From 1c0014ce40e85f1be0df32c88260bc178f51fca5 Mon Sep 17 00:00:00 2001 From: scbj Date: Fri, 14 Nov 2025 16:23:59 +0100 Subject: [PATCH] (networking) added sample config for `dnsmasq` and note on how to enable routing --- dnsmasq.conf | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++ network.md | 22 ++++++++++++++++++++ 2 files changed, 81 insertions(+) create mode 100644 dnsmasq.conf create mode 100644 network.md diff --git a/dnsmasq.conf b/dnsmasq.conf new file mode 100644 index 0000000..a75b7d5 --- /dev/null +++ b/dnsmasq.conf @@ -0,0 +1,59 @@ +# Configuration file for dnsmasq. +# +# Format is one option per line, legal options are the same +# as the long options legal on the command line. See +# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details. + +# Listen on this specific port instead of the standard DNS port +# (53). Setting this to zero completely disables DNS function, +# leaving only DHCP and/or TFTP. +#port=5353 + +# The following two options make you a better netizen, since they +# tell dnsmasq to filter out queries which the public DNS cannot +# answer, and which load the servers (especially the root servers) +# unnecessarily. If you have a dial-on-demand link they also stop +# these requests from bringing up the link unnecessarily. + +# Never forward plain names (without a dot or domain part) +domain-needed +# Never forward addresses in the non-routed address spaces. +bogus-priv + +# Uncomment this to filter useless windows-originated DNS requests +# which can trigger dial-on-demand links needlessly. +# Note that (amongst other things) this blocks all SRV requests, +# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk. +# This option only affects forwarding, SRV records originating for +# dnsmasq (via srv-host= lines) are not suppressed by it. +filterwin2k + +# If you want dnsmasq to listen for DHCP and DNS requests only on +# specified interfaces (and the loopback) give the name of the +# interface (eg eth0) here. +# Repeat the line for more than one interface. +interface=enp3s0 + +# Set this (and domain: see below) if you want to have a domain +# automatically added to simple names in a hosts-file. +expand-hosts + +# Set the domain for dnsmasq. this is optional, but if it is set, it +# does the following things. +# 1) Allows DHCP hosts to have fully qualified domain names, as long +# as the domain part matches this setting. +# 2) Sets the "domain" DHCP option thereby potentially setting the +# domain of all systems configured by DHCP +# 3) Provides the domain part for "expand-hosts" +domain=quakers + +# Uncomment this to enable the integrated DHCP server, you need +# to supply the range of addresses available for lease and optionally +# a lease time. If you have more than one network, you will need to +# repeat this for each network on which you want to supply DHCP +# service. +dhcp-range=10.0.0.2,10.0.0.254,12h + + +# For static ip assignment use the option `dhcp-host` +#dhcp-host=11:22:33:44:55:66,192.168.0.60 diff --git a/network.md b/network.md new file mode 100644 index 0000000..34aa42c --- /dev/null +++ b/network.md @@ -0,0 +1,22 @@ +# network + +This document holds network related notes. + + +- [network](#network) + - [enable routing](#enable-routing) + + + +## enable routing + +To enable routing permanently add a file `/etc/sysctl.d/` with the following contents: + +```ini +net.ipv4.ip_forward=1 +``` + +## simple gateway with nftables + +> **WARNING:** do not use this configuration for an edge router (directly connected to the internet/isp)! +