Enhancement #2057

Firewall: enhance DHCP configuration on red interfaces

Added by Giacomo Sanchietti about 8 years ago. Updated about 8 years ago.

Status:CLOSEDStart date:07/15/2013
Priority:NormalDue date:07/19/2013
Assignee:-% Done:

100%

Category:nethserver-firewall-base
Target version:v6.4-beta2
Resolution: NEEDINFO:No

Description

When DHCP protocol is enabled on a red interface, the system should:
  • check for new DHCP lease even if red interface disconnects
  • avoid overwrite of /etc/resolv.conf with DHCP client data
  • correctly set gateway for all interfaces

networks.dump.txt Magnifier - NetworksDB dump after configuring eth1 (504 Bytes) Davide Principi, 07/19/2013 05:09 PM

ifcfg-ethX.txt Magnifier - Interfaces configuration files (351 Bytes) Davide Principi, 07/19/2013 05:11 PM


Related issues

Related to NethServer 6 - Enhancement #2075: Update NetworksDB on udev events CLOSED 08/01/2013 08/02/2013
Related to NethServer 6 - Bug #2213: /etc/resolv.conf overwritten by dhclient CLOSED

Associated revisions

Revision 821ceca4
Added by Giacomo Sanchietti about 8 years ago

web ui: handle persistent_dhclient and peer_dns options. Refs #2057

Revision 4a00ad5d
Added by Giacomo Sanchietti about 8 years ago

interface-config-write: skip interface without ipaddress and netmask. Refs #2057

Revision 7c36a73a
Added by Giacomo Sanchietti about 8 years ago

web ui: fix peerdns propr typo. Refs #2057

Revision 04fca2e9
Added by Giacomo Sanchietti about 8 years ago

web ui: fix peerdns propr typo. Refs #2057

History

#1 Updated by Giacomo Sanchietti about 8 years ago

  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20

To disable /etc/resolv.conf overwrite, set peer_dns to n.

To enable dhclient retry on errors, set persistent_dhclient to y.

#2 Updated by Giacomo Sanchietti about 8 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#3 Updated by Giacomo Sanchietti about 8 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 70

#4 Updated by Giacomo Sanchietti about 8 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 70 to 80
Packages in testing:
  • nethserver-base-1.2.5-1.ns6.noarch.rpm
  • nethserver-firewall-base-1.0.3
Test case:
  • install packages listed above
  • configure a red interface with static/dhcp protocol
  • check /etc/resolv.conf is not overwritten
  • check dhclient is launched without -1 option

#5 Updated by Davide Principi about 8 years ago

  • Assignee deleted (Giacomo Sanchietti)

ON_QA: Assignee reset

#6 Updated by Davide Principi about 8 years ago

  • Due date set to 07/19/2013
  • Assignee set to Davide Principi
  • Start date set to 07/15/2013

#7 Updated by Davide Principi about 8 years ago

  • File networks.dump.txtMagnifier added
  • Status changed from ON_QA to ON_DEV
  • Assignee deleted (Davide Principi)
  • % Done changed from 80 to 30

REJECTED

Testing environment
  • eth0 configured by Anaconda, eth{1,2,3} added later
  • RPMs:
        # rpm -qa | grep -F .ns6
    nethserver-php-1.1.0-1.ns6.noarch
    nethserver-smartd-1.0.0-1.ns6.noarch
    nethserver-yum-1.1.0-1.ns6.noarch
    nethserver-base-1.3.1-1.ns6.noarch
    nethserver-nethgui-1.2.1-1.ns6.noarch
    nethserver-firewall-base-1.0.3-1.ns6.noarch
    nethserver-httpd-admin-1.0.4-1.ns6.noarch
    nethserver-grub-1.0.1-1.ns6.noarch
    nethserver-openssh-1.0.2-1.ns6.noarch
    nethserver-lib-1.2.0-1.ns6.noarch
    postfix-2.9.6-2.ns6.x86_64
    nethserver-ntp-1.0.4-1.ns6.noarch
    nethserver-shorewall-1.0.0-1.ns6.noarch
    

After configuring eth1 from NetworkAdapter UI module, /etc/resolv.conf has been overwritten and dhclient is running as

/sbin/dhclient -q -lf /var/lib/dhclient/dhclient-eth1.leases -pf /var/run/dhclient-eth1.pid eth1

See also the attached networks database dump: networks.dump.txt

Notes
  • NetworksDB is updated by NetworkAdapter UI module in initialize(). Can udev do the job instead ? See Enhancement #2075

#8 Updated by Davide Principi about 8 years ago

#9 Updated by Giacomo Sanchietti about 8 years ago

  • Assignee set to Giacomo Sanchietti

#10 Updated by Giacomo Sanchietti about 8 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60
Changes:
  • update interface to manage peerdns: valid values are yes and no
  • update shorewall templates to use new syntax for COMMENT and FORMAT commands

#11 Updated by Giacomo Sanchietti about 8 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
New package in nethserver-testing repository:
  • nethserver-firewall-base-1.0.4-1

#12 Updated by Davide Principi about 8 years ago

  • Assignee set to Davide Principi

#13 Updated by Davide Principi about 8 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 70 to 90

VERIFIED

  • /etc/resolv.conf has not been overwritten
  • dhclient is running without -1 option
      # ps -C dhclient -o command | tail
    COMMAND
    /sbin/dhclient -q -lf /var/lib/dhclient/dhclient-eth1.leases -pf /var/run/dhclient-eth1.pid eth1
    

#14 Updated by Davide Principi about 8 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100

Moved to nethserver-updates repository

Also available in: Atom PDF