Re: [Dnsmasq-discuss] Problem using dnsmasq as dhcp
On Wed, Jan 04, 2017 at 06:38:30PM +0100, Archimede Pitagorico wrote: > it was arule in the PREROUTING chain of the raw > table: > > rpfilter --invert -j DROP > > that caused messages incoming from clients to be dropped. And here's another problem: be careful with filtering in the raw table. Filtering should be done in the filter table (which, go figure, may be why they named it "filter".) > > > It is easy to modify the rule to allow dhcp traffic > through, so problem solved. > > > > I have another question however about this: > > ISCs dhcp server uses a lower-level > networkmodel than dnsmasq, and can work despite > iptables rules to the contrary. > > How can an app bypass the kernel firewall? Can you please > suggest a reference for me to understand better? Well, that's overstating it a bit. ISC dhcpd uses raw sockets, and those are (like tcpdump) seen before the netfilter subsystem. But note, a complete DHCP exchange is "DORA": Discover by the client; Offer by the server; Request by the client; and Ack by the server. With dhcpd only DO are not blockable. RA certainly are. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Problem using dnsmasq as dhcp
That was indeed the problem. Thanks a lot! it was a rule in the PREROUTING chain of the raw table: rpfilter --invert -j DROP that caused messages incoming from clients to be dropped. It is easy to modify the rule to allow dhcp traffic through, so problem solved. I have another question however about this: > ISC's dhcp server uses a lower-level network model than dnsmasq, and can work despite iptables rules to the contrary. How can an app bypass the kernel firewall? Can you please suggest a reference for me to understand better? A. Sent: Wednesday, January 04, 2017 at 3:15 AM From: "Kurt H Maier"To: "Archimede Pitagorico" Cc: dnsmasq-discuss@lists.thekelleys.org.uk Subject: Re: [Dnsmasq-discuss] Problem using dnsmasq as dhcp On Mon, Jan 02, 2017 at 05:50:42AM +0100, Archimede Pitagorico wrote: > I am trying to migrate from dhcpd to dnsmasq for my home network, without > much luck. Make sure you don't have any iptables rules in place that would interfere with dnsmasq. ISC's dhcp server uses a lower-level network model than dnsmasq, and can work despite iptables rules to the contrary. Check for rules that are dropping packets with sources or destinations like 0.0.0.0 or 255.255.255.255. khm ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss