Re: Configuring NM as a router

On Mon, 2017-07-10 at 11:47 +0200, Xavier Bestel wrote:


I have a machine with 3 interfaces (well, technically there are more
them but let's ignore that):
- one "upstream" eth0 interface with a public IPv4 address
- one "local" eth0 interface, 192.168.1.x
- one "local" wlan0 interface, 192.168.2.x

I want my machine to act a a router for the "local" network, i.e.:
- NAT-ing the public IPv4 upstream address to local nets
- have every machines in the local nets to be accessible to each
- have every machines names visible to each other

In fact I'd like to configure NM for my machine to act like a regular
OpenWRT router. However I'm stuck with a few problems:
- NM creates many dnsmasq instances which do not communicate with
other, so machines from 192.168.1.x can't see names of 192.168.2.x

Well, NM's ipv4.method=shared is supposed to be something simple, with
simple use-cases. For example, sharing the internet via Wi-Fi to your
phone. Your scenario sounds rather complex, so NM might not be the best

You can drop dnsmasq configurations to /etc/NetworkManager/dnsmasq-
shared.d/, but I don't think that is sufficient.

You could also not use ipv4.method=manual, but start the dnsmasq
service via a dispatcher script (see `man NetworkManager`). Also
configure forwarding and NAT/iptables.

- NM fails to setup routes correctly, see

yeah, that sucks. I don't know why.

- I can't find a way to have a "global" dnsmasq (manually configured)
running and still have NM setup the eth1 and wlan0 interfaces
(especially the access point)

How exactly does a global dnsmasq interfere with NM?
Depends on your configuration, but in principle that should work.
As DNS server, the dnsmasq instance(s) should not bind to conflicting
:53 ports. See "listen-address".
If you run a global DNS server, you may want to configure dns=none in
`man NetworkManager.conf`. Or `dns=default && rc-manager=unmanaged`

Is my need so alien to NM ? Or is there some doc somewhere on how to
that ?

No. ipv4.method=shared is rather simple though.

- you may add config files to /etc/NetworkManager/dnsmasq-shared.d/
- you may configure ipv4.addresses. The first one, determines the IP 
  range for DHCP.
- ipv4.dns and ipv4.dns-search settings work
- for debugging, set "NM_DNSMASQ_DEBUG=1" environment variable for 
  NetworkManager (in NM's systemd-service file).
- observe the argument that NM passes to dnsmasq.
- see


Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]