Thread: some dnsmasq problems
View Single Post

  #3 (permalink)  
Old 11-29-2004
Matteo Corti
 
Posts: n/a
Default Re: some dnsmasq problems
On 2004-11-29, Tauno Voipio <tauno.voipio@iki.fi.NOSPAM.invalid> wrote:
> Matteo Corti wrote:

>>
>> I just installed dnsmasq at home and I have a strange problem.
>>
>> My setup:
>>
>> - a router/gateway machine with an external ip (let's call it
>> my_ip) with an internal ip (192.168.1.1)
>> - several machines in the 192.168.1.0 network
>>
>> On the gatway /etc/resolv.conf is generated by the DHCP client on the
>> external interface and the /etc/hosts contains the local machines:
>>
>> [root@gateway root]# cat /etc/hosts
>> # Do not remove the following line, or various programs
>> # that require network functionality will fail.
>> 127.0.0.1 localhost.localdomain localhost
>>
>> 192.168.1.1 gateway
>> 192.168.1.10 patrick
>> 192.168.1.20 matteo
>> 192.168.1.30 andreas
>> 192.168.1.254 ap
>>
>> On the "internal machines" i simply have set up the DNS server to be
>> 192.168.1.1
>>
>> Everything seems to work but:
>>
>> On a local machine:
>>
>>
>>>host myname.mydomain
>>
>> returns my_ip wanderful!
>>
>>
>>>telnet myname.mydomain 80
>>
>> Trying 127.0.0.1...
>> telnet: connect to address 127.0.0.1: Connection refused
>>
>> And here telnet (but also mozilla, ssh, ...) resolves myname.mydomain
>> to localhost.
>>
>> I am puzzled: are host and other linux programs using different
>> methods to resolv domain names (host seems to use libresolv but I
>> didn't really get what telnet is doing).
>>
>> On the dns server everything seems ok:
>> [root@gateway root]# host myname.mydomain
>> casa.dyndns.info has address my_ip
>> [root@gateway root]# telnet myname.mydomain 80
>> Trying my_ip...
>> Connected to myname.mydomain.
>> Escape character is '^]'.
>>
>> I'm pretty sure that problem is pretty simple but at the moment I am
>> clueless...
>>
>> Many thanks for any hint.
>>
>> Matteo
>>
>
> Did you read the dnsmasq documentation about using it
> for the host housing the daemon?

Yes

> Are you trying to Telnet/SSH the computer with its external
> IP address from the same machine?

No, I am trying to connect from a machine in the internal network
(let's say 192.168.1.10).

> The IP stack is smart enough to route packets to *any* of
> the local addresses via the loopback interface.

Yes but I am connect from a second machine:
- on 192.168.1.1 I do 'host casa.dyndns.info' and I get casa.dyndns.info has address 192.33.99.76
using the DNS server configured in /etc/resolv conf (and not
127.0.0.1, -> my IP stack is not smart enough :-)
- on 192.168.1.10 (another machine) I do the same and I get again casa.dyndns.info has address 192.33.99.76
this time using 192.168.1.1 as a DNS server
- on 192.168.1.10 I do 'telnet casa.dyndns.info 80' and telnet
relsoves to 127.0.0.1: I don't get why.. Shouldn't telnet try to
resolv the name using the same server as host?

> Does the computer have the Telnet / SSH server daemon running?

Yes of course but the error message is pretty clear: cannot connect to
127.0.0.1! This is not a problem with the server.
>
> Does the computer have a firewall up?

Of course, I need it for NAT. But the DNS queries are not filtered out:
% host www.cisco.com 192.168.1.1
works from the internal network (i.e., I can reach the DNS on
192.168.1.1)

> For more specific answers, please post:
> - the output of ifconfig -a

on the gateway (192.168.1.1):

eth0 Link encap:Ethernet HWaddr 00:C0:26:15:72:A5
inet addr:192.33.99.76 Bcast:192.33.99.127 Mask:255.255.255.192
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:86988 errors:0 dropped:0 overruns:0 frame:0
TX packets:44579 errors:0 dropped:0 overruns:0 carrier:0
collisions:366 txqueuelen:1000
RX bytes:20152755 (19.2 Mb) TX bytes:14967317 (14.2 Mb)
Interrupt:11 Base address:0xd000

eth1 Link encap:Ethernet HWaddr 00:02:44:35:86:A5
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:44289 errors:0 dropped:0 overruns:0 frame:0
TX packets:42426 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:15243268 (14.5 Mb) TX bytes:17334175 (16.5 Mb)
Interrupt:10 Base address:0xd400

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:102 errors:0 dropped:0 overruns:0 frame:0
TX packets:102 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7100 (6.9 Kb) TX bytes:7100 (6.9 Kb)

on the "others"

eth0 Link encap:Ethernet HWaddr 00:30:1B:B3:4B:E0
inet addr:192.168.1.20 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::230:1bff:feb3:4be0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:967 errors:0 dropped:0 overruns:0 frame:0
TX packets:1094 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:260198 (254.0 KiB) TX bytes:127865 (124.8 KiB)
Interrupt:177

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:67 errors:0 dropped:0 overruns:0 frame:0
TX packets:67 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5004 (4.8 KiB) TX bytes:5004 (4.8 KiB)

> - the output of iptables -nvL

Chain INPUT (policy DROP 4 packets, 192 bytes)
pkts bytes target prot opt in out source destination
102 7100 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
817 85623 ACCEPT all -- eth1 * 192.168.1.0/24 0.0.0.0/0
0 0 drop-and-log-it all -- eth0 * 192.168.1.0/24 0.0.0.0/0
568 17292 ACCEPT icmp -- eth0 * 0.0.0.0/0 192.33.99.76
791 213K ACCEPT all -- eth0 * 0.0.0.0/0 192.33.99.76 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp spt:68 dpt:67
0 0 ACCEPT udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
8 480 ACCEPT tcp -- eth0 * 0.0.0.0/0 192.33.99.76 state NEW,RELATED,ESTABLISHED tcp dpt:22
6 360 ACCEPT tcp -- eth0 * 0.0.0.0/0 192.33.99.76 state NEW,RELATED,ESTABLISHED tcp dpt:25
11 588 ACCEPT tcp -- eth0 * 0.0.0.0/0 192.33.99.76 state NEW,RELATED,ESTABLISHED tcp dpt:80
5 300 ACCEPT tcp -- eth0 * 0.0.0.0/0 192.33.99.76 state NEW,RELATED,ESTABLISHED tcp dpt:443
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 192.33.99.76 state NEW,RELATED,ESTABLISHED tcp dpt:8080
435 93169 drop-and-log-it all -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP 3 packets, 132 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:23
14506 2499K ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
69625 22M ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0
0 0 drop-and-log-it all -- * * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
102 7100 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * eth1 192.33.99.76 192.168.1.0/24
681 159K ACCEPT all -- * eth1 192.168.1.0/24 192.168.1.0/24
0 0 drop-and-log-it all -- * eth0 0.0.0.0/0 192.168.1.0/24
1656 170K ACCEPT all -- * eth0 192.33.99.76 0.0.0.0/0
0 0 ACCEPT tcp -- * eth1 192.168.1.0/24 255.255.255.255 tcp spt:67 dpt:68
0 0 ACCEPT udp -- * eth1 192.168.1.0/24 255.255.255.255 udp spt:67 dpt:68
0 0 drop-and-log-it all -- * * 0.0.0.0/0 0.0.0.0/0

Chain drop-and-log-it (5 references)
pkts bytes target prot opt in out source destination
435 93169 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable


> An afterthought: PLEASE do not use publicly accessible Telnet server,
> you'll be cracked in no time.

Don't worry: I used telnet to port 80 (http) only to do a simple test
:-)

Telnet is closed since a long time ...

Many thanks for your help.

Matteo


--
Matteo Corti
Computer Systems Institute
Swiss Federal Institute of Technology Zurich
Reply With Quote