kevmccor
n00b
Joined: 25 Jun 2004
Posts: 9
|
 Posted: Mon Jul 19, 2004 4:08 am Post subject: dnsmasq -- permissions error [Solved] |
 |
|
I am trying to set up dnsmasq as a dns cache server for my home network, with a dial-up isp. I get this error:
| Quote: | dnsmasq[1792]: reading /etc/ppp/resolv.conf
dnsmasq[1792]: ignoring nameserver 66.90.130.10 - cannot make/bind socket: Permission denied
dnsmasq[1792]: ignoring nameserver 66.90.133.117 - cannot make/bind socket: Permission denied
|
I really don't know exactly what "cannot make/bind socket" means in the above error message. I have read several threads on this and I think my problem is with the iptables rules I have. However, I am not quite sure what the required rules are for dnsmasq. It's something like this, I think:
| Code: | /sbin/iptables -A block -m state --state NEW,ESTABLISHED,RELATED -s 0.0.0.0 -d 255.255.255.255 -j ACCEPT
|
Any help is appreciated.
Thanks
Update -- Apparently solved!
I started changing some things in /etc/dnsmasq.conf and now it seems to work:
| Quote: | # file /etc/dnsmasq.conf
#no-daemon
#port=53
#query-port=53
group=dialout
interface=eth0
#interface=lo
domain-needed
filterwin2k
cache-size=500
#no-negcache
resolv-file=/etc/ppp/resolv.conf
#resolv-file=/etc/resolv.conf
|
FYI, I had earlier changed the ownership of /etc/ppp/resolv.conf to root:dialup from root:root. I also added firewall rules to allow the dhcp and dns traffic:
| Code: | /sbin/iptables -A block -m state --state NEW,ESTABLISHED,RELATED -s 0.0.0.0 -d 255.255.255.255 -j ACCEPT
/sbin/iptables -A block -p udp --sport 67:68 --dport 67:68 -j ACCEPT
/sbin/iptables -A block -p tcp --sport 53 --dport 53 -j ACCEPT
|
I have not gotten iptables log messages to show up anywhere yet, with syslog-ng, despite following the advice of some threads on the topic, so I really don't know what effect the firewall had.
Thanks |
|
Networking & Security
