Struggling to resolve locally to dnsmasq, and to act as a gateway

J

jmansion

I have a FreeBSD box with multiple lan ports. Two LANs are local (a wifi mesh and mains network) and I have two WAN routers - and ADSL and a 4G.
First problem - on the host, I'm not resolving to dnsmasq. dnsmasq DOES resolve names (on my chosen WAN link) for hosts its assigned IPs to via DHCP.

My resolv.conf is:
nameserver 127.0.0.1
nameserver ::1
domain lan
options edns0

And my resolvconf.conf is:
resolv_conf="/dev/null" # prevent updating /etc/resolv.conf

Every attempt to resolve beyond things in /etc/hosts fails, and there is no sign of any query being made against dnsmasq - I enabled logging.


The second issue is that from connected hosts I can see that the gateway is set to the FreeBSD box, and the DNS source - and the DNS is resolving. But I don't get any packet forwarding.
dnsmasq is successfully derving DHCP and DNS to 192.168.13.59

I have in rc.conf:
#ifconfig_re0="DHCP"
ifconfig_re2="inet 192.168.1.2 netmask 255.255.255.0"
ifconfig_re4="inet 192.168.40.2 netmask 255.255.255.0"
ifconfig_re1="inet 192.168.11.2 netmask 255.255.255.0"
ifconfig_re3="inet 192.168.13.2 netmask 255.255.255.0"
#defaultrouter="192.168.1.254"
defaultrouter="192.168.40.1"

dnsmasq_enable="YES"
resolv_enable="NO"
gateway_enable="YES"

I do NOT have pf enabled - do I need it? Its not clear from the handbook section on enabling gateway. Nor do I have any static routes set up. On the host I can ping the gateway and hosts that I know the ip of, so its going through the WAN gateway OK.
 
jmansion said:
I have a FreeBSD box with multiple lan ports. Two LANs are local (a wifi mesh and mains network) and I have two WAN routers - and ADSL and a 4G.
First problem - on the host, I'm not resolving to dnsmasq. dnsmasq DOES resolve names (on my chosen WAN link) for hosts its assigned IPs to via DHCP.
Click to expand...
Looks like I've fixed dnsmasq resolving on the host.
I found that I also had:
local_unbound_enable="YES"
in my rc.conf. Removing that seems to have fixed things, from that point of view.

I still don't seem to get any forwarding between the interfaces though - even to ping the routers on the wan devices from the internal LANs.
 
I've made progress by:
firewall_enable="YES"
firewall_type="open"
firewall_nat_enable="YES"
natd_enable="YES"
natd_interface="re4"
natd_flags="-log"

So at least I have faster internet now, but I think I need NAT on both external interfaces. Can I do that with natd?
 
jmansion said:
I've made progress by:
firewall_enable="YES"
firewall_type="open"
firewall_nat_enable="YES"
natd_enable="YES"
natd_interface="re4"
natd_flags="-log"

So at least I have faster internet now, but I think I need NAT on both external interfaces. Can I do that with natd?
Click to expand...
I really don't know about NATd. You seem to have NATd and IPFW both doing NAT.

With the settings you have enabled the FreeBSD firewall IPFW.

Take some time and read on what you have enabled.
 
Can I make a suggestion. Since a dual-homed network is much harder to setup consider getting it up and running with one ISP connection (ADSL) then add another once you figured out what you what router/forwarder stuff you want to use.
DNSMasq makes for a nice DHCP server and should be considered.
 
I have changed to PF and its working OK, though I don't have static routes set for the stuff I want to send over ADSL.
I'm using dnsmasq now, but it resolves for hosts on my LAN - but not for the FreeBSD box that's actually the gateway/firewall/resolver.
 
You must log in or register to reply here.
Back
Top