This page is for working on how to configure DNSMasq as part of a FreedomBox Router
The main documentation for DNSMasq is all within its man page, which is also available on the project's website. Locally, all configuration is done through either /etc/dnsmasq.conf or, /etc/default/dnsmasq. Preferably all config options should be done in /etc/dnsmasq.conf directly.
The version shipped in the ?DreamPlug debian image is in a near default state. All configuration options in /etc/dnsmasq.conf are commented out and the only option set in /etc/default/dnemasq is:
# Whether or not to run the dnsmasq daemon; set to 0 to disable.
DNSMASQ_OPTS="--cache-size=200 --interface=uap0 --listen-address=192.168.1.1"
The first step is to move these options to the /etc/dnsmasq.conf file. Simply search for the long form option names from the above code inside /etc/dnsmasq.conf, uncomment them, and enter their values from above. So your new /etc/dnsmasq.conf should have the following uncommented lines now:
That allows you to comment out all the options in /etc/default/dnsmasq without changing any of the behavior of your plug.
For some reason, the default debian image shipped on the ?DreamPlug does not use dnsmasq for dhcp. I am not actually clear what it used for dhcp since /root/init_setup.sh calls udhcpd but udhcpd is disabled in /etc/default/udhcpd. Regardless, we want to use dnsmasq for dhcp so we need to add the following line to /etc/dnsmasq.conf:
That tells dnsmasq to act as a dhcp server and to give out ip addresses between 192.168.0.50 and 192.168.0.150, all with 1 hour leases. If you save that config, run an apt-get remove --purge udhcpd and comment out the /etc/init.d/udhcpd start line in /root/init_setup.sh you should be good to go with dnsmasq as a basic dns and dhcp server. Now you can either restart your box or simply /etc/init.d/dnsmasq restart to restart dnsmasq.
I also added two options to, as the config file says, make my plug a better "netizen":
If you are having trouble getting a network connection to work with this setup, it is most likely because the default iptables rules don't have NAT configured for the wireless AP and only have it set up for one of the two ethernet ports. Adding the following two lines to /root/init_setup.sh should fix that:
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -o uap0 -j MASQUERADE
Of course, having all of our routing and firewall settings "managed" by running them once at startup from a static file is not an ideal situation. For a more capable setup, we move along to the shorewall configuraiton page.