[solved] dnsmasq does not issue DHCP leases

schard · 2019-06-01 10:35:35

I am configuring a firewall router using dnsmasq as DNS and DHCP server.
I followed the documentation in the WIki.
When I connect a client (Arch Linux Live medium) it does not get a DHCP lease from the router.
If I connect it to my FritzBox directly, it does get a lease, so I can rule out a defective cable.

# grep -vE ^#\|^$ /etc/dnsmasq.conf 
interface=enp3s0
domain=test.local
dhcp-range=192.168.0.10,192.168.0.200,12h
dhcp-option=3,192.168.0.254
dhcp-option=6,192.168.0.254
dhcp-authoritative

 LANG=C systemctl status dnsmasq.service 
* dnsmasq.service - A lightweight DHCP and caching DNS server
   Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2019-06-01 12:26:23 CEST; 4min 12s ago
     Docs: man:dnsmasq(8)
  Process: 848 ExecStartPre=/usr/bin/dnsmasq --test (code=exited, status=0/SUCCESS)
 Main PID: 849 (dnsmasq)
    Tasks: 1 (limit: 4915)
   Memory: 960.0K
   CGroup: /system.slice/dnsmasq.service
           `-849 /usr/bin/dnsmasq -k --enable-dbus --user=dnsmasq --pid-file

Jun 01 12:26:23 archlinux systemd[1]: Starting A lightweight DHCP and caching DNS server...
Jun 01 12:26:23 archlinux dnsmasq[848]: dnsmasq: Syntaxpr<C3><BC>fung OK.
Jun 01 12:26:23 archlinux systemd[1]: Started A lightweight DHCP and caching DNS server.
Jun 01 12:26:23 archlinux dnsmasq[849]: gestartet, Version 2.80, Cachegr<C3><B6><C3><9F>e 150
Jun 01 12:26:23 archlinux dnsmasq[849]: <C3><9C>bersetzungsoptionen: IPv6 GNU-getopt DBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify dumpfile
Jun 01 12:26:23 archlinux dnsmasq[849]: DBus-Unterst<C3><BC>tzung eingeschaltet: mit Systembus verbunden
Jun 01 12:26:23 archlinux dnsmasq-dhcp[849]: DHCP, IP-Bereich 192.168.0.10 -- 192.168.0.200, Lease Zeit 12h
Jun 01 12:26:23 archlinux dnsmasq[849]: lese /etc/resolv.conf
Jun 01 12:26:23 archlinux dnsmasq[849]: Benutze Namensserver 127.0.0.53#53
Jun 01 12:26:23 archlinux dnsmasq[849]: /etc/hosts gelesen - 1 Adressen

# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:01:2e:6e:b2:84 brd ff:ff:ff:ff:ff:ff
    inet 172.23.56.27/24 brd 172.23.56.255 scope global dynamic enp2s0
       valid_lft 863107sec preferred_lft 863107sec
    inet6 fe80::201:2eff:fe6e:b284/64 scope link 
       valid_lft forever preferred_lft forever
3: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:01:2e:6e:b2:85 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.254/32 scope global enp3s0
       valid_lft forever preferred_lft forever
    inet6 fe80::201:2eff:fe6e:b285/64 scope link 
       valid_lft forever preferred_lft forever
4: wlp4s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 2c:6e:85:5f:5e:10 brd ff:ff:ff:ff:ff:ff

# cat /etc/systemd/network/intern.network 
[Match]
Name=enp3s0

[Network]
Address=192.168.0.254/32
# cat /etc/systemd/network/extern.network 
[Match]
Name=enp2s0

[Network]
DHCP=yes

# ip route
default via 172.23.56.254 dev enp2s0 proto dhcp src 172.23.56.27 metric 1024 
172.23.56.0/24 dev enp2s0 proto kernel scope link src 172.23.56.27 
172.23.56.254 dev enp2s0 proto dhcp scope link src 172.23.56.27 metric 1024

# nft list ruleset
table inet filter {
	chain input {
		type filter hook input priority 0; policy accept;
		ct state { established, related } accept
		ct state invalid drop
		iifname "lo" accept
		ip protocol icmp accept
		ip6 nexthdr ipv6-icmp accept
		tcp dport ssh accept
		reject
	}

	chain forward {
		type filter hook forward priority 0; policy accept;
		ip saddr 192.168.0.0/24 goto csh-local
		drop
	}

	chain csh-local {
		tcp dport { smtp, urd, submission } goto privileged
		accept
	}

	chain privileged {
	}

	chain output {
		type filter hook output priority 0; policy accept;
	}
}
table ip nat {
	chain prerouting {
		type nat hook prerouting priority 0; policy accept;
	}

	chain postrouting {
		type nat hook postrouting priority 100; policy accept;
		ip saddr 192.168.0.0/24 oifname "enp2s0" masquerade
	}
}

What am I missing?

Update:

# cat /var/lib/misc/dnsmasq.leases

(It's empty)

PPS:
I commented out

bind-interfaces

for testing purposes. It does not work with it enabled or disabled.

Last edited by schard (2019-06-01 11:54:42)

seth · 2019-06-01 11:19:58

Client log?

sudo nmap --script broadcast-dhcp-discover

(on the client)

Right now it sounds as if you had two dhcp servers in the subnet (dnsmasq and fritzbox) but I only skimmed the post. Did you maybe want to forward port 53?

schard · 2019-06-01 11:34:32

Thanks for your reply seth, but both networks are physically separated. They are joined only by the router, which has two ethernet ports.
I'll deliver the client log asap.
Update:
I just noticed, that I have not opened port 53, 67 and 68/udp in the firewall.
If this was the issue, I'm going to shoot myself.
Solved:
Yes, this was indeed the issue.
Gotta get more coffee...

Last edited by schard (2019-06-01 11:55:02)

Arch Linux

#1 2019-06-01 10:35:35

[solved] dnsmasq does not issue DHCP leases

#2 2019-06-01 11:19:58

Re: [solved] dnsmasq does not issue DHCP leases

#3 2019-06-01 11:34:32

Re: [solved] dnsmasq does not issue DHCP leases

Board footer