking again at man, mode is to come before netmask.
*-F,
--dhcp-range=[tag:<tag>[,tag:<tag>],][set:<tag>,]<start-addr>[,<end-addr>][,<mode>][,<netmask>[,<broadcast>]][,<lease
time>]*
*therefore: *dhcp-range=10.10.0.0,static,255.255.0.0
There is nothing in the log?
On Mon, Mar 2, 2015 at 9:39 AM, Johannes Graumann <johannes_graumann at web.de>
wrote:
> Not correct. From the default file:
>
> # Specify a subnet which can't be used for dynamic address allocation,
> # is available for hosts with matching --dhcp-host lines. Note that
> # dhcp-host declarations will be ignored unless there is a dhcp-range
> # of some type for the subnet in question.
> # In this case the netmask is implied (it comes from the network
> # configuration on the machine running dnsmasq) it is possible to give
> # an explicit netmask instead.
> dhcp-range=10.10.0.0,255.255.0.0,static
>
> Works here.
>
> Joh
>
> Jim Alles wrote:
>
> > Your DHCP range is not what is required: a pair of start and stop IP
> > addresses. like 10.10.0.2, 10.10.255.254
> >
> > - look at syslog and see what dnsmasq is complaining about.
> >
> > On Sat, Feb 28, 2015 at 11:53 AM, Johannes Graumann
> > <johannes_graumann at web.de> wrote:
> >> Hello,
> >>
> >> I'm running a debian firewall that uses dnsmasq to provide dhcp to the
> >> local subnets, firewalls usng shorewall and has ntpd running to locally
> >> serve time as well.
> >>
> >> The relevant (according to me) config options look as follows:
> >> 1) /etc/dnsmasq.conf
> >> bogus-priv
> >> interface=eth1
> >> interface=eth2
> >> domain=<MYDOMAIN>
> >> dhcp-range=10.10.0.0,255.255.0.0,static
> >> # One of many hosts
> >> dhcp-host=f0:da:f3:c4:59:b7,68:d8:19:ab:b3:c9,onemachine,10.10.1.2,2h
> >> dhcp-option=42,10.10.1.1
> >>
> >> 2) /etc/shorwall/rules
> >> # Accept pwln networ access to $FW as ntp server
> >> NTP(ACCEPT) pwln $FW
> >>
> >> 3) /etc/ntp.conf
> >> driftfile /var/lib/ntp/ntp.drift
> >> statistics loopstats peerstats clockstats
> >> filegen loopstats file loopstats type day enable
> >> filegen peerstats file peerstats type day enable
> >> filegen clockstats file clockstats type day enable
> >> server 0.debian.pool.ntp.org iburst
> >> server 1.debian.pool.ntp.org iburst
> >> server 2.debian.pool.ntp.org iburst
> >> server 3.debian.pool.ntp.org iburst
> >> restrict default nopeer nomodify notrap noquery
> >> restrict 127.0.0.1
> >> restrict 10.10.0.0 mask 255.255.0.0
> >>
> >> Despite all this, my logs get flooded with things like this:
> >>> Feb 28 18:02:52 morannon kernel: [241886.597125]
> >>> Shorewall:pwln2net:REJECT:IN=eth1 OUT=eth0
> >>> MAC=00:00:24:d0:62:dd:00:0d:b9:1a:85:b4:08:00 SRC=10.10.1.70
> >>> DST=194.27.44.55 LEN=76 TOS=0x10 PREC=0x00 TTL=63 ID=4016 DF PROTO=UDP
> >>> SPT=50658 DPT=123 LEN=56
> >>
> >> Which I interpret as 10.10.1.70 NOT heeding the NTP proposal
> (supposedly)
> >> served by dnsmasq and trying to get time from outside (destination port
> >> (DPT) 123 = NTP).
> >>
> >> What may be going on? Anything obvious I'm screwing up?
> >>
> >> Sincerely, Joh
> >>
> >>
> >>
> >> _______________________________________________
> >> Dnsmasq-discuss mailing list
> >> Dnsmasq-discuss at lists.thekelleys.org.uk
> >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20150302/2658691d/attachment.html>
More information about the Dnsmasq-discuss
mailing list