Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 36
  1. #21
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,510

    Default

    Quote Originally Posted by theoak View Post
    My range the first 150 for static ... and then .151 to .250 for DHCP.

    Never had a problem when I define static outside of DHCP range.
    And yet I'm wondering how that's possible? How would DNSMasq know what DHCP options to apply to an address that's not part of any defined scope? DHCP options are configured based on the IP range specified for dynamic deployment, and in Untangle's case tagged to an interface.

    I've had nothing but headaches with many DHCP daemons over the years trying to get them to hand out addresses they aren't configured to hand out. Because it's flat not designed to work that way! A range reserved for "static assignment" is exactly that, meaning those devices are STATIC! Static doesn't mean reserved address, it means it was manually configured! So if you're handing out reservations outside of the configured dynamic space, you're basically asking for magic.

    If you need different ranges for different device types then you need to configure those ranges in advanced mode manually or, use a real DHCP server. But go ahead, try to get MSDHCP to hand out something outside any of its configured scopes... it won't do it... ISC DHCP won't either, for the same reasons. It seems the DNSMasq is just dumb enough to try, but the results will be inconsistent.

    DHCP is not a substitute for IP Subnetting...
    DCHP is not a substitute for VLANs...

    You use the above to organize networks, DHCP is just an assignment mechanism for IP addresses. I'll never understand the drive to "organize" within it.
    Last edited by sky-knight; 08-05-2019 at 07:45 AM.
    f1assistance likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #22
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,746

    Default

    what is the output of these commands:
    /usr/bin/sync-settings
    cat /etc/dnsmasq.conf
    cat /var/lib/misc/dnsmasq.leases
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #23
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    1,513

    Default

    Rob, get some coffee!

    Dnsmasq's scope is defined by the subnet on an interface, yes. Not just the DHCP range given, because it expects to do DNS, as well.

    and you have hit on a point of confusion due to NGFW's poor choice of wording. (I am not teaching Rob anything with the following ;)

    There can be Static IP addresses manually assigned on the NIC of a host. DHCP is therefore disabled on that host, by definition.

    There are DHCP reservations, which are configured manually, but pushed out by DHCP. Every time that MAC address comes knocking, the IP address reserved for it is given. Unless... The host normally does not have that IP address until it is assigned by DHCP.

    Unfortunately, NGFW calls the table "Static DHCP Entries", and IMHO that is sloppy. Acceptable alternate description, if you Google it, but confusing to a newcomer. A contradiction in terms.

    I do object to "dnsmasq is just dumb enough to try", but I don't take it personally. it just has different magic sauce.

    Back to the O.P.'s dilemma, I would like to encourage him to simplify, as a matter of philosophy. Dnsmasq has it's DNS server and DHCP server tightly coupled. I wouldn't bother hassling with a Raspberry Pi for either of those.

    Dnsmasq, by default, will ping an IP address before it hands it out. If something answers with that address, it won't hand it out whether requested by the host, or reserved, or hashed by dnsmasq.

    To prove it, we could look at dnsmasq logs, in syslog by default once enabled.

    Or, we can simplify. disconnect the R-Pi, get NGFW cleaned up, power-cycle the switch and AP and let everything request DHCP cleanly.

    It appears a lot of these devices have a previous lease from a different DHCP server. Dnsmasq isn't stupid, just confused. Like me, most of the time. Good morning all! I Haz coffee to tend to.
    Last edited by Jim.Alles; 08-05-2019 at 08:32 AM.

  4. #24
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,746

    Default

    Quote Originally Posted by Jim.Alles View Post
    Dnsmasq, by default, will ping an IP address before it hands it out. If something answers with that address, it won't hand it out whether requested by the host, or reserved, or hashed by dnsmasq.
    Could totally be something like that. You can disable this with "no-ping" but of course then you'll have an IP conflict on your network, but you could do it for testing.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #25
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    1,513

    Default

    Quote Originally Posted by dmorris View Post
    You can disable this with "no-ping" but of course then you'll have an IP conflict on your network
    No, this is not certain. The ping is a safety net, in case some bad configuration occured, since the results can be devastating. But if the network is manageable, (read relatively small) and managed well, it isn't needed. I have a system where it is turned off because mobile Apple devices were giving up before getting dhcp, since the response is slowed down. my apologies, once again we are off-topic.

  6. #26
    Untangler
    Join Date
    Aug 2011
    Posts
    95

    Default

    dhcp-host=4c:b1:99:48:7e:56,set:SpecialDNS
    dhcp-host=88:19:08:d0:32:2c,set:SpecialDNS
    dhcp-host=d0:50:99:49:90:8f,set:SpecialDNS
    dhcp-host=08:05:81:68:5c:60,set:SpecialDNS
    dhcp-option=tag:SpecialDNS,option:dns-server,8.8.8.8



    That's what I have listed in /admin/index.do#config/network/advanced to force a few hosts to bypass my pi-hole.

    eth1, internal NIC, is 1c:1b:0d:62:cc:cf

    192.168.0.204 is listed in the static list, yes.

  7. #27
    Untangler
    Join Date
    Aug 2011
    Posts
    95

    Default

    Quote Originally Posted by dmorris View Post
    what is the output of these commands:
    /usr/bin/sync-settings
    cat /etc/dnsmasq.conf
    cat /var/lib/misc/dnsmasq.leases


    --

    [root @ jmw] ~ # /usr/bin/sync-settings
    Syncing to system...
    HostsManager: Wrote /tmp/tmp3vtdz6pg/etc/hostname
    HostsManager: Wrote /tmp/tmp3vtdz6pg/etc/hosts
    HostsManager: Wrote /tmp/tmp3vtdz6pg/etc/resolv.conf
    HostsManager: Wrote /tmp/tmp3vtdz6pg/etc/mailname
    HostsManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/pre-network-hook.d/001-sethost name
    InterfacesManager: Wrote /tmp/tmp3vtdz6pg/etc/network/interfaces
    InterfacesManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/iptables-rules.d/100-inte rface-marks
    InterfacesManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/pre-network-hook.d/045-in terfaces
    WirelessManager: Wrote /tmp/tmp3vtdz6pg/etc/default/crda
    DnsMasqManager: Wrote /tmp/tmp3vtdz6pg/etc/hosts.dnsmasq
    DnsMasqManager: Wrote /tmp/tmp3vtdz6pg/etc/dnsmasq.d/dhcp-static
    DnsMasqManager: Wrote /tmp/tmp3vtdz6pg/etc/dnsmasq.conf
    DnsMasqManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/post-network-hook.d/990-rest art-dnsmasq
    NatRulesManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/iptables-rules.d/220-nat-ru les
    FilterRulesManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/iptables-rules.d/240-fil ter-rules
    IptablesManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/iptables-rules.d/010-flush
    IptablesManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/iptables-rules.d/011-helper s
    IptablesManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/post-network-hook.d/960-ipt ables
    PortForwardManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/iptables-rules.d/230-por t-forward-rules
    PortForwardManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/iptables-rules.d/250-adm in-port-rules
    BypassRulesManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/iptables-rules.d/210-byp ass-rules
    EthernetManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/pre-network-hook.d/015-ethe rnet-media
    SysctlManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/post-network-hook.d/010-sysct l
    KernelManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/post-network-hook.d/011-kerne l
    ArpManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/post-network-hook.d/025-arp
    RouteManager: Wrote /tmp/tmp3vtdz6pg/etc/iproute2/rt_tables
    RouteManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/post-network-hook.d/030-routes
    RouteManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/pre-network-hook.d/030-routes
    DhcpManager: Wrote /tmp/tmp3vtdz6pg/etc/dhcp/dhclient-exit-hooks.d/untangle-dhcl ient-exit-hook
    DhcpManager: Wrote /tmp/tmp3vtdz6pg/etc/dhcp/dhclient-enter-hooks.d/untangle-dhc lient-enter-hook
    DhcpManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/pre-network-hook.d/035-dhcp
    DhcpManager: Wrote /tmp/tmp3vtdz6pg/etc/dhcp/dhclient-exit-hooks.d/ddclient
    VrrpManager: Wrote /tmp/tmp3vtdz6pg/etc/keepalived/keepalived.conf
    VrrpManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/post-network-hook.d/200-vrrp
    VrrpManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/iptables-rules.d/241-vrrp-rules
    RadvdManager: Wrote /tmp/tmp3vtdz6pg/etc/radvd.conf
    RadvdManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/post-network-hook.d/990-restar t-radvd
    PPPoEManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/pre-network-hook.d/040-pppoe
    PPPoEManager: Wrote /tmp/tmp3vtdz6pg/etc/ppp/ip-up.d/99-untangle
    QosManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/iptables-rules.d/300-qos
    DdclientManager: Wrote /tmp/tmp3vtdz6pg/etc/ddclient.conf
    DdclientManager: Wrote /tmp/tmp3vtdz6pg/etc/default/ddclient
    DdclientManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/post-network-hook.d/990-res tart-ddclient
    EbtablesManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/iptables-rules.d/020-ebtabl es
    UpnpManager: Wrote /tmp/tmp3vtdz6pg/etc/miniupnpd/miniupnpd.conf
    UpnpManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/post-network-hook.d/990-restart -upnp
    UpnpManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/iptables-rules.d/741-upnp
    UpnpManager: Wrote /tmp/tmp3vtdz6pg/etc/miniupnpd/iptables_init.sh
    UpnpManager: Wrote /tmp/tmp3vtdz6pg/etc/miniupnpd/ip6tables_init.sh
    NetflowManager: Wrote /tmp/tmp3vtdz6pg/etc/default/softflowd
    NetflowManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/post-network-hook.d/990-rest art-softflowd
    DynamicRoutingManager: Wrote /tmp/tmp3vtdz6pg/etc/untangle/post-network-hook.d/9 90-restart-quagga
    No changed files.

    Copying files...
    Done.
    [root @ jmw] ~ #


    --

    [root @ jmw] ~ # cat /etc/dnsmasq.conf
    ## Auto Generated
    ## DO NOT EDIT. Changes will be overwritten.


    # Interface 1 DNS
    # stored in /etc/dnsmasq.d/dhcp-upstream-dns-servers

    # Global DNS options
    interface=* # specified so local-service option is disabled
    localise-queries
    expand-hosts
    no-hosts
    addn-hosts=/etc/hosts.dnsmasq
    addn-hosts=/etc/hosts.untangle

    # Global DHCP options
    dhcp-authoritative
    dhcp-lease-max=5000

    # Interface 2 (eth1) DHCP
    dhcp-range=tag:eth1,192.168.0.150,192.168.0.160,3000
    dhcp-option=tag:eth1,3,192.168.0.1 # gateway
    dhcp-option=tag:eth1,1,255.255.255.0 # netmask
    dhcp-option=tag:eth1,6,192.168.0.7 # dns

    # Interface 100 (eth1.10) DHCP
    dhcp-range=tag:eth1.10,192.168.10.10,192.168.10.13,9999
    dhcp-option=tag:eth1.10,3,192.168.10.1 # gateway
    dhcp-option=tag:eth1.10,1,255.255.255.0 # netmask
    dhcp-option=tag:eth1.10,6,192.168.10.1 # dns

    # Interface 101 (eth1.20) DHCP
    dhcp-range=tag:eth1.20,192.168.20.10,192.168.20.25,18000
    dhcp-option=tag:eth1.20,3,192.168.20.1 # gateway
    dhcp-option=tag:eth1.20,1,255.255.255.0 # netmask
    dhcp-option=tag:eth1.20,6,192.168.20.1 # dns

    # Interface 102 (eth1.30) DHCP
    dhcp-range=tag:eth1.30,192.168.30.10,192.168.30.30,5000
    dhcp-option=tag:eth1.30,3,192.168.30.1 # gateway
    dhcp-option=tag:eth1.30,1,255.255.255.0 # netmask
    dhcp-option=tag:eth1.30,6,209.222.18.222 # dns

    # domain
    domain=noip.me

    # Local DNS servers

    # Custom dnsmasq options
    dhcp-host=4c:b1:99:48:7e:56,set:SpecialDNS
    dhcp-host=88:19:08:d0:32:2c,set:SpecialDNS
    dhcp-host=d0:50:99:49:90:8f,set:SpecialDNS
    dhcp-host=08:05:81:68:5c:60,set:SpecialDNS
    dhcp-option=tag:SpecialDNS,option:dns-server,8.8.8.8


    [root @ jmw] ~ #


    --


    [root @ jmw] ~ # cat /var/lib/misc/dnsmasq.leases
    1565050822 7c:5c:f8:69:17:ca 192.168.0.53 host1 01:7c:5c:f8:69:17:ca
    1565050467 cc:c0:79:61:ae:fd 192.168.0.24 s8 01:cc:c0:79:61:ae:fd
    1565050925 34:15:13:c7:ce:ce 192.168.0.205 * *
    1565050712 4c:b1:99:48:7e:56 192.168.0.154 iPad 01:4c:b1:99:48:7e:56
    1565050333 94:e3:6d:76:31:29 192.168.0.201 Ring *
    1565050693 08:05:81:68:5c:60 192.168.0.157 * *
    1565050367 3c:a3:08:8b:d1:00 192.168.0.204 * *
    1565050986 00:00:ec:68:91:4d 192.168.0.22 Wii 01:00:00:ec:68:91:4d
    1565051140 e0:4f:43:4d:b8:13 192.168.0.200 RingPro-13 *


    --

  8. #28
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,510

    Default

    Well there's the problem there... Another thread around here somewhere I discovered that you can't have two dhcp-host directives for a specific MAC.

    One is being used for the reservation, the other here to set the tag. For those hosts you need to remove the reservation from Untangle, and use the advanced line to combine the syntax for the reservation and the tag into a single line.
    Jim.Alles likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #29
    Untangler
    Join Date
    Aug 2011
    Posts
    95

    Default

    Quote Originally Posted by Jim.Alles View Post
    Back to the O.P.'s dilemma, I would like to encourage him to simplify, as a matter of philosophy. Dnsmasq has it's DNS server and DHCP server tightly coupled. I wouldn't bother hassling with a Raspberry Pi for either of those.
    ...
    Or, we can simplify. disconnect the R-Pi, get NGFW cleaned up, power-cycle the switch and AP and let everything request DHCP cleanly.

    I will happily eliminate the pi-hole if there is a way to implement similar functionality in untangle (and for free). The pi-hole was just a stupid-easy thing to stand up, and has worked wonders on the network for ads, reduction of bandwidth, etc. I had not explored the option in untangle because the pi is doing so well. I'm totally open to alternatives, I just don't know where to look.

  10. #30
    Untangler
    Join Date
    Aug 2011
    Posts
    95

    Default

    Quote Originally Posted by sky-knight View Post
    Well there's the problem there... Another thread around here somewhere I discovered that you can't have two dhcp-host directives for a specific MAC.

    One is being used for the reservation, the other here to set the tag. For those hosts you need to remove the reservation from Untangle, and use the advanced line to combine the syntax for the reservation and the tag into a single line.


    Sweet. Is there a link where I can look up the exact syntax that is needed?

Page 3 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2