This page is for working on how to configure DNSMasq as part of a FreedomBox Router

Note: DNSMasq is not used in FreedomBox currently. Instead, the DHCP functionality is enabled through NetworkManager.

The main documentation for DNSMasq is all within its man page, which is also available on the project's website. Locally, all configuration is done through either /etc/dnsmasq.conf or, /etc/default/dnsmasq. Preferably all config options should be done in /etc/dnsmasq.conf directly.

The version shipped in the ?DreamPlug debian image is in a near default state. All configuration options in /etc/dnsmasq.conf are commented out and the only option set in /etc/default/dnemasq is:

The first step is to move these options to the /etc/dnsmasq.conf file. Simply search for the long form option names from the above code inside /etc/dnsmasq.conf, uncomment them, and enter their values from above. So your new /etc/dnsmasq.conf should have the following uncommented lines now:




That allows you to comment out all the options in /etc/default/dnsmasq without changing any of the behavior of your plug.

For some reason, the default debian image shipped on the ?DreamPlug does not use dnsmasq for dhcp. I am not actually clear what it used for dhcp since /root/ calls udhcpd but udhcpd is disabled in /etc/default/udhcpd. Regardless, we want to use dnsmasq for dhcp so we need to add the following line to /etc/dnsmasq.conf:


That tells dnsmasq to act as a dhcp server and to give out ip addresses between and, all with 1 hour leases. If you save that config, run an apt-get remove --purge udhcpd and comment out the /etc/init.d/udhcpd start line in /root/ you should be good to go with dnsmasq as a basic dns and dhcp server. Now you can either restart your box or simply /etc/init.d/dnsmasq restart to restart dnsmasq.

I also added two options to, as the config file says, make my plug a better "netizen":




If you are having trouble getting a network connection to work with this setup, it is most likely because the default iptables rules don't have NAT configured for the wireless AP and only have it set up for one of the two ethernet ports. See Firewall page for details on how to manage masquerading.