DNS problem for clients connected to RPI3 NAT

ornitorrinco

ornitorrinco

Hello everyone,
I'm creating a simple Wifi router with a Raspberry PI 3.

The router consists of 2 network interfaces:
1. ue0: the LAN interface connect to the internet
2. wlan0: the Wireless interface for the internal network

# uname -a
FreeBSD Turtle 13.0-CURRENT FreeBSD 13.0-CURRENT #0 r362853: Thu Jul 2 09:41:06 UTC 2020 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/arm64.aarch64/sys/GENERIC arm64

I'm using:
hostapd on wlan0 to create an access point,
pf for the firewall and to create a NAT for wlan0,
bind 9.16.5 for the DNS server,
and isc-dhcp 4.4.2 for the DHCP server.

With my current configuration I can connect all my devices (handy, laptop etc.) with the RPI3, the DHCP server is working, I do have internet access on all connected devices but the DNS is not working.

On the RPI3 itself the DNS is working just fine.

I tested everything with (nearly) the same configuration on my laptop where everything is working, even the DNS.

The big differences between my laptop and the RPI3 I know of are:
Latptop: amd64 RPI3: arm64
Laptop: Freebsd 12.1 RPI3: 13.0
RPI3: I cannot load kernel modules with /boot/loader.conf, I load them either manually or with kld_list (see my /etc/rc.conf)
RPI3: /etc/pf.conf has a rule to allow SSH which is not needed on my laptop and this difference shouldn't affect the DNS problem

I installed bind 9.16.5 on the RPI3 from ports because bind916 from the package manager was version 9.16.4 but on my laptop 9.16.5.

I'm using the same Wifi adapter on both machines.

My /etc/rc.conf:
Bash: 
hostname="Turtle"
ifconfig_ue0="DHCP"
sshd_enable="YES"
sendmail_enable="NONE"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
growfs_enable="YES"

kld_list="/boot/kernel/wlan_amrr.ko /boot/kernel/wlan_acl.ko"

keymap="de.noacc.kbd"

ntpd_enable="YES"
ntpd_program="/usr/local/sbin/ntpd"
ntpdate_program='/usr/local/sbin/ntpdate'
ntpd_sync_on_start="YES"

# router
wlans_rum0="wlan0"
if_config_wlan0="inet 192.168.0.1 255.255.255.0"

gateway_enable="YES"
pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_program="/sbin/pfctl"
pf_flags=""
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
hostapd_enable="YES"
named_enable="YES"
named_conf="/usr/local/etc/namedb/named.conf"
dhcpd_enable="YES"

My /boot/loader.conf:
Bash: 
# Configure USB OTG; see usb_template(4).
hw.usb.template=3
umodem_load="YES"
# Multiple console (serial+efi gop) enabled.
boot_multicons="YES"
boot_serial="YES"
# Disable the beastie menu and color
beastie_disable="YES"
loader_color="NO"
wlan_xauth_load="YES"
wlan_acl_load="YES"
wlan_amrr_load="YES"
loader_delay="20"

My /etc/pf.conf:
Bash: 
int_if = "wlan0"
ext_if = "ue0"
localnet = $int_if:network
icmp_types = "{ echoreq, unreach }"

table <bruteforce> persist

table <reserved> { 0.0.0.0/8 10.0.0.0/8 100.64.0.0/10 127.0.0.0/8 169.254.0.0/16          \
                  172.16.0.0/12 192.0.0.0/24 192.0.0.0/29 192.0.2.0/24 192.88.99.0/24    \
                  192.168.0.0/16 198.18.0.0/15 198.51.100.0/24 203.0.113.0/24            \
                  240.0.0.0/4 255.255.255.255/32 }

set skip on lo0

scrub in all fragment reassemble max-mss 1440

nat on $ext_if inet from !($ext_if) -> ($ext_if:0)

antispoof quick for $ext_if
block in quick on egress from <reserved>
block return out quick on egress to <reserved>
block all

# allow ssh
pass in on $ext_if proto tcp to port { 22 } \
     keep state (max-src-conn 15, max-src-conn-rate 3/1, \
     overload <bruteforce> flush global)

pass out proto { tcp, udp } to port { 22 53 80 123 443 }

pass out inet proto icmp icmp-type $icmp_types

pass from { self $localnet } to any keep state

In /usr/local/etc/namedb/named.conf I changed
Bash: 
listen-on    { 127.0.0.1; };
to
Bash: 
// listen-on    { 127.0.0.1; };
.
For completeness I attached the whole file (but it is to much code to paste it directly in here).

My /usr/local/etc/dhcpd.conf:
Bash: 
option domain-name "localnet.localdomain";
option domain-name-servers 192.168.0.1;
option netbios-name-servers 192.168.0.1;

default-lease-time 600;
max-lease-time 7200;

ddns-update-style none;
always-broadcast on;

authoritative;

subnet 192.168.0.0 netmask 255.255.255.0 {
       range 192.168.0.100 192.168.0.199;
       option broadcast-address 192.168.0.255;
       option subnet-mask 255.255.255.0;
       option routers 192.168.0.1;

My /etc/hostapd.conf:
Bash: 
interface=wlan0
logger_syslog=-1
logger_syslog_level=0
logger_stdout=-1
logger_stdout_level=0
debug=3
# dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
ssid=MY_SSID
wpa=2
wpa_passphrase=MY_PSK
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP TKIP
ieee8021x=0
auth_algs=1
macaddr_acl=0

My /etc/resolv.conf (currently behind another router):
Bash: 
# Generated by resolvconf
nameserver 192.168.1.1

This is another issue but I should mention, that I start everything manually because I cannot configure the wlan0 interface at boot time for hostap (I'm not sure how to pass the create arguments to ifconfig in rc.conf). This is how I start everything (on my laptop I do the same):
# ifconfig wlan0 destroy
# ifconfig wlan0 create wlandev rum0 wlanmode hostap
# ifconfig wlan0 inet 192.168.0.1 netmask 255.255.255.0
# service pf restart
# service hostap restart
# service pflog restart
# service named restart
# service isc-dhcpd restart


This is my first post, so I hope I have provided all necessary information and posted this in the right forum, if not please tell me so.
 

Attachments

  • named.conf
    21.2 KB · Views: 77
  • named.conf
    21.2 KB · Views: 77
ok, I installed previously FreeBSD 12.1 and 13.0 r363439 on the Raspberry and one of them could not boot and the other one caused a kernel panic when trying to install xorg but I did not try all releases for 12.1 (I was happy to get xorg with FreeBSD running on the Raspberry even though it is still a development version).

I will try to get everything running with a 12.1 version.
Should I close this thread?
 
We don't close threads. Only when they go completely off the rails.

FreeBSD 12.1 should run fine on a Pi 3, except the Wifi (I used an old dongle I had lying around):
Code: 
dice@pibsd:~ % uname -a
FreeBSD pibsd.dicelan.home 12.1-RELEASE FreeBSD 12.1-RELEASE r354233 GENERIC  arm64
dice@pibsd:~ % dmesg
---<<BOOT>>---
Copyright (c) 1992-2019 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 12.1-RELEASE r354233 GENERIC arm64
FreeBSD clang version 8.0.1 (tags/RELEASE_801/final 366581) (based on LLVM 8.0.1)
VT(efifb): resolution 656x416
KLD file umodem.ko is missing dependencies
Starting CPU 1 (1)
Starting CPU 2 (2)
Starting CPU 3 (3)
FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
random: unblocking device.
random: entropy device external interface
MAP 39f4a000 mode 2 pages 1
MAP 39f4f000 mode 2 pages 1
MAP 3b350000 mode 2 pages 16
MAP 3f100000 mode 1 pages 1
kbd0 at kbdmux0
ofwbus0: <Open Firmware Device Tree>
simplebus0: <Flattened device tree simple bus> on ofwbus0
ofw_clkbus0: <OFW clocks bus> on ofwbus0
clk_fixed0: <Fixed clock> on ofw_clkbus0
clk_fixed1: <Fixed clock> on ofw_clkbus0
regfix0: <Fixed Regulator> on ofwbus0
regfix1: <Fixed Regulator> on ofwbus0
psci0: <ARM Power State Co-ordination Interface Driver> on ofwbus0
lintc0: <BCM2836 Interrupt Controller> mem 0x40000000-0x400000ff on simplebus0
intc0: <BCM2835 Interrupt Controller> mem 0x7e00b200-0x7e00b3ff irq 20 on simplebus0
gpio0: <BCM2708/2835 GPIO controller> mem 0x7e200000-0x7e2000b3 irq 23,24 on simplebus0
gpiobus0: <OFW GPIO bus> on gpio0
generic_timer0: <ARMv7 Generic Timer> irq 0,1,2,3 on ofwbus0
Timecounter "ARM MPCore Timecounter" frequency 19200000 Hz quality 1000
Event timer "ARM MPCore Eventtimer" frequency 19200000 Hz quality 1000
usb_nop_xceiv0: <USB NOP PHY> on ofwbus0
bcm_dma0: <BCM2835 DMA Controller> mem 0x7e007000-0x7e007eff irq 4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 on simplebus0
bcmwd0: <BCM2708/2835 Watchdog> mem 0x7e100000-0x7e100027 on simplebus0
bcmrng0: <Broadcom BCM2835 RNG> mem 0x7e104000-0x7e10400f irq 21 on simplebus0
mbox0: <BCM2835 VideoCore Mailbox> mem 0x7e00b880-0x7e00b8bf irq 22 on simplebus0
gpioc0: <GPIO controller> on gpio0
uart0: <PrimeCell UART (PL011)> mem 0x7e201000-0x7e201fff irq 25 on simplebus0
uart0: console (115200,n,8,1)
spi0: <BCM2708/2835 SPI controller> mem 0x7e204000-0x7e204fff irq 27 on simplebus0
spibus0: <OFW SPI bus> on spi0
spibus0: <unknown card> at cs 0 mode 0
spibus0: <unknown card> at cs 1 mode 0
iichb0: <BCM2708/2835 BSC controller> mem 0x7e804000-0x7e804fff irq 40 on simplebus0
bcm283x_dwcotg0: <DWC OTG 2.0 integrated USB controller (bcm283x)> mem 0x7e980000-0x7e98ffff,0x7e006000-0x7e006fff irq 46,47 on simplebus0
usbus0 on bcm283x_dwcotg0
sdhci_bcm0: <Broadcom 2708 SDHCI controller> mem 0x7e300000-0x7e3000ff irq 49 on simplebus0
mmc0: <MMC/SD bus> on sdhci_bcm0
fb0: <BCM2835 VT framebuffer driver> on simplebus0
fbd0 on fb0
VT: Replacing driver "efifb" with new "fb".
fb0: 656x416(656x416@0,0) 24bpp
fb0: fbswap: 1, pitch 1968, base 0x3eb33000, screen_size 818688
pmu0: <Performance Monitoring Unit> irq 53 on simplebus0
cpulist0: <Open Firmware CPU Group> on ofwbus0
cpu0: <Open Firmware CPU> on cpulist0
bcm2835_cpufreq0: <CPU Frequency Control> on cpu0
cpu1: <Open Firmware CPU> on cpulist0
cpu2: <Open Firmware CPU> on cpulist0
cpu3: <Open Firmware CPU> on cpulist0
gpioled0: <GPIO LEDs> on ofwbus0
gpioled0: <led0> failed to map pin
gpioled0: <led1> failed to map pin
cryptosoft0: <software crypto>
Timecounters tick every 1.000 msec
iicbus0: <OFW I2C bus> on iichb0
iic0: <I2C generic I/O> on iicbus0
usbus0: 480Mbps High Speed USB v2.0
ugen0.1: <DWCOTG OTG Root HUB> at usbus0
uhub0: <DWCOTG OTG Root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus0
mmcsd0: 128GB <SDHC SC128 8.0 SN A2E9CB60 MFG 12/2018 by 3 SD> at mmc0 50.0MHz/4bit/65535-block
mbox0: mbox response error
bcm2835_cpufreq0: can't get clock rate (id=8)
bcm2835_cpufreq0: ARM 600MHz, Core 250MHz, SDRAM -999MHz, Turbo OFF
Release APs...done
CPU  0: ARM Cortex-A53 r0p4 affinity:  0
Trying to mount root from ufs:/dev/ufs/rootfs [rw]...
 Instruction Set Attributes 0 = <CRC32>
 Instruction Set Attributes 1 = <>
         Processor Features 0 = <AdvSIMD,Float,EL3 32,EL2 32,EL1 32,EL0 32>
         Processor Features 1 = <0>
      Memory Model Features 0 = <4k Granule,64k Granule,S/NS Mem,MixedEndian,16bit ASID,1TB PA>
      Memory Model Features 1 = <>
      Memory Model Features 2 = <32b CCIDX,48b VA>
             Debug Features 0 = <2 CTX Breakpoints,4 Watchpoints,6 Breakpoints,PMUv3,Debug v8>
             Debug Features 1 = <0>
         Auxiliary Features 0 = <0>
         Auxiliary Features 1 = <0>
CPU  1: ARM Cortex-A53 r0p4 affinity:  1
CPU  2: ARM Cortex-A53 r0p4 affinity:  2
CPU  3: ARM Cortex-A53 r0p4 affinity:  3
WARNING: / was not properly dismounted
Warning: no time-of-day clock registered, system time will not be set accurately
uhub0: 1 port with 1 removable, self powered
ugen0.2: <vendor 0x0424 product 0x9514> at usbus0
uhub1 on uhub0
uhub1: <vendor 0x0424 product 0x9514, class 9/0, rev 2.00/2.00, addr 2> on usbus0
uhub1: MTT enabled
uhub1: 5 ports with 4 removable, self powered
ugen0.3: <vendor 0x0424 product 0xec00> at usbus0
smsc0 on uhub1
smsc0: <vendor 0x0424 product 0xec00, rev 2.00/2.00, addr 3> on usbus0
smsc0: chip 0xec00, rev. 0002
miibus0: <MII bus> on smsc0
smscphy0: <SMC LAN8700 10/100 interface> PHY 1 on miibus0
smscphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
ue0: <USB Ethernet> on smsc0
ue0: Ethernet address: b8:27:eb:6b:dd:09
ugen0.4: <Realtek 802.11n WLAN Adapter> at usbus0
ugen0.5: <Xingong Electronicg Co.. Xingong XGecu USB Prog.. Device> at usbus0
lo0: link state changed to UP
ue0: link state changed to DOWN
rtwn0 on uhub1
rtwn0: <Realtek 802.11n WLAN Adapter, class 0/0, rev 2.00/2.00, addr 4> on usbus0
rtwn0: MAC/BB RTL8188CUS, RF 6052 1T1R
ieee80211_load_module: load the wlan_amrr module by hand for now.
wlan0: Ethernet address: 00:13:ef:d0:27:7c
wlan0: link state changed to UP
warning: total configured swap (1048576 pages) exceeds maximum recommended amount (923824 pages).
warning: increase kern.maxswzone or reduce amount of swap.
ugen0.5: <Xingong Electronicg Co.. Xingong XGecu USB Prog.. Device> at usbus0 (disconnected)
ugen0.5: <Xingong Electronicg Co.. Xingong XGecu USB Prog.. Device> at usbus0
wlan0: link state changed to DOWN
wlan0: link state changed to UP
wlan0: link state changed to DOWN
wlan0: link state changed to UP
 
You must log in or register to reply here.
Back
Top