Table of Contents

DHCP Server - dnsmasq

By default, Endian Firewall is enabled with dhcpd. dnsmasq is also installed, but cannot serve computer names managed by dhcpd. For this reason, I have disabled dhcpd and modified the dnsmasq settings to act as a DNS and DHCP server. You need to setup the config files that will get loaded by dnsmasq when it starts.

Configuration

Edit /etc/dnsmasq/dnsmasq.d/custom.conf, following are minimum entries, expand as you need

# never forward plain names
domain-needed

# never forward addresses in the non-routed address spaces
bogus-priv

# do no poll /etc/resolv.conf for changes
no-poll

# Add other name servers here, with domain specs if they are for
# non-public domains.
server=168.126.63.1
server=168.126.63.2

# specify interfaces where dnsmasq will listen for DHCP and DNS requests
# add the bridge for the green and the orange network
interface=br0
interface=br1

# add the domain to simple names automatically
expand-hosts

# define the domain name
domain=condrau.com

# enable the dhcp server for the green interface only
dhcp-range=br0,192.168.1.100,192.168.27.200,12h

# add clients identified by adapter or name to obtain static addresses
# dhcp-host=00:00:00:00:00:00,laptop,192.168.1.20
# dhcp-host=desktop,192.168.1.21

# Add domains which you want to force to an IP address here.
# The example below send any host in doubleclick.net to a local
# webserver.
address=/doubleclick.net/127.0.0.1

Modify /etc/dnsmasq/dnsmasq.conf.tmpl as follows

# the main configuration file is found in 'conf-dir'
# bco, 2014-01-18
#if $DNSMASQ_ANTISPYWARE == 'on'
conf-file=/var/signatures/dnsmasq/blackholedns.conf
#end if
conf-dir=/etc/dnsmasq/dnsmasq.d
#if $DS.dnsmasq.local_nameserver
  #for $zone in $DS.dnsmasq.local_nameserver
    #if $zone.DOMAIN and $zone.IP
server=/$zone.DOMAIN/$zone.IP
    #end if
  #end for
#end if

#try
#include "/var/efw/dnsmasq/dnsmasq.custom.tmpl"
#except
#pass
#end try

This is necessary so you can make all dnsmasq settings in /etc/dnsmasq/dnsmasq.d/custom.conf, except for the ones which are controlled through Endian's web interface.

Stop dhcpd and restart dnsmasq

You first must disable dhcpd in the web interface of efw, menu Services, otherwise the internal settings will not be set properly. After that, do the following commands on the command line.

/etc/init.d/dhcpd stop
/etc/init.d/dnsmasq restart

This guide was taken from LAN Clients DNS-Records via DHCP and adapted to my setup.

Trace DNS queries

nslookup -debug condrau.com

Web interface

Navigate to Menu Services and make sure DHCP is disabled for all networks. Then, modify /home/httpd/cgi-bin/dhcp.cgi:

# disable activation of DHCP server if DNSMASQ handles DHCP requests
# bco, 2014-01-18
my $dnsmasq = 1;

Find line 536 in the original file which should contain “&openbox('100%', 'left', 'DHCP');” and insert the following lines before line 536:

if ($dnsmasq == 1) {
&openbox('100%', 'left', 'DHCP');
printf <<END
This machines uses <b>DNSMASQ</b> to serve DHCP leases.
Please modify '/etc/dnsmasq/dnsmasq.conf.tmpl' for changes.
(bco, 2014-01-18)
END
;
&closebox();
} else {

Insert before line 890 of the original file (just before “&closebigbox();”:

}#if bco

To add an info box which displays the current leases, add the following code between “&closebox();” and “} else {”:

my $leases = "/var/lib/misc/dnsmasq.leases";
use POSIX qw(strftime);
# bco, 2014-03-09
&openbox('100%', 'left', 'Current leases ('.strftime("%Y-%m-%d, %H:%M:%S", localtime()).')');
open my $file, "<", $leases or die "$leases: $!";
print '<b><u>Lease expires</td><td><b><u>Mac address</td><td><b><u>IP address</td><td><b><u>Hostname</td></tr><tr><td>';
my $i = 0;
while (my $line = <$file>) {
  @elements = split(/ /,$line);
  $i = 0;
  foreach (@elements) {
    if ($i == 0) {
      print strftime("%Y-%m-%d, %H:%M:%S", localtime($_));
      print '</td><td>';
    } elsif ($i <= 3) {
      print $_;
      print '</td><td>';
    } else {
    }
    $i = $i + 1;
  }
  print '</td></tr><tr><td>';
}
close $file;
&closebox();

Replace client

If you need to replace a client with a static IP address, do the following:

# /etc/init.d/dnsmasq stop
# vim /etc/dnsmasq/dnsmasq.d/custom.conf # replace the client's MAC address
# rm /var/lib/misc/dnsmasq.leases
# /etc/init.d/dnsmasq start

Trouble Shooting