Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000258Endian FirewallNetwork related (VPN, uplinks)public2007-09-10 07:342011-12-29 17:37
Reporterjaebird 
Assigned Topeter-endian 
PrioritynormalSeverityminorReproducibilityalways
StatusassignedResolutionopen 
PlatformOSOS Version
Product Version2.1.2 
Target VersionfutureFixed in Version 
Summary0000258: Cannot nslookup hosts that where ip address is provided by DHCP
DescriptionAlthough this works fine in IPCop, it doesn't seem to work in EFW. Not sure if there is a configuration issue or a bug in EFW. Hosts that are in the "Edit Hosts" can be looked up fine.
TagsNo tags attached.
Attached Filesgz file icon watchleaseshosts.tar.gz [^] (5,162 bytes) 2008-02-03 03:26
gz file icon watchleaseshosts_0.0.2.tar.gz [^] (4,937 bytes) 2008-04-11 16:41

- Relationships
has duplicate 0000520confirmed dhcp does not update DNS information 

-  Notes
(0000522)
Pikkori (reporter)
2007-10-06 03:00

Make ssh session
Check Your resolv.conf
it should reside here : /var/efw/red/resolv.conf
do cat /var/efw/red/resolv.conf
what it says ? It should prompt You with Youre nameservers.

or use netwizard in configuring nameservers If You haven't done that.

Regards
Tom-Pele
(0000523)
jaebird (reporter)
2007-10-06 03:57
edited on: 2007-10-06 03:59

My resolv.conf has both primary and secondary nameservers as it should, and the configuration is working for external DNS lookups (web browsing, ftp, etc), ie Internet. But my internal networked PCs that have a DHCP lease are not added to the dnsmasq and they are not reachable by name from within the network.

machine1 on green gets IP from EndianFirewall through dhcp
machine2 on green gets IP from EndianFirewall through dhcp

Both machine1 and machine2 are using EndianFirewall as DNS server as per the DHCP pushed out settings.

machine1 cannot ping machine2 by name. Ping by IP address works of course.

Like I mentioned initially, this behavior works in the current version of IPCop

There must be something with the ipchains (i have no idea actually) that is causing this.

Thanks,

Jae

(0000524)
Pikkori (reporter)
2007-10-06 04:36
edited on: 2007-10-06 04:36

From GUI (https://mydomain:10443 [^]) / https://IP:10443 [^])
Services
 - DHCP Server
   - DHCP Configuration

On Green interface
Be sure to fill out Primary DNS and Secondary DNS.
If so check Firewall tab and check green has access to port 53 outgoing
- or make sure You can access /make querys from within the green zone to the nameserver You are quering.

Hope this helps
Regards Tom-Pele

(0000525)
jaebird (reporter)
2007-10-06 16:16

Maybe I'm not explaining clearly what my problem is. All of my machines in the Green network CAN access the internet and do dns queries of EXTERNAL entities (google.com, yahoo.com, etc). The problem is that the machines cannot see each other by name.

The DNS for the Green interface is the ip address of the firewall pc. This way all DNS request go to the firewall which forwards them to the external DNS servers.

My problem is that the firewall does not resolve green interfaced PCs by name that are setup with DHCP. Statically assigned IP addressed machines resolve fine, because they are put in the host file of the firewall.

Thanks,
Jae
(0000526)
Pikkori (reporter)
2007-10-06 19:43

I think of two things :

1) DDNS maybe this what Youre looking for
or
2) Enable Netbios on green zone

Interestingly I looked after ddns in IPcop as you mentioned, nevertherless I cannot find it; thus I noticed DNRD i FAQ pages. Maybe that is what Your looking for that is not supported in Endian ?

Regards Tom-Pele
(0000541)
peter-endian (administrator)
2007-10-27 19:53

Unfortunately our dnsmasq version does not support this feature anymore, or i did not find how to use it. That's because dnsmasq now is a DHCP server itself, but we don't want to use the DHCP functionality since we already have a DHCP server.

For now this will not work anymore. Hope to fix it in future versions.
(0000851)
jaebird (reporter)
2008-01-24 21:43
edited on: 2008-01-24 21:45

root@endianfw:/etc/dnsmasq # /usr/sbin/dnsmasq -v
Dnsmasq version 2.38 Copyright (C) 2000-2007 Simon Kelley
Compile time options IPv6 GNU-getopt no-ISC-leasefile no-DBus no-I18N TFTP


It is currently not compiled with ISC support enabled, "no-ISC-leasefile". Can we get it compiled with support? Please?

(0000875)
wyc_93 (reporter)
2008-02-01 00:27

when compiling dnsmasq from source, you can enable the parsing of ISC leasefiles by first grepping for:

*/ #define HAVE_ISC_READER */

and then uncommenting it (e.g.):

#define HAVE_ISC_READER


FYI - I tried recompiling dnsmasq and using the new binary in place of the stock one, but it didn't work (it would start when I did a "/etc/init.d/dnsmasq restart" but when I tried an nslookup of any sort, it would refuse a connection. Unfortunately, I'm not a programmer, so at this point I've hit the limits of my ability!
(0000876)
jaebird (reporter)
2008-02-01 02:36

I have created a python script which watches for changes to the /var/lib/dhcp/dhcp.leases file. Whenever it changes a special hosts file is updated (similar to the way OpenVPN works) to the latest version. This allows local hosts to be resolved and seems to work good. I start the script at boot and it just sits there looking for changes.

The script includes some gpl code i found around the net so it could be redistributed under like license if this is something people want. I figured this was less intrusive to the "endian" way and does not rely on dnsmasq having ISC "aware" compile flags.
(0000877)
wyc_93 (reporter)
2008-02-01 14:40

jaebird,

I'd definitely be interested in your script. Do you have it hosted/documented anywhere? You can reach me at wyc_93-AT-yahoo.com. . .


peter,

the note I left previously (0000875) compiles dnsmasq with the ability to parse ISC leasefiles, which can then be turned on by adding:

dhcp-leasefile=/var/lib/dhcp/dhcpd.leases

to the dnsmasq.conf file. It should be noted that the dnsmasq author does state that this function is deprecated, and may be removed in the future (in fact it was already removed once, but was put back in due to popular demand).

regards, and thanks for the great work!

walter
(0000882)
jaebird (reporter)
2008-02-03 03:27

I attached my watchleaseshosts python script and supporting files. There is a readme in the archive that describes how I set it up on Endian. Good luck!
(0000986)
jaebird (reporter)
2008-04-11 16:46
edited on: 2008-04-12 04:23

Uploaded the newest version of the watchleaseshosts script. I found a problem with devices that would connect via multiple network addresses (ie Ethernet and wifi). Since the script did not differentiate between them, both ended up in the dnsmasq custom hosts file. dnsmasq would then pull one of them during an nslookup (which was usually the wrong one!).

Now the script uses the newest lease for a particular host for the host file. This means that when you undock your notebook, the wifi should do a dhclient and dnsmasq should resolve to the new address.

Cheers.

(0001210)
Devroush (reporter)
2008-05-20 14:15

Your script was a great help jaebird! However, I'd also like this functionality to be implemented in Endian Firewall instead of having to rely on a jaebird's script :)
(0001211)
peter-endian (administrator)
2008-05-20 14:57

it's on our roadmap
(0003599)
jaebird (reporter)
2009-12-19 02:38

I'm amazed that I still rely on my hacked up script! Where is this on the roadmap by now?

Thanks.
(0007587)
jaebird (reporter)
2011-12-29 17:37

I'm still using my script. Is this fixed in 2.5? The release notes I found were rather thin. Is there a published roadmap? I'm getting the feeling that "community" is defined differently here than other OSS projects.

- Issue History
Date Modified Username Field Change
2007-09-10 07:34 jaebird New Issue
2007-10-06 03:00 Pikkori Note Added: 0000522
2007-10-06 03:57 jaebird Note Added: 0000523
2007-10-06 03:59 jaebird Note Edited: 0000523
2007-10-06 03:59 jaebird Note Edited: 0000523
2007-10-06 04:36 Pikkori Note Added: 0000524
2007-10-06 04:36 Pikkori Note Edited: 0000524
2007-10-06 16:16 jaebird Note Added: 0000525
2007-10-06 19:43 Pikkori Note Added: 0000526
2007-10-27 19:53 peter-endian Note Added: 0000541
2007-10-27 19:53 peter-endian Assigned To => peter-endian
2007-10-27 19:53 peter-endian Status new => confirmed
2008-01-24 21:43 jaebird Note Added: 0000851
2008-01-24 21:45 jaebird Note Edited: 0000851
2008-02-01 00:27 wyc_93 Note Added: 0000875
2008-02-01 02:36 jaebird Note Added: 0000876
2008-02-01 14:40 wyc_93 Note Added: 0000877
2008-02-03 03:26 jaebird File Added: watchleaseshosts.tar.gz
2008-02-03 03:27 jaebird Note Added: 0000882
2008-03-04 16:25 peter-endian Target Version => 2.2-beta4
2008-03-04 16:25 peter-endian Relationship added has duplicate 0000520
2008-04-11 16:41 jaebird File Added: watchleaseshosts_0.0.2.tar.gz
2008-04-11 16:46 jaebird Note Added: 0000986
2008-04-12 04:23 jaebird Note Edited: 0000986
2008-04-22 16:45 ra-endian Target Version 2.2-beta4 => 2.2-rc1
2008-05-09 17:00 peter-endian Target Version 2.2-rc1 => 2.2
2008-05-20 14:15 Devroush Note Added: 0001210
2008-05-20 14:57 peter-endian Note Added: 0001211
2008-09-10 17:41 chris-endian Target Version 2.2 => 2.3
2008-09-10 17:58 chris-endian Target Version 2.3 => future
2009-12-19 02:38 jaebird Note Added: 0003599
2010-01-21 19:10 peter-endian Target Version future => codename: angry armadillo
2010-01-21 19:10 peter-endian Status confirmed => assigned
2010-06-14 18:01 peter-endian Target Version 2.4 => future
2011-12-29 17:37 jaebird Note Added: 0007587

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker