I have a desktop that I have configured as a local NAS and media server for my home network. I have also configured my wlan0 as a NAT AP using hostapd and dnsmasq (.confs below). The end goal is a DNS-cahced wi-fi network with all traffic going through the VPN tunnel.
Current setup:
WAN router to eth0, eth0 and VPN are managed by Network Manager, manual entries for DNS in Network Manager.
wlan0 (by hostapd) and iptables brought up by a script called from rc.local, and dnsmasq managing the DHCP and DNS servers for the wlan0 subnet.
Symptom:
DNS on wlan0 appears to only have a few cached sites from an apparently working DNS cache in the recent past, but now will not resolve names (pings are still successful).
Here's where my knowledge gets fuzzier than it already is: almost every dnsmasq how-to I read recommends to no-resolv resolv.conf and edit everything in dnsmasq. I'm fine with that, but I'm not sure that the VPN is going to play nice if I don't let it overwrite resolv.conf with its own nameserver. To DNS cache, it sounds like I need to use the local loopback as the primary listener...but for eth0 or for wlan0? I was thinking I could just let NM use the same instance of dnsmasq, but I'm not sure how that will play with the two subnets. Then I'm stuck in my own if-then loop.
From my own troubleshooting, check my thinking: does the below mean that my first dig proves that the name isn't cached, and the second is just receiving the answer from the VPN nameserver?
Am I thinking about it wrong? Should I just use eth0 be the DHCP server for the whole network (including wlan0) and I just bridge wlan0 to eth0)? Then just point everything at dnsmasq and tell dnsmasq to no-resolv? What then with the VPN nameserver?Code:user@server:~$ dig hotmail.com @localhost ; <<>> DiG 9.9.5-3ubuntu0.13-Ubuntu <<>> hotmail.com @localhost ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 29164 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;hotmail.com. IN A ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Mar 25 16:04:44 EDT 2017 ;; MSG SIZE rcvd: 29 user@server:~$ dig hotmail.com ; <<>> DiG 9.9.5-3ubuntu0.13-Ubuntu <<>> hotmail.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63884 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;hotmail.com. IN A ;; ANSWER SECTION: hotmail.com. 3600 IN A 65.55.118.92 hotmail.com. 3600 IN A 157.56.198.220 ;; Query time: 101 msec ;; SERVER: 10.118.0.1#53(10.118.0.1) ;; WHEN: Sat Mar 25 16:04:51 EDT 2017 ;; MSG SIZE rcvd: 72
Another issue is that even though I only assign 100-150 addresses, pingtool on my Android is still telling me I have a full /24 network?
My head hurts. Here's the code I've been staring at every night this week after the kids go to bed:
http://paste.ubuntu.com/24248800/
hostapd.conf
dnsmasq.conf (you can see the comments in/out I've been playing with depending on what post I'm reading...)Code:interface=wlan0driver=nl80211 logger_syslog=-1 logger_syslog_level=2 logger_stdout=-1 logger_stdout_level=2 dump_file=/tmp/hostapd.dump ctrl_interface=/var/run/hostapd ctrl_interface_group=0 ssid=test hw_mode=g channel=6 beacon_int=100 dtim_period=2 max_num_sta=255 rts_threshold=2347 fragm_threshold=2346 macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=1 wmm_enabled=1 wmm_ac_bk_cwmin=4 wmm_ac_bk_cwmax=10 wmm_ac_bk_aifs=7 wmm_ac_bk_txop_limit=0 wmm_ac_bk_acm=0 wmm_ac_be_aifs=3 wmm_ac_be_cwmin=4 wmm_ac_be_cwmax=10 wmm_ac_be_txop_limit=0 wmm_ac_be_acm=0 wmm_ac_vi_aifs=2 wmm_ac_vi_cwmin=3 wmm_ac_vi_cwmax=4 wmm_ac_vi_txop_limit=94 wmm_ac_vi_acm=0 wmm_ac_vo_aifs=2 wmm_ac_vo_cwmin=2 wmm_ac_vo_cwmax=3 wmm_ac_vo_txop_limit=47 wmm_ac_vo_acm=0 ieee80211n=1 ht_capab=[HT40+][TX-STBC][RX-STBC1][DSSS_CK-40][SHORT-GI-40] eap_server=0 own_ip_addr=127.0.0.1 wpa=2 wpa_passphrase=supersecret wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP
Bring up wlan0Code:#no-hostsno-resolv listen-address=127.0.0.1 bind-interfaces interface=wlan0 dhcp-range=net:wlan0,192.168.5.100,192.168.5.150,1440m #dhcp-host=mac:address, dhcp-option=wlan0,3,192.168.5.1 #server=/ns8.ga.us.dns.opennic.glue/50.116.40.226 #server=/ns6.ga.us.dns.opennic.glue/45.32.215.96 #reported from dig of name dhcp-option=wlan0,6,50.116.40.226,45.56.117.118
From eth0:Code:#!/bin/bash# broadcasting interface BROADCAST="wlan0" # receiving interface broadcast is connected to RECEIVE="eth0" ## start hostapd echo "Starting hostapd" echo " You can view the log at /var/log/hostapd.log" # launch hostapd daemon hostapd -d /etc/hostapd/hostapd.conf > /var/log/hostapd.log & ## start dhcp server echo "Starting dnsmasq" # set IP address ifconfig $BROADCAST 192.168.5.1 sleep 2 # launch dnsmasq dnsmasq sleep 10 # create iptables rules iptables -A FORWARD -i $RECEIVE -o $BROADCAST -s 192.168.5.1/24 -m conntrack --ctstate NEW -j ACCEPT iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -A POSTROUTING -t nat -j MASQUERADE # set kernel variable(s) echo 1 > /proc/sys/net/ipv4/conf/all/forwarding # edit kernel configuration cp /etc/sysctl.conf /etc/sysctl.conf.ap_ctl echo "net.ipv4.conf.default.forwarding=1" >> /etc/sysctl.conf echo "net.ipv4.conf.all.forwarding=1" >> /etc/sysctl.conf # restart networking /etc/init.d/networking restart exit 0
Halp!Code:nmcli -f IP4 dev list | grep DNS IP4.DNS[1]: 127.0.0.1 IP4.DNS[2]: 192.168.1.254 IP4.DNS[3]: 50.116.40.226 IP4.DNS[4]: 45.56.117.118
Adv Reply
Bookmarks