Migration from dnsmasq --> IPfire DHCP - Server how to distribute DNS-Server; default. Gateway

bbitsch · 28 February 2024 13:45

Where are those informations from?

DNS server = RED0 is obscure. The default at first startup of dhcp server settings is the configured interface ( for green network it is GREEN0 ).

bonnietwin · 28 February 2024 14:19

They are from the dhcp logs on the client machine.

checkpoint · 28 February 2024 14:43

sorry guys, my mistake ; LAN IP-Address on IT-Provider-Router;

Show you my infrastruktur:

Sorry

checkpoint · 28 February 2024 14:44

YES this is a information from dhcp-client

checkpoint · 28 February 2024 15:10

I make a break now; until tomorrow ; I’ll check why 10.55.55.2 !!! IPfire red0 show me a dhcp-Client

g70p · 29 February 2024 01:04

I think you have unbound stoped due to initial error of duplicate local-zone.

nickh · 29 February 2024 10:51

Can I query your WLAN? is this a separate router acting as a WLAN with its external port on 10.10.10.153 and its wireless LAN on 10.10.10.0/24 also doing DHCP?

I am also confused in your red area as you seem to have VoIP/WLAN-guest on 10.55.55.0/24 and a separate LAN on 10.55.55.1/28?

checkpoint · 29 February 2024 14:12

Moin, Zäma, Hi folks,

sorry about that, but I don’t understand why IPfire distribute his red0 (10.55.55.2) as a DNS Server??? Yes, is it obscure, but it real. All my dhcp-clients have this IP-address in /etc/resolv.conf.
My Net-Layout is correct!

IP Info on IPfire:

ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: green0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc cake state UP group default qlen 1000
    link/ether 00:e0:4c:86:a8:c6 brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.253/24 scope global green0
       valid_lft forever preferred_lft forever
3: red0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc cake state UP group default qlen 1000
    link/ether 00:e0:4c:86:a8:c7 brd ff:ff:ff:ff:ff:ff
    inet 10.55.55.2/28 scope global red0
       valid_lft forever preferred_lft forever

ip r

default via 10.55.55.1 dev red0 
10.10.10.0/24 dev green0 proto kernel scope link src 10.10.10.253 
10.55.55.0/28 dev red0 proto kernel scope link src 10.55.55.2 
10.55.55.1 dev red0 scope link

Which are the relevant config files for setting up dhcp; DNS?
How to config unbound - only cli?

Thanks

checkpoint · 29 February 2024 14:20

@G7 → Solution - duplikate local-zone
It take more time that I understand what local-zone is. For me and I hope that’s right domain = local-zone
I have had two local-zone the reason was: on IPfire zones names are case sensitive. Klara100.lan =/ klara100.lan

Regrads

bbitsch · 29 February 2024 18:43

IPFire is configured basically using the WebGUI.
DHCP has it own page Network → DHCP server
DNS/unbound is set by Network → Domain Name System

To answer your topic question:
dnsmasq is a lightweight DHCP and DNS server.
Therefore you have to sort your dnsmasq settings into the set of DHCP configs and the set of DNS configs. These values can be entered accordingly into the web pages mentioned.
Do not forget to press the ‘save’ buttons! The standard path of configuration is
set values in WebGUI → press save → IPFire stores the value in associated ‘settings’ files, generates the config files and restarts/reloads the service.

checkpoint · 5 March 2024 10:35

Moin, Zäma, Hi,

I have more questions than resolves on my config. Okay, perhaps all things are running well, but I’m not sure.

@Bernhard - I’ve tried to do this, but for me is better to see which file ist responsible for Settings and Information about that.

(In addition, I’m having significant reload problems with my Firefox (openSUSE), which I don’t understand yet. I can call the Settings on IPfire Web-Gui twice and then nothing happens; I delete cache and cookies, and it works again for a few settings.)

So, about settings
For example:

[root@Firewall unbound]# more forward.conf

This file is automatically generated and any changes

will be overwritten. DO NOT EDIT!

stub-zone:
name: Klara100.lan
stub-addr: 10.10.10.253

Who is responsible for setting Klara100.lan? Is it case-sensitive or not?

unbound: [14313:0] error: SERVFAIL <col.eum-appdynamics.com.klara100.lan. A IN>: all the configured stub or forward servers failed, at zone Klara100.lan. from 10.10.10.253 got RE FUSED

What does it mean? Okay I know what refuse mean but is it depended on zone name?

Why distribute IPfire 10.55.55.2 as DNS to all my DCHP-Client; Where is that error config?

Firewall unbound]# hostname --all-ip-addresses
10.10.10.253 10.55.55.2

Any idea?

Greetings

checkpoint · 6 March 2024 16:29

I have offered 38:81:d7:43:f9:4c a static ip address (10.10.10.200) and Texas Inst. take it:
Nmap scan report for 10.10.10.200
Host is up (0.041s latency).
MAC Address: 38:81:D7:43:F9:4C (Texas Instruments)
Nmap scan report for Firewall.klara100.lan (10.10.10.253)

Question 1.
where is this devices in my Network?? How can I found it?
Q2:
why take Texas not ip address from my range?

Greetings

nickh · 6 March 2024 17:05

I have seen a routing loop created before with VoIP phones where they have two sockets, one of which is supposed to be a switch which can then be plugged into a PC. Someone connected network cables from two different LAN sockets, one into each socket on the phone. Not easy to track down, but you need to start segmenting your network disconnecting bits of it bit by bit and perhaps do some packet sniffing.