LostZimbo

Members
  • Content Count

    8
  • Joined

  • Last visited

  1. Hi Barish, yes you are completely right the issue was that dnsmasq was set to a non standard port (5353 if I recall) because bind9 was using port 53 and dnsmasq did not like handling name forward requests on that port for some reason it will only do it when it is on port 53
  2. I tried following where the packets go using tshark: set it up on the espressobin and connected to the wifi with my phone (with which I have not set up a DNS. On my laptop I have configured 8.8.8.8 for use as DNS so internet through the espressobin works just fine. Makes sense.) Following on the wan interface when I went to google.com on my phone the following packets were picked up: Capturing on 'wan' 1 0.000000000 192.168.0.10 → 8.8.8.8 DNS 70 Standard query 0x6d4a A google.com 2 0.001193480 8.8.8.8 → 192.168.0.10 DNS 86 Standard query response 0x6d4a A google.com A 172.217.22.78 Following on the br0 interface, which bridges lan0, lan1 and the wifi the following packets were picked up: Capturing on 'br0' 1 0.000000000 172.24.1.172 → 8.8.8.8 DNS 70 Standard query 0x3de5 A google.com 2 0.001419808 8.8.8.8 → 172.24.1.172 DNS 86 Standard query response 0x3de5 A google.com A 172.217.22.78 Just for some strange reason nothing makes it back to my phone (which has the local ip address 172.24.1.172). This was never an issue before when I set my espressobin up as a server, name forwarding just *happened* so I never really asked how and never tried to use anything such as bind9. The DNS servers set up for bind9 are those associated with opendns (208.67.222.222; 208.67.220.220) while in the network file for the wan interface the DNS set is the google 8.8.8.8 which can be seen in the packets above. So queries are occurring but NOT through bind9. I feel there is some small detail I am missing but do not know what.
  3. So I flashed a recent backup image to the SD card but still no wan, lan0 or lan1 which forced me to fall back to the default Armbian Buster image and start over from scratch. I am back to where I was two days ago now: everything working except for name resolution outside the network. I have removed validation and the specific error regarding unreachable network is gone however still no DNS forwarding. In fact there is now no clear error at all. I will look at replacing the key as suggested but I do not think this is the problem. Name forwarding outside of my subnet to the internet is my current problem, not local issues apologies of not being clear. However I did try to map my local network with nmap and all systems are called "localhost". I will take a look at avahi as well to clean this up a little thanks.
  4. Thank you for the response I will be trying this asap! Sounds like it could be the problem. In the mean time I have bigger problems the wan, lan0 and lan1 have all just disapeared! No idea what happened but now when I type "ip link show", there is eth0, lo, br1 and wlx24050fae5224 but none of the lan ports. Weird.
  5. Hi all, I have an espressobin v5, running the newest Armbian 20.02.01 Buster that is available online (installed just recently). I am using this device as a home gateway/router so there is hostapd, dnsmasq, iptables that kind which is all working perfectly. But I cannot enable name resolution for the subnet!! Packet forwarding works fine, if I set the DNS manually on any of the devices connected to the subnet then the connection works perfectly but I would prefer to have it performed dynamically for any guest that connects. I installed bind9, this is the named.conf.options file: acl allowed_clients { localhost; 172.24.0.0/16; }; options { directory "/var/cache/bind"; // managed-keys-directory "/etc/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. recursion yes; allow-query { allowed_clients; }; forward only; listen-on { //172.24.0.0/16; any;}; forwarders { 208.67.222.222; 208.67.220.220; }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto; listen-on-v6 { none; }; }; The status of the bind9 service shows the following: Mar 18 15:35:25 espressobin named[671]: zone 255.in-addr.arpa/IN: loaded serial 1 Mar 18 15:35:25 espressobin named[671]: zone localhost/IN: loaded serial 2 Mar 18 15:35:25 espressobin named[671]: all zones loaded Mar 18 15:35:25 espressobin named[671]: running Mar 18 15:35:25 espressobin named[671]: network unreachable resolving './DNSKEY/IN': 208.67.222.222#53 Mar 18 15:35:25 espressobin named[671]: network unreachable resolving './DNSKEY/IN': 208.67.220.220#53 Mar 18 15:35:25 espressobin named[671]: managed-keys-zone: Unable to fetch DNSKEY set '.': SERVFAIL Mar 18 15:35:26 espressobin systemd[1]: Started BIND Domain Name Server. Mar 18 15:37:18 espressobin named[671]: listening on IPv4 interface br1, 172.24.1.1#53 Mar 18 15:37:21 espressobin named[671]: listening on IPv4 interface wan, 192.168.0.10#53 If anyone can point out what I am doing wrong I would be grateful. The bridge br1 bridges between lan0, lan1 and wlx24050fae5224 (wireless transceiver).
  6. The armbian-firmware on my espressobin was updated to version 5.90 and now everything is working way better! I see in the change log that the drivers for rtl8812 and others were updated so clearly this was the issue. If whoever updated it sees this I thank you!
  7. OK Apologies for the late response, this is just a side hobby I do not get a lot of time for it but have not given up. I found the issue with dnsmasq- it needs an ip address to listen on! So I took the wan port and eth0 off of the bridge Br0, leaving lan0, lan1 and wlx24050fae5224 on it with an ip address of 172.24.1.1 and dnsmasq listening to this interface/address combination: [Match] Name=lan1 #As an example, same with lan0 and the wifi which is on wlx24050fae5224 [Network] Bridge=br0 dnsmasq.conf: dhcp-range=172.24.1.50,172.24.1.150,24h interface=br0 listen-address=172.24.1.1 hostapd.conf: ssid=Total Internal Reflection interface=wlx24050fae5224 hw_mode=g channel=5 bridge=br0 driver=nl80211 logger_syslog=0 logger_syslog_level=0 wmm_enabled=0 wpa=2 preamble=1 wpa_passphrase=******** wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP auth_algs=1 macaddr_acl=0 noscan=1 and iptables to allow through the firewall: # Generated by iptables-save v1.6.0 on Fri Mar 22 18:42:34 2019 *nat :PREROUTING ACCEPT [4430:346020] :INPUT ACCEPT [2104:185804] :OUTPUT ACCEPT [6284:556501] :POSTROUTING ACCEPT [3233:233316] -A POSTROUTING -o wan -j MASQUERADE COMMIT # Completed on Fri Mar 22 18:42:34 2019 # Generated by iptables-save v1.6.0 on Fri Mar 22 18:42:34 2019 *filter :INPUT ACCEPT [16787:1562239] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [16813:1994727] -A FORWARD -i br0 -o wan -j ACCEPT -A FORWARD -i wan -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT COMMIT # Completed on Fri Mar 22 18:42:34 2019 finally there is also an ebtables setup which I created from the debian information page https://wiki.debian.org/BridgeNetworkConnections#ebtables_Overview On lan connection this routing setup works great, fast connection and stable and exactly what I always dreamed of. The wifi is available and I can connect to it but it keeps dropping every few seconds! When the wifi is working I get great internet speeds but then it stops and starts. I am writing this on the wifi now on my laptop but on my phone it will disconnect when there is no internet (so after a few seconds of connection). I tried to run hostapd directly on the console (sudo hostapd /etc/hostapd.conf -d) and a wifi is created but the password is different from that in the etc/hostapd.conf file so I cannot connect to it to see what is going on Has anybody seen this sort of action? I have been searching online for a solution but most mention problems of disconnection after 10 minutes rather than a few seconds. Any suggestion in the direction would be helpful.
  8. I bought an espressobin and a realtek rtl8812au based usb wifi device because I wanted to set up a linux based wifi network at home. It is running the armbian mainline kernel with Debian 9. I installed hostapd and dnsmasq (config files below) and it works, hurray! Bad news is I do not understand how. I tried to look at the list of connected devices (cat /var/lib/misc/dnsmasq.leases) but this showed nothing. I disabled dnsmasq and rebooted and the wifi continued to work without dnsmasq. So my question is this- without the dnsmasq service what exactly is handing out the ip addresses to devices connecting via dhcp? Hostapd config file: ssid=ARMBIAN interface=wlx24050fae5224 hw_mode=g channel=5 bridge=br0 driver=nl80211 logger_syslog=0 logger_syslog_level=0 wmm_enabled=0 wpa=2 preamble=1 wpa_psk=66eb31d2b48d19ba216f2e50c6831ee11be98e2fa3a8075e30b866f4a5ccda27 wpa_passphrase=******** wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP auth_algs=1 macaddr_acl=0 noscan=1 ctrl_interface=/var/run/hostapd ctrl_interface_group=0 dnsmasq config file: interface=wlx24050fae5224 dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,24h The ip address for my laptop on the network is 192.168.0.24 and for my phone is 192.168.0.11 further proving that dnsmasq is not controlling any ip addresses. I took a look at the router I got from my internet provider (it has reallllly crappy wifi so that is one of the reasons I am undertaking this project) and my phone and laptop, connected to the espressobin wifi network are show on the network with ip addresses 192.168.0.11 and the phone has an ip address of 100.73.80.157 (???). I have no idea what is going on; I have used linux desktop for about 5 years now but this is my first time dealing with networking. Any input would be valued.