dnsmasq as router with espressobin

This forum is for topics dealing with problems with software specifically in the AArch64 repo.
Topic locked

dnsmasq as router with espressobin

Postby Morta » Sun Jun 30, 2019 11:54 am

Hi!

I have a Espressobin V7 and would make a router with this tutorial

https://blog.tjll.net/building-my-perfect-router/


Dnsmasq is nativ with ArchLinux ARM

That is dnsmasq.conf of the floder /etc

$this->bbcode_second_pass_quote('', '#') Listen for requests on this interface
interface=br0

# Address range to draw from
dhcp-range=192.168.1.5,192.168.1.250,255.255.255.0,24h

# Default route for clients (the address we used in /etc/systemd/network/br0.network)
dhcp-option=option:router,192.168.1.1



cat /etc/systemd/network/


$this->bbcode_second_pass_quote('', 'b')r0.netdev

[NetDev]
Name=br0
Kind=bridge



$this->bbcode_second_pass_quote('', 'b')r0.network

[Match]
Name=br0

[Network]
Address=192.168.1.1/24
IPForward=ipv4
#IPMasquerade=yes not activ while I need 1 Gbit/s between wan and br0
ConfigureWithoutCarrier=yes



$this->bbcode_second_pass_quote('', '
')eth0.network

[Match]
Name=eth0


lan.network
$this->bbcode_second_pass_quote('', '
')[Match]
Name=lan*

[Network]
Bridge=br0
BindCarrier=eth0



wan.network
$this->bbcode_second_pass_quote('', '
')[Match]
Name=wan

[Network]
DHCP=yes
DNSSEC=no
BindCarrier=eth0
IPForward=ipv4

Error when i start dnsmasq with

systemctl start dnsmasq


May 13 00:49:46 alarm systemd-resolved[344]: Using degraded feature set (UDP) f>
May 13 00:49:50 alarm systemd-resolved[344]: Using degraded feature set (UDP) f>
lines 2046-2068/2068 (END)[ 1302.028960] audit: type=1130 audit(1557699855.230:359): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=dnsmasq comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[ 1302.048344] audit: type=1131 audit(1557699855.230:360): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=dnsmasq comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[ 1302.105771] audit: type=1130 audit(1557699855.310:361): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=dnsmasq comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'

ifconfig


[root@alarm ~]# ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 2a02:120b:c3f6:f671:50ea:a8ff:fe06:b6a prefixlen 64 scopeid 0x0<global>
inet6 fe80::50ea:a8ff:fe06:b6a prefixlen 64 scopeid 0x20<link>
ether 52:ea:a8:06:0b:6a txqueuelen 1000 (Ethernet)
RX packets 722 bytes 408503 (398.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 562 bytes 70734 (69.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1508
inet6 fe80::f2ad:4eff:fe09:6a7f prefixlen 64 scopeid 0x20<link>
ether f0:ad:4e:09:6a:7f txqueuelen 1024 (Ethernet)
RX packets 722 bytes 424387 (414.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 582 bytes 76891 (75.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 11

lan0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether f0:ad:4e:09:6a:7f txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lan1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether f0:ad:4e:09:6a:7f txqueuelen 1000 (Ethernet)
RX packets 722 bytes 408503 (398.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 562 bytes 70734 (69.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 80 bytes 6320 (6.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 80 bytes 6320 (6.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

wan: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether f0:ad:4e:09:6a:7f txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

[Click and drag to move]

What is wrong ?

And have also no Internet

I pluged a FritzBox 5490 with DHCP v6 and v4 to the Wan Port

Shorewall is not running
Last edited by Morta on Sun Jun 30, 2019 1:34 pm, edited 1 time in total.
Morta
 
Posts: 6
Joined: Sun Jun 30, 2019 11:48 am
Top

Re: dnsmasq as router with espressobin

Postby Morta » Sun Jun 30, 2019 1:32 pm

The Switch is wrong detected by the kernel or of networkd configuration ....
The WAN Port is on the rightest side and not left

It that a issue by me of the Network Configuration or by Kernel?
Morta
 
Posts: 6
Joined: Sun Jun 30, 2019 11:48 am
Top

Re: dnsmasq as router with espressobin

Postby Morta » Thu Jul 04, 2019 5:14 pm

A little update to bring dnsmasq as router

The switch of espressobin v7 is working correctly.
It's little bit difusing that the wan port is left nearby USB3 Port

So the client gets IP-Address from the Router and the dns look up working but no Internet Traffic

The hint was:
Updating the espressobin to the latest version of all pacman packages

pacman -Syu


cat /etc/resolv.conf

$this->bbcode_second_pass_quote('', '
')nameserver 8.8.8.8
nameserver 8.8.4.4


cat /etc/systemd/resolved.conf

$this->bbcode_second_pass_quote('', '[')Resolve]
DNS=172.104.136.243 51.15.98.97 2a01:7e01::f03c:91ff:febc:322 2a00:dcc0:eda:88:>
FallbackDNS=1.1.1.1 9.9.9.10 8.8.8.8 2606:4700:4700::1111 2620:fe::10 2001:4860>
#Domains=
#LLMNR=yes
#MulticastDNS=yes
#DNSSEC=allow-downgrade
#DNSOverTLS=no
#Cache=yes
#DNSStubListener=yes
#ReadEtcHosts=yes
DNSStubListener=no # make happend thats port 53 is free for dnsmasq


cat /etc/dnsmasq.conf
$this->bbcode_second_pass_quote('', '
')...
# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
interface=br0
# Or you can specify which interface _not_ to listen on
#except-interface=
# Or which to listen on by address (remember to include 127.0.0.1 if
# you use this.)
listen-address=127.0.0.1
listen-address=192.168.1.1
.....
# Uncomment this to enable the integrated DHCP server, you need
# to supply the range of addresses available for lease and optionally
# a lease time. If you have more than one network, you will need to
# repeat this for each network on which you want to supply DHCP
# service.
dhcp-range=192.168.1.5,192.168.1.250,255.255.255.0,24h

....

# Do the same thing, but using the option name
dhcp-option=option:router,192.168.1.1

....


I take Iptables for the first test and is working!

$this->bbcode_second_pass_code('', '
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -t raw -F
iptables -t raw -X
iptables -A FORWARD -i br0 -s 192.168.1.0/255.255.255.0 -j ACCEPT
iptables -A FORWARD -i wan -d 192.168.1.0/255.255.255.0 -j ACCEPT
iptables -t nat -A POSTROUTING -o wan -j MASQUERADE
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -I INPUT 1 -i br0 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

')

The only problem is there i have only 300 MBit/s IN and OUTPUT can me someon help to get Gbit Speed?
Morta
 
Posts: 6
Joined: Sun Jun 30, 2019 11:48 am
Top
Topic locked

Return to ARMv8

Who is online

Users browsing this forum: No registered users and 9 guests

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group    © Arch Linux ARM