Wednesday, March 19, 2008

Installing FreeBSD 7.0 - DHCP and DNS with dnsmasq

DHCP and DNS with dnsmasq
  • See to it that you are root
  • Execute: cd /usr/ports/dns/dnsmasq
  • Execute: make install clean
  • Execute: ee /etc/rc.conf
  • Add row: dnsmasq_enable="YES"
  • Exit editor with ESC, A, A
  • Execute: cd /usr/local/etc/
  • Execute: cp dnsmasq.conf.example dnsmasq.conf
  • Execute: ee dnsmasq.conf
This is the cofiguration file for dnsmasq. Lets walk though the most important settings.

Uncomment line "interface=" and put the name of your interface that is facing towards your LAN as the value. In my case this line looks like this "interface=re0" because my network card that is called re0 has IP assigned to it.

If you have only one network card and it has both an internal and external IP assigned to it then you can use the "listen-address" alternative. But I don't use it and will not include it here.

Uncomment line "expand-hosts". This will make it easier to access computers within the domain. For example you have a computer called foo on domain Normally you would have to request, but since you're using the expand-hosts option you only need to request foo.

Uncomment line "domain=" and assign your domain to it. This will automatically name your local computers with the fully qualified name. Example when you hook up your computer named foo, and your domain is the name of the computer will be But since you're using expand-hosts you won't notice the difference from any other computer in the network.

Uncomment line "dhcp-range=" and put any IP-range in there. I use "dhcp-range=,,12h".

Find line "dhcp-host", if you want computers in your network to always retrieve a certain IP then setup that computers MAC address with that special IP. This makes it more easy to address port redirects in the firewall.

Take note of line "#dhcp-option=42,", it's important if you want to use kerberos authentication in the future.

Uncomment line "dhcp-authoritative". BUT ONLY IF THIS IS THE ONLY DHCP-SERVER ON THE NETWORK. Also take care that the "interface=" alternatively "listen-address=" options is setup correctly. Otherwise you might bring down any other DHCP-service.

Now, dnsmasq assumes that the machine running dnsmasq is the gateway. Either you must configure the DHCP settings in dnsmasq to provide an alternative IP or you have to setup ipnat. I want this machine to route my traffic so I want to configure ipnat. Remeber when we made our custom kernel? Look at that entry again and also read this Network Address Translation.
  • Still root?
  • Execute: cd /etc
  • Execute: ee rc.conf
  • Add lines: 
  • gateway_enable="YES" # Enable as LAN gateway
  • natd_enable="YES" # Enable NAT deamon 
  • natd_interface="vr0" # Change vr0 to whatever interface you have facing your ISP
  • natd_flags="" # Flags, if you use -f /etc/
Now reboot!

No comments: