Re: [Dnsmasq-discuss] dnsmasq / dns server / iptables config glitch?
Not a problem... just trying to help too :) The 127.0.1.1 is a common thing these days, but I don't know why. Yes you can merge them into one 127.0.0.1 line. Rance Hall seemed to have hit the config entry on the head: bind-address 0.0.0.0 instead of isengard. Due to isengard resolving to localhost/127.0.0.1 (or 127.0.1.1 as the case may be), it is still the same as telling mysql to listen only to localhost, so that change made no real difference. You must tell mysql explicitly to listen to all addresses (0.0.0.0) with the bind-addresses listed above. Regards, Mark Adam Hardy wrote: I'm sorry, I must be quite annoying, giving stupid answers to the most basic networking questions. I checked in /etc/hosts: 127.0.0.1 localhost 127.0.1.1 isengard.localdomainisengard I didn't edit /etc/hosts myself so I'm not sure why 127.0.1.1 is in there. My lo interface according to ifconfig is 127.0.0.1 Before my previous email, I had also edited my mysql config via the my.cnf file to make the bind-address=isengard. I guess that explains the netstat output. But I have no idea why 127.0.1.1 is there as well as 127.0.0.1 - what installation programs would have written that, other than the debian system install? If it was just from the system installation, can I get rid of 127.0.1.1 and use all on one line: 127.0.0.1 localhost isengard.localdomain isengard I also don't know whether to put some extra lines in my dnsmasq.conf and dhclient.conf, for instance in dnsmasq.conf the example server=/localnet/192.168.0.1 looks useful, judging from the other stuff I just dealt with, although I'm not sure what purpose it serves. The external NIC using dhclient.conf to get its IP address from the modem seems to be rewriting /etc/resolv.conf. Does dnsmasq deal with this on its own or is there a setting I should be using? My dhclient.conf seems OK: option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, domain-search, host-name, netbios-name-servers, netbios-scope, interface-mtu, rfc3442-classless-static-routes; Regards Adam Mark Beierl on 24/11/09 14:28, wrote: The TIME_WAIT is not an active socket, it's the remnant of a previous connection. I have no idea at all why mysqld has moved to 127.0.1.1. Is the bind address config line set to the host name and is the host name entry in /etc/hosts 127.0.1.1? Unfortunately, I know very little about mysql, so I can't point you in the right direction for configuration... Regards, Mark Adam Hardy wrote: You're right. The result from netstat was: tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 2557/mysqld after changing the bindaddress config in the mysql config as per the docs to free up networking, it then gives this result: adam@isengard:~$ sudo netstat -napt | grep 3306 tcp 0 0 127.0.1.1:33060.0.0.0:* LISTEN 16473/mysqld tcp 0 0 127.0.1.1:53067 127.0.1.1:3306 TIME_WAIT - which looks weird. But then it's probably just because I don't have much experience in this area. Why has it switched over to 127.0.1.1 ? Thanks Adam Mark Beierl on 23/11/09 19:00, wrote: Silly thought but - is mysql configured to listen to 127.0.0.1 only? Something like sudo netstat -napt | grep 3306 ought to show if mysql is listening on 127.0.0.1:3306 or 0.0.0.0:3306. Regards, Mark Adam Hardy wrote: Thought I had a simple problem but I don't really find anything relevant on the web and I'm not getting any responses to my questions here. Just a pointer in the right direction would be helpful - something to put me back on the scent? Thanks Adam Adam Hardy on 20/11/09 20:38, wrote: I have a lan with a gateway machine running an ADSL modem and two NICs with iptables and dnsmasq. It also runs mysql and tomcat but is currently just a simple gateway, I'm not trying to configure any DMZ or fancier stuff like that. My problem is that I can access mysql using 'localhost:3306' but I can't access it on the same box when using the machine name e.g. 'isengard:3306' and my guess is that I have mis-configured either dnsmasq or iptables. I figure that my command "mysql --host=isengard" is probably being resolved as external and then getting blocked by the firewall. My dnsmasq config file, based on the example config but with comments removed, is: domain-needed bogus-priv filterwin2k local=/localdomain/ domain=localdomain dhcp-range=192.168.0.3,192.168.0.254 dhcp-option=option:router,192.168.0.2 dhcp-option=option:mtu,1500 and my resolv.conf file is: nameserver 194.74.65.68 and I think this is getting continually rewritten by dhcp with the nameserver info from the dhcp server on the modem which gives the outside NIC its internet ip address. Does this make any sense? Or rather does anyone see where my s
Re: [Dnsmasq-discuss] dnsmasq / dns server / iptables config glitch?
I'm sorry, I must be quite annoying, giving stupid answers to the most basic networking questions. I checked in /etc/hosts: 127.0.0.1 localhost 127.0.1.1 isengard.localdomainisengard I didn't edit /etc/hosts myself so I'm not sure why 127.0.1.1 is in there. My lo interface according to ifconfig is 127.0.0.1 Before my previous email, I had also edited my mysql config via the my.cnf file to make the bind-address=isengard. I guess that explains the netstat output. But I have no idea why 127.0.1.1 is there as well as 127.0.0.1 - what installation programs would have written that, other than the debian system install? If it was just from the system installation, can I get rid of 127.0.1.1 and use all on one line: 127.0.0.1 localhost isengard.localdomain isengard I also don't know whether to put some extra lines in my dnsmasq.conf and dhclient.conf, for instance in dnsmasq.conf the example server=/localnet/192.168.0.1 looks useful, judging from the other stuff I just dealt with, although I'm not sure what purpose it serves. The external NIC using dhclient.conf to get its IP address from the modem seems to be rewriting /etc/resolv.conf. Does dnsmasq deal with this on its own or is there a setting I should be using? My dhclient.conf seems OK: option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, domain-search, host-name, netbios-name-servers, netbios-scope, interface-mtu, rfc3442-classless-static-routes; Regards Adam Mark Beierl on 24/11/09 14:28, wrote: The TIME_WAIT is not an active socket, it's the remnant of a previous connection. I have no idea at all why mysqld has moved to 127.0.1.1. Is the bind address config line set to the host name and is the host name entry in /etc/hosts 127.0.1.1? Unfortunately, I know very little about mysql, so I can't point you in the right direction for configuration... Regards, Mark Adam Hardy wrote: You're right. The result from netstat was: tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 2557/mysqld after changing the bindaddress config in the mysql config as per the docs to free up networking, it then gives this result: adam@isengard:~$ sudo netstat -napt | grep 3306 tcp 0 0 127.0.1.1:33060.0.0.0:* LISTEN 16473/mysqld tcp 0 0 127.0.1.1:53067 127.0.1.1:3306 TIME_WAIT - which looks weird. But then it's probably just because I don't have much experience in this area. Why has it switched over to 127.0.1.1 ? Thanks Adam Mark Beierl on 23/11/09 19:00, wrote: Silly thought but - is mysql configured to listen to 127.0.0.1 only? Something like sudo netstat -napt | grep 3306 ought to show if mysql is listening on 127.0.0.1:3306 or 0.0.0.0:3306. Regards, Mark Adam Hardy wrote: Thought I had a simple problem but I don't really find anything relevant on the web and I'm not getting any responses to my questions here. Just a pointer in the right direction would be helpful - something to put me back on the scent? Thanks Adam Adam Hardy on 20/11/09 20:38, wrote: I have a lan with a gateway machine running an ADSL modem and two NICs with iptables and dnsmasq. It also runs mysql and tomcat but is currently just a simple gateway, I'm not trying to configure any DMZ or fancier stuff like that. My problem is that I can access mysql using 'localhost:3306' but I can't access it on the same box when using the machine name e.g. 'isengard:3306' and my guess is that I have mis-configured either dnsmasq or iptables. I figure that my command "mysql --host=isengard" is probably being resolved as external and then getting blocked by the firewall. My dnsmasq config file, based on the example config but with comments removed, is: domain-needed bogus-priv filterwin2k local=/localdomain/ domain=localdomain dhcp-range=192.168.0.3,192.168.0.254 dhcp-option=option:router,192.168.0.2 dhcp-option=option:mtu,1500 and my resolv.conf file is: nameserver 194.74.65.68 and I think this is getting continually rewritten by dhcp with the nameserver info from the dhcp server on the modem which gives the outside NIC its internet ip address. Does this make any sense? Or rather does anyone see where my situation is foobarred?
Re: [Dnsmasq-discuss] dnsmasq / dns server / iptables config glitch?
On Tue, Nov 24, 2009 at 8:28 AM, Mark Beierl wrote: > The TIME_WAIT is not an active socket, it's the remnant of a previous > connection. I have no idea at all why mysqld has moved to 127.0.1.1. > Is the bind address config line set to the host name and is the host > name entry in /etc/hosts 127.0.1.1? > > Unfortunately, I know very little about mysql, so I can't point you in > the right direction for configuration... > > Regards, > Mark > > Adam Hardy wrote: >> You're right. The result from netstat was: >> >> >> tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 2557/mysqld >> >> after changing the bindaddress config in the mysql config as per the docs to >> free up networking, it then gives this result: >> >> adam@isengard:~$ sudo netstat -napt | grep 3306 >> tcp 0 0 127.0.1.1:3306 0.0.0.0:* LISTEN 16473/mysqld >> tcp 0 0 127.0.1.1:53067 127.0.1.1:3306 TIME_WAIT - >> >> which looks weird. But then it's probably just because I don't have much >> experience in this area. Why has it switched over to 127.0.1.1 ? >> >> Thanks >> Adam >> The mysql configuration file is my.cnf Its probably in /etc/ somewhere By default mysql listens on the localhost interface only. you can skip networking completely and just use pipes/sockets by using the skip-networking directive in the my.cnf file. Or you can add a bind-address directive to my.cnf. bind-address 0.0.0.0 will listen on all interfaces a series of bind-address x.x.x.x will specify a list of interfaces to listen on (don't forget to include localhost) Rance
Re: [Dnsmasq-discuss] dnsmasq / dns server / iptables config glitch?
The TIME_WAIT is not an active socket, it's the remnant of a previous connection. I have no idea at all why mysqld has moved to 127.0.1.1. Is the bind address config line set to the host name and is the host name entry in /etc/hosts 127.0.1.1? Unfortunately, I know very little about mysql, so I can't point you in the right direction for configuration... Regards, Mark Adam Hardy wrote: You're right. The result from netstat was: tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 2557/mysqld after changing the bindaddress config in the mysql config as per the docs to free up networking, it then gives this result: adam@isengard:~$ sudo netstat -napt | grep 3306 tcp 0 0 127.0.1.1:33060.0.0.0:* LISTEN 16473/mysqld tcp 0 0 127.0.1.1:53067 127.0.1.1:3306 TIME_WAIT - which looks weird. But then it's probably just because I don't have much experience in this area. Why has it switched over to 127.0.1.1 ? Thanks Adam Mark Beierl on 23/11/09 19:00, wrote: Silly thought but - is mysql configured to listen to 127.0.0.1 only? Something like sudo netstat -napt | grep 3306 ought to show if mysql is listening on 127.0.0.1:3306 or 0.0.0.0:3306. Regards, Mark Adam Hardy wrote: Thought I had a simple problem but I don't really find anything relevant on the web and I'm not getting any responses to my questions here. Just a pointer in the right direction would be helpful - something to put me back on the scent? Thanks Adam Adam Hardy on 20/11/09 20:38, wrote: I have a lan with a gateway machine running an ADSL modem and two NICs with iptables and dnsmasq. It also runs mysql and tomcat but is currently just a simple gateway, I'm not trying to configure any DMZ or fancier stuff like that. My problem is that I can access mysql using 'localhost:3306' but I can't access it on the same box when using the machine name e.g. 'isengard:3306' and my guess is that I have mis-configured either dnsmasq or iptables. I figure that my command "mysql --host=isengard" is probably being resolved as external and then getting blocked by the firewall. My dnsmasq config file, based on the example config but with comments removed, is: domain-needed bogus-priv filterwin2k local=/localdomain/ domain=localdomain dhcp-range=192.168.0.3,192.168.0.254 dhcp-option=option:router,192.168.0.2 dhcp-option=option:mtu,1500 and my resolv.conf file is: nameserver 194.74.65.68 and I think this is getting continually rewritten by dhcp with the nameserver info from the dhcp server on the modem which gives the outside NIC its internet ip address. Does this make any sense? Or rather does anyone see where my situation is foobarred? ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] dnsmasq / dns server / iptables config glitch?
You're right. The result from netstat was: tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 2557/mysqld after changing the bindaddress config in the mysql config as per the docs to free up networking, it then gives this result: adam@isengard:~$ sudo netstat -napt | grep 3306 tcp 0 0 127.0.1.1:33060.0.0.0:* LISTEN 16473/mysqld tcp 0 0 127.0.1.1:53067 127.0.1.1:3306 TIME_WAIT - which looks weird. But then it's probably just because I don't have much experience in this area. Why has it switched over to 127.0.1.1 ? Thanks Adam Mark Beierl on 23/11/09 19:00, wrote: Silly thought but - is mysql configured to listen to 127.0.0.1 only? Something like sudo netstat -napt | grep 3306 ought to show if mysql is listening on 127.0.0.1:3306 or 0.0.0.0:3306. Regards, Mark Adam Hardy wrote: Thought I had a simple problem but I don't really find anything relevant on the web and I'm not getting any responses to my questions here. Just a pointer in the right direction would be helpful - something to put me back on the scent? Thanks Adam Adam Hardy on 20/11/09 20:38, wrote: I have a lan with a gateway machine running an ADSL modem and two NICs with iptables and dnsmasq. It also runs mysql and tomcat but is currently just a simple gateway, I'm not trying to configure any DMZ or fancier stuff like that. My problem is that I can access mysql using 'localhost:3306' but I can't access it on the same box when using the machine name e.g. 'isengard:3306' and my guess is that I have mis-configured either dnsmasq or iptables. I figure that my command "mysql --host=isengard" is probably being resolved as external and then getting blocked by the firewall. My dnsmasq config file, based on the example config but with comments removed, is: domain-needed bogus-priv filterwin2k local=/localdomain/ domain=localdomain dhcp-range=192.168.0.3,192.168.0.254 dhcp-option=option:router,192.168.0.2 dhcp-option=option:mtu,1500 and my resolv.conf file is: nameserver 194.74.65.68 and I think this is getting continually rewritten by dhcp with the nameserver info from the dhcp server on the modem which gives the outside NIC its internet ip address. Does this make any sense? Or rather does anyone see where my situation is foobarred? ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
