SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264
Notes |
|
|
Make ssh session
Check Your resolv.conf
it should reside here : /var/efw/red/resolv.conf
do cat /var/efw/red/resolv.conf
what it says ? It should prompt You with Youre nameservers.
or use netwizard in configuring nameservers If You haven't done that.
Regards
Tom-Pele |
|
|
(0000523)
|
jaebird
|
2007-10-06 01:57
(edited on: 2007-10-06 01:59) |
|
My resolv.conf has both primary and secondary nameservers as it should, and the configuration is working for external DNS lookups (web browsing, ftp, etc), ie Internet. But my internal networked PCs that have a DHCP lease are not added to the dnsmasq and they are not reachable by name from within the network.
machine1 on green gets IP from EndianFirewall through dhcp
machine2 on green gets IP from EndianFirewall through dhcp
Both machine1 and machine2 are using EndianFirewall as DNS server as per the DHCP pushed out settings.
machine1 cannot ping machine2 by name. Ping by IP address works of course.
Like I mentioned initially, this behavior works in the current version of IPCop
There must be something with the ipchains (i have no idea actually) that is causing this.
Thanks,
Jae
|
|
|
|
From GUI (https://mydomain:10443 [^]) / https://IP:10443 [^])
Services
- DHCP Server
- DHCP Configuration
On Green interface
Be sure to fill out Primary DNS and Secondary DNS.
If so check Firewall tab and check green has access to port 53 outgoing
- or make sure You can access /make querys from within the green zone to the nameserver You are quering.
Hope this helps
Regards Tom-Pele
|
|
|
|
Maybe I'm not explaining clearly what my problem is. All of my machines in the Green network CAN access the internet and do dns queries of EXTERNAL entities (google.com, yahoo.com, etc). The problem is that the machines cannot see each other by name.
The DNS for the Green interface is the ip address of the firewall pc. This way all DNS request go to the firewall which forwards them to the external DNS servers.
My problem is that the firewall does not resolve green interfaced PCs by name that are setup with DHCP. Statically assigned IP addressed machines resolve fine, because they are put in the host file of the firewall.
Thanks,
Jae |
|
|
|
I think of two things :
1) DDNS maybe this what Youre looking for
or
2) Enable Netbios on green zone
Interestingly I looked after ddns in IPcop as you mentioned, nevertherless I cannot find it; thus I noticed DNRD i FAQ pages. Maybe that is what Your looking for that is not supported in Endian ?
Regards Tom-Pele |
|
|
|
Unfortunately our dnsmasq version does not support this feature anymore, or i did not find how to use it. That's because dnsmasq now is a DHCP server itself, but we don't want to use the DHCP functionality since we already have a DHCP server.
For now this will not work anymore. Hope to fix it in future versions. |
|
|
(0000851)
|
jaebird
|
2008-01-24 20:43
(edited on: 2008-01-24 20:45) |
|
root@endianfw:/etc/dnsmasq # /usr/sbin/dnsmasq -v
Dnsmasq version 2.38 Copyright (C) 2000-2007 Simon Kelley
Compile time options IPv6 GNU-getopt no-ISC-leasefile no-DBus no-I18N TFTP
It is currently not compiled with ISC support enabled, "no-ISC-leasefile". Can we get it compiled with support? Please?
|
|
|
(0000875)
|
wyc_93
|
2008-01-31 23:27
|
|
when compiling dnsmasq from source, you can enable the parsing of ISC leasefiles by first grepping for:
*/ #define HAVE_ISC_READER */
and then uncommenting it (e.g.):
#define HAVE_ISC_READER
FYI - I tried recompiling dnsmasq and using the new binary in place of the stock one, but it didn't work (it would start when I did a "/etc/init.d/dnsmasq restart" but when I tried an nslookup of any sort, it would refuse a connection. Unfortunately, I'm not a programmer, so at this point I've hit the limits of my ability! |
|
|
|
I have created a python script which watches for changes to the /var/lib/dhcp/dhcp.leases file. Whenever it changes a special hosts file is updated (similar to the way OpenVPN works) to the latest version. This allows local hosts to be resolved and seems to work good. I start the script at boot and it just sits there looking for changes.
The script includes some gpl code i found around the net so it could be redistributed under like license if this is something people want. I figured this was less intrusive to the "endian" way and does not rely on dnsmasq having ISC "aware" compile flags. |
|
|
(0000877)
|
wyc_93
|
2008-02-01 13:40
|
|
jaebird,
I'd definitely be interested in your script. Do you have it hosted/documented anywhere? You can reach me at wyc_93-AT-yahoo.com. . .
peter,
the note I left previously (0000875) compiles dnsmasq with the ability to parse ISC leasefiles, which can then be turned on by adding:
dhcp-leasefile=/var/lib/dhcp/dhcpd.leases
to the dnsmasq.conf file. It should be noted that the dnsmasq author does state that this function is deprecated, and may be removed in the future (in fact it was already removed once, but was put back in due to popular demand).
regards, and thanks for the great work!
walter |
|
|
|
I attached my watchleaseshosts python script and supporting files. There is a readme in the archive that describes how I set it up on Endian. Good luck! |
|
|
(0000986)
|
jaebird
|
2008-04-11 14:46
(edited on: 2008-04-12 02:23) |
|
Uploaded the newest version of the watchleaseshosts script. I found a problem with devices that would connect via multiple network addresses (ie Ethernet and wifi). Since the script did not differentiate between them, both ended up in the dnsmasq custom hosts file. dnsmasq would then pull one of them during an nslookup (which was usually the wrong one!).
Now the script uses the newest lease for a particular host for the host file. This means that when you undock your notebook, the wifi should do a dhclient and dnsmasq should resolve to the new address.
Cheers.
|
|
|
|
Your script was a great help jaebird! However, I'd also like this functionality to be implemented in Endian Firewall instead of having to rely on a jaebird's script :) |
|
|
|
|
|
|
I'm amazed that I still rely on my hacked up script! Where is this on the roadmap by now?
Thanks. |
|
|
|
I'm still using my script. Is this fixed in 2.5? The release notes I found were rather thin. Is there a published roadmap? I'm getting the feeling that "community" is defined differently here than other OSS projects. |
|