Hi, thank you very much for taking the time to help, I did everything exactly as written, but it doesn’t work
I used the standard debian-11 template, installed dnsmasq in it, then created sys-bridge, enabled the provides network checkbox, then copied the qubes-firewall-user-script configuration from the post just above, and also ran sudo chmod +x, then did exactly as in the post above and changed the IP and VM names, additionally ran sudo chmod +x, and I ended up with this
# dns stuff
port=53
domain-needed
bogus-priv
no-resolv
address=/kalitest.lab/10.137.0.21
address=/nully.lab/10.137.0.31
# dhcp stuff
dhcp-range=10.137.0.1,10.137.0.250,255.255.255.255,1m
dhcp-host=kalitest,10.137.0.21
dhcp-host=nully,10.137.0.31
#log-queries
#log-dhcp
but it causes a systemd error with this text
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2023-10-16 14:48:31 EDT; 2s ago
Process: 1466 ExecStartPre=/etc/init.d/dnsmasq checkconfig (code=exited, status=1/FAILURE)
CPU: 14ms
Oct 16 14:48:31 sys-bridge systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Oct 16 14:48:31 sys-bridge dnsmasq[1474]: inconsistent DHCP range at line 11 of /etc/dnsmasq.d/dnsmasq.sys-bridge
Oct 16 14:48:31 sys-bridge dnsmasq[1474]: FAILED to start up
Oct 16 14:48:31 sys-bridge systemd[1]: dnsmasq.service: Control process exited, code=exited, status=1/FAILURE
Oct 16 14:48:31 sys-bridge systemd[1]: dnsmasq.service: Failed with result 'exit-code'.
Oct 16 14:48:31 sys-bridge systemd[1]: Failed to start dnsmasq - A lightweight DHCP and caching DNS server.
Apparently 255.255.255.255 causes the error, I tried to remove it from the string and then systemd started successfully, so I tried 255.255.255.0 and with it systemd also runs successfully
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2023-10-16 15:28:18 EDT; 1s ago
Process: 2815 ExecStartPre=/etc/init.d/dnsmasq checkconfig (code=exited, status=0/SUCCESS)
Process: 2823 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
Process: 2831 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
Main PID: 2830 (dnsmasq)
Tasks: 1 (limit: 4620)
Memory: 1.0M
CPU: 63ms
CGroup: /system.slice/dnsmasq.service
└─2830 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trus>
Oct 16 15:28:18 sys-bridge systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Oct 16 15:28:18 sys-bridge dnsmasq[2830]: started, version 2.85 cachesize 150
Oct 16 15:28:18 sys-bridge dnsmasq[2830]: DNS service limited to local subnets
Oct 16 15:28:18 sys-bridge dnsmasq[2830]: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth >
Oct 16 15:28:18 sys-bridge dnsmasq-dhcp[2830]: DHCP, IP range 10.137.0.1 -- 10.137.0.250, lease time 2m
Oct 16 15:28:18 sys-bridge dnsmasq[2830]: read /etc/hosts - 5 addresses
Oct 16 15:28:18 sys-bridge systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
lines 1-20/20 (END)
but with none of these options, kalitest does not see nully, here is an example of how ping works
ping 10.137.0.31
PING 10.137.0.31 (10.137.0.31) 56(84) bytes of data.
From 10.137.0.8 icmp_seq=1 Destination Host Unreachable
From 10.137.0.8 icmp_seq=2 Destination Host Unreachable
From 10.137.0.8 icmp_seq=3 Destination Host Unreachable
From 10.137.0.8 icmp_seq=4 Destination Host Unreachable
^C
--- 10.137.0.31 ping statistics ---
6 packets transmitted, 0 received, +4 errors, 100% packet loss, time 5115ms
pipe 4
I also tried this configuration option, but it didn’t work either
# dhcp stuff
dhcp-range=10.137.0.1,10.137.0.250,1m
# subnet mask
dhcp-option=1,255.255.255.255
# gateway
dhcp-option=3,10.137.0.8
# dns
dhcp-option=6,10.139.1.1,10.139.1.2
I’ve also tried using standalone instead of appvm and disabling the networkmanager with sudo systemctl disable --now NetworkManager, but unfortunately none of that helped, kalitest still doesn’t see nully with nmap, ping, and netdiscover
addendum, I tried to enable netvm in sys-bridge and disable it by setting the value of none, but it didn’t help