Feature #2849

Support DHCP on multiple interfaces

Added by Filippo Carletti almost 7 years ago. Updated almost 7 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-dnsmasq
Target version:v6.5
Resolution: NEEDINFO:No

Description

Guest network (blue) should offer ip address by dhcp.
We need:
  1. some modifications to dnsmasq.conf to enable dhcp
  2. a web panel to input a range of ip addresses
  3. probably, a validator for the range to be in blue

I'm attaching some templates to enable dhcp on blue.
The range gose in /etc/e-smith/templates-custom/etc/dnsmasq.conf/99blue_dhcp with the ethX name of blue.
To activate:

tar -zxvf nsec65_blue_dhcp.tar.gz -C /
expand-template /etc/dnsmasq.conf
signal-event firewall-adjust
service dnsmasq restart

nsec65_blue_dhcp.tar.gz (1.14 KB) Filippo Carletti, 09/04/2014 10:23 AM

nsec65_blue_dhcp2.tar.gz (1.33 KB) Filippo Carletti, 09/08/2014 05:22 AM


Related issues

Related to NethServer 6 - Bug #2833: DHCP - multiple static assignement with the same mac CLOSED
Related to Nethgui - Bug #2898: ObjectsCollection widget: validation tooltips are not dis... CLOSED

Associated revisions

Revision 1009f93b
Added by Giacomo Sanchietti almost 7 years ago

DB and templates: add support for multiple DHCP. Refs #2849

Revision c64a7aab
Added by Giacomo Sanchietti almost 7 years ago

Templates: add support for multiple DHCP. Refs #2849

Revision 5535bd12
Added by Giacomo Sanchietti almost 7 years ago

Network services: add CIDR support in UI. Refs #2849

Revision bf047f02
Added by Giacomo Sanchietti almost 7 years ago

Web UI: remove DHCP labels. Refs #2849

Revision 76f619d6
Added by Giacomo Sanchietti almost 7 years ago

Web UI: new interface stub. Refs #2849

Revision 7a158dbe
Added by Giacomo Sanchietti almost 7 years ago

Web UI: update dashboard widget. Refs #2849

Revision 0097ecd9
Added by Giacomo Sanchietti almost 7 years ago

Web UI: refactor tabs. Refs #2849

Revision 209de433
Added by Giacomo Sanchietti almost 7 years ago

Network services: add CIDR support in UI. Refs #2849

Revision aee41eea
Added by Giacomo Sanchietti almost 7 years ago

Inline help: remove DHCP sections. Refs #2849

Revision 1c96f51a
Added by Giacomo Sanchietti almost 7 years ago

Inline help: refactor chapters. Refs #2849

Revision 7dcbe49d
Added by Giacomo Sanchietti almost 7 years ago

Inline help: add CIDR option. Refs #2849

Revision dc37829b
Added by Giacomo Sanchietti almost 7 years ago

Save event: clean up dangling reanges. Refs #2849

Revision 90673953
Added by Davide Principi almost 7 years ago

Bump Nethgui version 25e17108c813b38b44d975d2dd052e289ff3469f. Refs #2849

Revision 1559584a
Added by Davide Principi almost 7 years ago

Dhcp/Configure page: use objectsCollection widget for single page controller. Refs #2849

Revision 7ece170a
Added by Giacomo Sanchietti almost 7 years ago

Templates: add support for multiple DHCP. Refs #2849

Revision 7bda97c5
Added by Giacomo Sanchietti almost 7 years ago

Save event: clean up dangling dhcp ranges. Refs #2849

Revision 2e57e347
Added by Davide Principi almost 7 years ago

Dhcp/Configure page: use objectsCollection widget for single page controller. Refs #2849

Revision 81ac15a1
Added by Giacomo Sanchietti almost 7 years ago

dnsmasq.conf template: fix router option Refs #2849

When at least one red interface is configured,
force the ip address of dhcp interface as router option.

Revision 0d96cbff
Added by Davide Principi almost 7 years ago

Dhcp UI module: fix first network ip address. Refs #2849

Revision 979544a5
Added by Giacomo Sanchietti almost 7 years ago

rules's template: change DNS rule for blue. Refs #2849

Do not enable DNS rules for blue zone,
if no blue zone is configured.

History

#1 Updated by Filippo Carletti almost 7 years ago

Please, note that the custom templates add a dhcp option to interfaces.

#2 Updated by Filippo Carletti almost 7 years ago

We should probably open services running on the firewall from blue.
And review all inter-zone traffic policies.

#3 Updated by Filippo Carletti almost 7 years ago

Meanwhile, to open dns from blue:

cat <<EOF >/etc/e-smith/templates-custom/etc/shorewall/rules/99dnsmasq_blue

?COMMENT dnsmasq blue
ACCEPT blue $FW tcp 53
ACCEPT blue $FW udp 53
EOF

#4 Updated by Filippo Carletti almost 7 years ago

Attached a new revision of templates using the key instead of the device prop.

#5 Updated by Filippo Carletti almost 7 years ago

  • Target version set to v6.5

#6 Updated by Giacomo Sanchietti almost 7 years ago

  • Category set to nethserver-dnsmasq
  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20

#7 Updated by Giacomo Sanchietti almost 7 years ago

We should probably open services running on the firewall from blue.
And review all inter-zone traffic policies.

Special property AllowHosts was developed with this scenario in mind.

For example, given a configuration GREEN+BLUE, where blue network is 10.0.1.0/24.
We want to open DNS access from blue network:

config setprop dnsmasq AllowHosts 10.0.1.0/24
signal-event firewall-adjust

The AllowHosts prop supports a list of IP or CIDR, but the web interface allows only a list of hosts. We just need to update the web interface validator.

I also would like to change the issue's title to something like "Support DHCP on multiple interfaces".
About the implementation, I propose something simple:
  • new database dhcp
  • each record of type range has following properties:
    • key: associated interface name
    • status: can be enabled or disabled
    • DhcpRangeStart: first IP address of DHCP range
    • DhcpRangeEnd: last IP address of DHCP range
    • DhcpLeaseTime: seconds of lease time. Default is 8640
    • DhcpGatewayIp: (optional) set a custom gateway ip. If not set, the gateway is the ip address of associated interface (record key)

In the future, the range record can be extend with extra options, like custom DNS/WINS server, etc.

We also need to do a big refactor on web interface, maybe a solution is to split DNS and DHCP configuration into separate pages.

#8 Updated by Giacomo Sanchietti almost 7 years ago

Other proposed solution:
  • add a "DHCP server" inside the "network configuration"
  • the new section should be specified for each interface with a role

#9 Updated by Filippo Carletti almost 7 years ago

  • the new section should be specified for each interface with a role

Do you really need a dhcp server on every role? I think that green and blue are the only zones that need dhcp.

And dhcp should work out of the box, i.e. the AllowHosts should be automatic.

#10 Updated by Giacomo Sanchietti almost 7 years ago

DNSMasq it's probably the only special case where ports should be automatically open on blue zone if the DHCP is enabled.

For all other services, use AllowHosts property.

#11 Updated by Giacomo Sanchietti almost 7 years ago

  • Subject changed from DHCP support on blue to Support DHCP on multiple interfaces
  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#12 Updated by Giacomo Sanchietti almost 7 years ago

  • Assignee deleted (Giacomo Sanchietti)

Implemented on branch b2849.

Modified packages:
  • nethserver-dnsmasq
  • nethserver-hosts
  • nethserver-firewall-base
  • nethserver-base
What is missing:
  • web interface for creating and deleting new dhcp range records: records can be associated only with green and blue interfaces
  • also add a validator to check that interval is inside the network of associated interface

#13 Updated by Giacomo Sanchietti almost 7 years ago

  • Related to Bug #2833: DHCP - multiple static assignement with the same mac added

#14 Updated by Davide Principi almost 7 years ago

  • Assignee set to Davide Principi

#15 Updated by Davide Principi almost 7 years ago

  • Related to Bug #2898: ObjectsCollection widget: validation tooltips are not displayed added

#16 Updated by Davide Principi almost 7 years ago

  • Assignee deleted (Davide Principi)
Modified
  • nethserver-dnsmasq (b2849)
  • nethserver-httpd-admin (master, see #2898)

#17 Updated by Giacomo Sanchietti almost 7 years ago

  • Assignee set to Giacomo Sanchietti

Merge branch b2849 to master:

  • nethserver-hosts
  • nethserver-firewall-base
  • nethserver-base
  • nethserver-dnsmasq

#18 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#19 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
Packages in nethserver-testing:
  • nethserver-hosts-1.0.8-3.0gitaee41eea.ns6.noarch.rpm
  • nethserver-dnsmasq-1.1.2-8.0gita1a863ea.ns6.noarch.rpm
  • nethserver-base-2.3.0-20.0git2a20e403.ns6.noarch.rpm
  • nethserver-firewall-base-2.1.0-1.5gitb9adabe.ns6.noarch.rpm nethserver-firewall-base-2.1.0-1.6git979544a.ns6.noarch.rpm
  • nethserver-httpd-admin-1.3.1-1.1git9067395.ns6.noarch.rpm
Test case
  • Configure one green and one blue interface (the red is mandatory)
  • Configure dhcp on both interfaces
  • Check clients can lease an IP
  • Check gateway and DNS IP sent to clients

#20 Updated by Davide Principi almost 7 years ago

  • Assignee set to Davide Principi

#21 Updated by Davide Principi almost 7 years ago

  • NEEDINFO changed from No to Yes

NEEDINFO

The old green gateway setting is still in /etc/dnsmasq.conf.

If a red interface exists, I'd expect the DHCP server sets itself as LAN gateway.

#22 Updated by Giacomo Sanchietti almost 7 years ago

  • NEEDINFO changed from Yes to No

The old green gateway setting is still in /etc/dnsmasq.conf.
If a red interface exists, I'd expect the DHCP server sets itself as LAN gateway.

Right, here is the fix:
  • nethserver-dnsmasq-1.1.2-9.0git81ac15a1.ns6.noarch.rpm

#23 Updated by Davide Principi almost 7 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 70 to 90

VERIFIED

#24 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Packages released in nethserver-updates:
  • nethserver-base-2.5.0-1.ns6.noarch.rpm
  • nethserver-hosts-1.1.0-1.ns6.noarch.rpm
  • nethserver-dnsmasq-1.2.0-1.ns6.noarch.rpm
  • nethserver-firewall-base-2.1.1-1.ns6.noarch.rpm
  • nethserver-httpd-admin-1.3.2-1.ns6.noarch.rpm

Also available in: Atom PDF