Re: Configuring NM as a router

From: Thomas Haller <thaller redhat com>
To: Xavier Bestel <xavier bestel free fr>, networkmanager-list gnome org
Subject: Re: Configuring NM as a router
Date: Mon, 10 Jul 2017 12:34:44 +0200

On Mon, 2017-07-10 at 11:47 +0200, Xavier Bestel wrote:

Hi,

I have a machine with 3 interfaces (well, technically there are more
of
them but let's ignore that):
- one "upstream" eth0 interface with a public IPv4 address
- one "local" eth0 interface, 192.168.1.x
- one "local" wlan0 interface, 192.168.2.x

I want my machine to act a a router for the "local" network, i.e.:
- NAT-ing the public IPv4 upstream address to local nets
- have every machines in the local nets to be accessible to each
other
- have every machines names visible to each other

In fact I'd like to configure NM for my machine to act like a regular
OpenWRT router. However I'm stuck with a few problems:
- NM creates many dnsmasq instances which do not communicate with
each
other, so machines from 192.168.1.x can't see names of 192.168.2.x


Well, NM's ipv4.method=shared is supposed to be something simple, with
simple use-cases. For example, sharing the internet via Wi-Fi to your
phone. Your scenario sounds rather complex, so NM might not be the best
tool.

You can drop dnsmasq configurations to /etc/NetworkManager/dnsmasq-
shared.d/, but I don't think that is sufficient.

You could also not use ipv4.method=manual, but start the dnsmasq
service via a dispatcher script (see `man NetworkManager`). Also
configure forwarding and NAT/iptables.

- NM fails to setup routes correctly, see
https://bugzilla.gnome.org/sh
ow_bug.cgi?id=782348


yeah, that sucks. I don't know why.

- I can't find a way to have a "global" dnsmasq (manually configured)
running and still have NM setup the eth1 and wlan0 interfaces
correctly
(especially the access point)


How exactly does a global dnsmasq interfere with NM?
Depends on your configuration, but in principle that should work.
As DNS server, the dnsmasq instance(s) should not bind to conflicting
:53 ports. See "listen-address".
If you run a global DNS server, you may want to configure dns=none in
`man NetworkManager.conf`. Or `dns=default && rc-manager=unmanaged`

Is my need so alien to NM ? Or is there some doc somewhere on how to
do
that ?


No. ipv4.method=shared is rather simple though.

- you may add config files to /etc/NetworkManager/dnsmasq-shared.d/
- you may configure ipv4.addresses. The first one, determines the IP 
  range for DHCP.
- ipv4.dns and ipv4.dns-search settings work
- for debugging, set "NM_DNSMASQ_DEBUG=1" environment variable for 
  NetworkManager (in NM's systemd-service file).
- observe the argument that NM passes to dnsmasq.
- see 
  
https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/src/dnsmasq/nm-dnsmasq-manager.c?id=0c23191b01fb0582d8f3d470f463afdabc2fdf46#n149
  
https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/src/devices/nm-device.c?id=0c23191b01fb0582d8f3d470f463afdabc2fdf46#n8320

best,
Thomas

Attachment: signature.asc
Description: This is a digitally signed message part

References:
- Configuring NM as a router
  - From: Xavier Bestel

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]