Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Newbie
    Join Date
    Aug 2020
    Posts
    4

    Default DHCP and setting the client hostname

    Hi all,

    New to UT, not new to networks. Reference picture below if it matters.

    I am trying to understand what is normally an easy operation, but does not seem to be as straightforward with UT. I suspect I am missing a new-to-UT idiot box somewhere that makes this simple . . otherwise surely someone would have asked by now, and I could find the answer in forums and web searches.

    In a nutshell: UT does not seem to give me the option to set the client hostname in DHCP leases.

    In a long-winded version: I want to be able to monitor what's going on not by IP or by self-reported client device names (which are entertaining..) but by the name I am assigning. I want to see those names in the dashboard, in the logs, etc. Right now I get a random blend of names I have assigned, names from clients, and just plain IP addresses. That's rather annoying and less than useful.

    In a normal environment (pfSense, for ex) I would go and create a set of DHCP lease names, save them off, and for central infrastructure assign static MAC <-> IP mappings. These would then also appear in my local DNS, and everything is fine.

    In UT, I edited the "Devices" page . . . and that didn't seem to do anything. And that "Last Hostname" keeps going back to randomly-stuffed client names. I made static DHCP entries for everything .. and then realized that the static mapping takes "Description" and not "Hostname" as the extra field. That's interesting . . . I've forcibly rebooted devices, and it didn't change the situation.

    So what am I missing? I want a nice simple table somewhere, that carries through all of the UT internals, that is based on something like:

    <Mac Addr> : Hostname : <optional static DHCP IP addr >

    but cannot seem to find anything like this. Am I missing something? It seems like I would have to set entries in Devices, and then make every device a static DHCP assignment, and then go manually a DNS entry for that same hostname from Devices to the same IP from the DHCP leases . . . am I crazy?

    Do I really need to move DHCP back to my pfSense box, and not on UT, to get this to work? Is that a best-practices model? And if it is, how do I get UT to recognize those names in dashboards and rules and so on?

    Color me puzzled. Thanks to anyone that can point me to what it is that I'm sure I've missed somewhere . . .

    Network topology diagram attached.
    Attached Images Attached Images

  2. #2
    Untanglit
    Join Date
    Dec 2016
    Posts
    15

    Default

    I believe there are two ways to do this.

    1. Create a Config: Network: DNS Server entry. The name entered here will override the hostname returned by the device by DHCP.
    2. Add a Hostname via the Devices List button at the top right of the admin screen. In this list, Last Hostname is what was returned by DHCP or the static DNS entry in option 1. Whatever you enter in Hostname will override it.

  3. #3
    Newbie
    Join Date
    Aug 2020
    Posts
    4

    Default

    Hi,

    #1 - that was my question at the end of the note . . In order for a DNS entry to work like that, each client needs a static IP. For that to make sense, and for DNS to be reflected back in the UT logs and reports, I need a Devices entry. So for every single device on my network, I have to [a] make a Devices entry with a hostname; [b] make a static DHCP lease; and [3] make a DNS entry that maps the same hostname and DHCP static IP. There's no lesser way or central way of managing this and having it auto-populate to the various other settings . . . ?

    #2 - Back in my original note, I mentioned that I did this . . and most clients seem to ignore it. So it doesn't seem to work as I expected it to.

    Thanks!
    Bollar likes this.

  4. #4
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,606

    Talking Welcome

    ...to Untangle, and the forums!

    Quote Originally Posted by jf987 View Post
    In a nutshell: UT does not seem to give me the option to set the client hostname in DHCP leases.
    This is a correct statement, not in the GUI.

    As @Bollar stated,
    The Hostname column in Devices will propagate to the hosts table, and be used throughout NGFW reports. Don't forget to hit save. Also, it may be useful to refresh your browser, but I haven't found that to be a problem.

    I think it will do what you want, and reliably.
    http://wiki.untangle.com/index.php/Devices

    TL;DR:
    You just have to separate the different functionality of all of the various uses of the term 'hostname'.
    • NGFW reports
    • DHCP enumeration
    • DNS resolution
    • Host (Client) identification

    You have correctly observed that the hostname that was learned automatically by DNS/DHCP is retained in the NGFW 'last hostname' column. It is typically the hostname set on the client. This does not have to be the same name that DNS uses, but generally is.

    The clients don't care what name NGFW uses for them in reports.

    However,
    The new NGFW 'hostname' column entries in reports does not propagate to the DNS/DHCP services, which are provided by dnsmasq.

    DNS and DHCP entries are aware of each other in dnsmasq. It is possible to override a hostname provided by a client by setting a dhcp-host= option in the config file. We have access to that in "Custom dnsmasq options." at #config/network/advanced/dns_and_dhcp
    Code:
    dhcp-host=[<hwaddr>][,id:<client_id>|*][,set:<tag>][tag:<tag>][,<ipaddr>][,<hostname>][,<lease_time>][,ignore]
    Specify per host parameters for the DHCP server. This allows a machine with a particular hardware address to be always allocated the same hostname, IP address and lease time. A hostname specified like this overrides any supplied by the DHCP client on the machine. It is also allowable to omit the hardware address and include the hostname, in which case the IP address and lease times will apply to any machine claiming that name. For example --dhcp-host=00:20:e0:3b:13:af,wap,infinite tells dnsmasq to give the machine with hardware address 00:20:e0:3b:13:af the name wap, and an infinite DHCP lease. --dhcp-host=lap,192.168.0.199 tells dnsmasq to always allocate the machine lap the IP address 192.168.0.199.
    From http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

    This might be useful if you reach services inside your LAN with a FQDN.

    However,
    dnsmasq does not support DHCP option 012, so the DHCP server cannot set the hostname on the host, even if the client is capable of asking for it.
    Last edited by Jim.Alles; 08-23-2020 at 05:21 AM.

  5. #5
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,606

    Unhappy an exception.

    Quote Originally Posted by Jim.Alles View Post
    I think it will do what you want, and reliably.
    I have found something perplexing.
    When a device is bypassed with a bypass rule by way of client tagging (100% of traffic), even though it has a hostname entry in both the device table and static DNS, it shows up as an IP address only in the Sessions report.

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,541

    Default

    Yes, because reports is bypassed just like everything else.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,606

    Default

    Quote Originally Posted by sky-knight View Post
    Yes, because reports is bypassed just like everything else.
    nope. reports isn't up there. it is a "Service Apps"
    (e.g. bypassed stuff is reported).

    EDIT: It also doesn't show up in the Hosts table, even though it has active sessions.
    Last edited by Jim.Alles; 08-23-2020 at 01:31 PM.

  8. #8
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,606

    Default

    You just have to separate the different functionality of all of the various uses of the term 'hostname'.
    • NGFW reports
    • DHCP enumeration
    • DNS resolution
    • Host (Client) identification
    What is neat that the Host Details in the Current Hosts table has a host of information (pun intended, sorry) about all of the different hostnames, and which of those sources is selected.

    hosts.png

    So a more complete list is:
    • The device itself
    • Device table
    • DHCP
    • Directory Connector
    • DNS
    • OpenVPN
    • Reports
    Last edited by Jim.Alles; 08-23-2020 at 01:34 PM.

  9. #9
    Untangler
    Join Date
    Jan 2019
    Posts
    81

    Default

    Quote Originally Posted by sky-knight View Post
    Yes, because reports is bypassed just like everything else.
    I learned in a recent thread that there is an option specifically for that in Config/Advanced/Options: "Log bypassed sessions". It is set by default.

    It's funny, because the sessions still show up in App or Bw Control reports, but they're pretty anonymous because they are not identified by the various L7 functions.
    Last edited by LaurentR; 08-24-2020 at 01:44 PM.

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,541

    Default

    Quote Originally Posted by LaurentR View Post
    I learned in a recent thread that there is an option specifically for that in Config/Advanced/Options: "Log bypassed sessions". It is set by default.

    It's funny, because the sessions still show up in App or Bw Control reports, but they're pretty anonymous because they are not identified by the various L7 functions.
    Yes, and that logging eats buckets of additional drive space. But yes, that's the purpose of bypass, to turn off the layer 7 stuff, so you don't get all the information you do otherwise.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2