Dnsmasq problem: IP-Phones ignored in V7.5

flatspin · June 15, 2018, 7:25pm

Hi guys, I need your help.

I upgraded my NS 76 to NS 7 vis rsync. This time everyting went fine, execpt, that non of the IP-Phones (Yeahlink TG-46 and 42) is getting an IP-adress.
From messages.log:

Jun 15 21:18:21 nethserver dnsmasq-dhcp[10168]: DHCPDISCOVER(br0) 00:15:65:d2:a3:79 ignored
Jun 15 21:18:21 nethserver dnsmasq-dhcp[10168]: DHCPDISCOVER(br0) 00:15:65:d2:a2:90 ignored
Jun 15 21:18:22 nethserver dnsmasq-dhcp[10168]: DHCPDISCOVER(br0) 00:15:65:d2:9d:6d ignored
Jun 15 21:18:23 nethserver dnsmasq-dhcp[10168]: DHCPDISCOVER(br0) 00:15:65:d2:a3:71 ignored
Jun 15 21:18:25 nethserver dnsmasq-dhcp[10168]: DHCPDISCOVER(br0) 00:15:65:d2:a3:79 ignored
Jun 15 21:18:25 nethserver dnsmasq-dhcp[10168]: DHCPDISCOVER(br0) 00:15:65:d2:a2:90 ignored
Jun 15 21:18:25 nethserver dnsmasq-dhcp[10168]: DHCPDISCOVER(br0) 00:15:65:d2:a3:45 ignored
Jun 15 21:18:26 nethserver dnsmasq-dhcp[10168]: DHCPDISCOVER(br0) 00:15:65:d2:9d:6d ignored
Jun 15 21:18:27 nethserver dnsmasq-dhcp[10168]: DHCPDISCOVER(br0) 00:15:65:d2:a3:71 ignored
Jun 15 21:18:28 nethserver dnsmasq-dhcp[10168]: DHCPDISCOVER(br0) 00:15:65:d2:a3:79 ignored
Jun 15 21:18:29 nethserver dnsmasq-dhcp[10168]: DHCPDISCOVER(br0) 00:15:65:d2:a2:90 ignored
Jun 15 21:18:29 nethserver dnsmasq-dhcp[10168]: DHCPDISCOVER(br0) 00:15:65:d2:a3:45 ignored
Jun 15 21:18:29 nethserver dnsmasq-dhcp[10168]: DHCPDISCOVER(br0) 00:15:65:a2:ad:78 ignored
Jun 15 21:18:29 nethserver dnsmasq-dhcp[10168]: DHCPDISCOVER(br0) 00:15:65:d2:9d:6d ignored
Jun 15 21:18:29 nethserver dnsmasq-dhcp[10168]: DHCPDISCOVER(br0) 00:15:65:c2:c0:00 ignored
Jun 15 21:18:30 nethserver dnsmasq-dhcp[10168]: DHCPDISCOVER(br0) 00:15:65:d2:a3:71 ignored
Jun 15 21:18:32 nethserver dnsmasq-dhcp[10168]: DHCPDISCOVER(br0) 00:15:65:a2:ad:78 ignored
Jun 15 21:18:32 nethserver dnsmasq-dhcp[10168]: DHCPDISCOVER(br0) 00:15:65:c2:c0:00 ignored
Jun 15 21:18:34 nethserver dnsmasq-dhcp[10168]: DHCPDISCOVER(br0) 00:15:65:a2:b0:0c ignored
Jun 15 21:18:35 nethserver dnsmasq-dhcp[10168]: DHCPDISCOVER(br0) 00:15:65:a2:ad:78 ignored
Jun 15 21:18:36 nethserver dnsmasq-dhcp[10168]: DHCPDISCOVER(br0) 00:15:65:c2:c0:00 ignored
Jun 15 21:18:37 nethserver dnsmasq-dhcp[10168]: DHCPDISCOVER(br0) 00:15:65:a2:b0:0c ignored

Please can some give a hint how to solve??

TIA Ralf

flatspin · June 16, 2018, 12:51pm

Hi guys, thanks for helping, but I found it myself.

Standard config is with mac-filtering => dhcp-ignore=tag:!known
outcommented this and everything runs fine!

@davidep or @giacomo do you think it’s good to enable mac-filtering by default?
O.k. it’s security relevant. But if you don’t know that it’s enabled by default you don’t know why dhcp doesn’t work at all. So may be a hint in the server-manager-panel would be fine.

robb · June 16, 2018, 1:01pm

Good to know you could solve this yourself.
IMO mac address filtering is more like security by obscurity and not that safe. Mac address spoofing isn’t the most difficult config thinkable. And getting a ‘valid’ macaddress can be done reasonably easy with a packetsniffer.

flatspin · June 16, 2018, 1:05pm

I agree, but why is it enabled by default?

giacomo · June 18, 2018, 7:30am

Hi Ralf, I searched a bit inside our productions server but I didn’t found the dhcp-ignore=tag:!known option.

Reading the man pages, such option should be disabled by default. Since this problem has never been reported, could you help me a bit to find the cause?
Just post the output of following commands:

grep -R 'dhcp' /etc/dnsmasq*
grep -R 'known' /etc/dnsmasq*
find /etc/e-smith/templates-custom/

flatspin · June 18, 2018, 8:15am

Of course I’ll, thanks for reply.

 find /etc/e-smith/templates-custom/
/etc/e-smith/templates-custom/
/etc/e-smith/templates-custom/etc
/etc/e-smith/templates-custom/etc/dnsmasq.conf
**/etc/e-smith/templates-custom/etc/dnsmasq.conf/33macfilter**
/etc/e-smith/templates-custom/etc/hosts
/etc/e-smith/templates-custom/etc/rc.d
/etc/e-smith/templates-custom/etc/rc.d/rc.local
/etc/e-smith/templates-custom/etc/rc.d/rc.local/20br0address
/etc/e-smith/templates-custom/etc/shorewall
/etc/e-smith/templates-custom/etc/shorewall/rules
/etc/e-smith/templates-custom/etc/shorewall/rules/46phpvirtualbox
/etc/e-smith/templates-custom/etc/ups
/etc/e-smith/templates-custom/etc/ups/upsmon.conf
/etc/e-smith/templates-custom/etc/ups/upsmon.conf/30notify

O.k. seems you got me
There is an old template custom. But I can’t remember about it. It’s from Nov. 2016.
It seems that this was active on my old NS6, but without any impact, so I forgot about it.
I know that I didn’t us it on the old NS.
But it can only be my own one, so I have to say: IT WAS MY OWN FAULT!
Sorry that I botherd you with that.

Thanks for showing me my dullness.

giacomo · June 18, 2018, 8:17am

Ahaha! No problem, thank you for digging a little bit: it’s always useful to know if an issue can affect other users!

flatspin · June 18, 2018, 8:22am

For me it’s also good, because after the next expand-template because of an dnsmasq-update or something else the problem would have reappeared…