Replace ISC DHCP Server with dnsmasq

This guide is for EFW 3.2 versions and newer.

Upgrade the GUI

dnsmasq is a light weight DNS resolver and DHCP server, with simple configuration and still great functionality. I prefer it over the built in ISC DHCP server, so I adapted some scripts to be able to use dnsmasq as DHCP server in Endian Firewall 3. SSH into the box, then do the following:

  1. copy dhcp30.cgi into /home/httpd/cgi-bin (this is the dhcp.cgi taken from version 3.0, as from version 3.2, it's contents are integrated into another script)
  2. copy dnsmasq.cgi into /home/httpd/cgi-bin (this is the script displaying DNSmasq leases, based on the dhcp.cgi taken from version 3.0)
  3. copy menu-dhcp.pl into /home/httpd/menus/main (modified menu for the DHCP services)
  4. copy the config files into /etc/dnsmasq/dnsmasq.d: leases.conf, local.conf, network.conf, settings.conf

Configuration

Separating the config for dnsmasq into those 4 files will simplify your admin efforts to keep them updated, or even to transfer them to another Endian Firewall. Note also the following: dhcp30.cgi and dnsmasq.cgi do not exist in EFW3, but menu-dhcp.pl will get overwritten when you upgrade the firewall. You might want to keep a copy as menu-dhcp.pl.new, then you can simply copy this file back to menu-dhcp.pl after an upgrade.

You might also want to remove the fixed lease file of the ISC DHCP server with the following command. The second line is an example for it's content:

rm /var/efw/dhcp/fixleases
dc:fe:07:e0:4d:63,192.168.1.41,on,,,,titan

SFTP commands

Use the following commands to copy the settings from/to the firewall. This assumes commands entered from a Synology NAS with DSM 6.2 or newer.

/bin/sudo sftp -o "IdentityFile=~/.ssh/id_rsa" <efw-machine>
sftp> get -r /etc/dnsmasq
sftp> put -r /etc/dnsmasq
sftp> !ls

Use “!” to execute linux commands without leaving sftp. See SFTP commands cheat sheet.

DNSmasq