iptmon icon indicating copy to clipboard operation
iptmon copied to clipboard

Published 20 hours ago verified publisher icon oofnikj

init without static hosts

Open Juweii opened this issue 3 years ago • 5 comments

Hi @oofnikj , thank you for this wonderful plugin!

Could you please create an init-option to not pre-create the static hosts?

I have an issue with them: Firstly, the entries are created with the domain suffix (iptmon init) and if the device is getting connected, iptmon will be called and adding the device WITHOUT the suffix. Ans second in my grafana installation I then have two entries of the same device. Also I only would like to see the entries of the real connected devices only, instead of having devices visible.

Regarding the installation of iptmon, is it correct to manually add dhcpscript to /etc/config/dhcp?

config dnsmasq
        option dhcpscript '/usr/sbin/iptmon'

I also needed to add "iptmon init" to /etc/rc.local in order to get it to work.

The readme just assumes just install iptmon and all is well, but it wasn't.

Best regards, Juergen

Juweii avatar May 22 '21 05:05 Juweii

Hi Juergen, thanks for opening an issue. I am glad you found iptmon useful.

If you are seeing the same host appear once with the domain suffix and once without, it sounds to me like your devices are configured with static hostnames as well as a DHCP assignment. For example if you have myhost.lan configured with a static IP address 192.168.0.42 and the following entry in /etc/config/dhcp:

config domain
    option name 'myhost.lan'
    option ip '192.168.0.42'

Then the host should only show up once regardless of whether or not it is online. If it is showing up multiple times, that probably means the host is configured to obtain an address via DHCP whenever it comes online.

Are you using static IPs on your network (config domain) or static DHCP leases (config host)?

Regarding your second point, the post-install script should handle the addition of the dhcpscript option. As of today I have not yet tested iptmon on OpenWrt versions later than 19.07.7 so if you are using one of the 21.xx or later builds that may explain the issue.

oofnikj avatar May 22 '21 18:05 oofnikj

Hi @oofnikj, yes, I am using config host, which is used when adding an entry in the DHCP => Static entries section. But my configured names are defined without the domain suffix and when looking into the /etc/config/dhcp it looks like that:

config host
        option name 'Shelly'
        option dns '1'
        option mac 'c8:2b:xx:xx:xx:xx'
        option ip '192.168.x.x'

iptmon init is adding all of the hosts with the suffix, i.e. Shelly.lan. Actually I built a workaround by flushing the mangle table just after creating the initial rules:

# cat /etc/rc.local 
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.

iptmon init
iptmon flush
exit 0

This way I have the basic rules but not the static entries. Whenever a client connects, it is getting added (but without the domain suffix). This is my preferred scenario:

Chain iptmon_tx (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 9514  570K RETURN     all  --  *      *       0.0.0.0/0            192.168.x.x       /* tx_Shelly */

Yes, I am using OpenWrt 21.02. Ok, that explains the issue of the missing post-install hook.

Juweii avatar May 22 '21 18:05 Juweii

I also have the annoyance of having the '.lan' suffix and duplicated entries when using static DHCP leases (the standard way to do it with the LuCI interface. I am using it in 21.02.1 and I had to perform the additional steps referred in Issue #15.

okibcn avatar Jan 28 '22 20:01 okibcn

The issue of this duplicated entries, seems to be related to these two facts:

  1. The temporary hosts file created at /tmp/hosts/ and used by iptmon to initially populate its iptables chains contains the .lan suffixes and so iptables rules containing comments with .lan-suffixed hostnames are created (for static DHCP leases);
  2. When triggered through the dnsmasq script option to add or remove hosts (ARP table changes), the hostname passed to iptmon (as script arguments) lack the .lan suffix and so it fails to detect and remove the already existing entry for the same host and additionally creates a new one, thus causing the issue of duplicated entries;

Overall, this issue arises due to inconsistencies in referring to host-names (with static leases) either by OpenWrt or iptmon; For example, when pinging such a host on a LAN managed by a OpenWrt router (v21.02.1) you can use either the plain hostname or add a .lan suffix and it will respond in both cases.

hrqarai avatar Feb 02 '22 05:02 hrqarai

The issue of this duplicated entries, seems to be related to these two facts:

  1. The temporary hosts file created at /tmp/hosts/ and used by iptmon to initially populate its iptables chains contains the .lan suffixes and so iptables rules containing comments with .lan-suffixed hostnames are created (for static DHCP leases);
  2. When triggered through the dnsmasq script option to add or remove hosts (ARP table changes), the hostname passed to iptmon (as script arguments) lack the .lan suffix and so it fails to detect and remove the already existing entry for the same host and additionally creates a new one, thus causing the issue of duplicated entries;

Overall, this issue arises due to inconsistencies in referring to host-names (with static leases) either by OpenWrt or iptmon; For example, when pinging such a host on a LAN managed by a OpenWrt router (v21.02.1) you can use either the plain hostname or add a .lan suffix and it will respond in both cases.

So I have to templorarily set the DHCP local domain suffix from 'lan' to ''(empty) to avoid this problem. The setting path 'Network -> DHCP and DNS -> General Settings -> Local Domain', but I am not sure it make other issue or not.

hayden-pan avatar Jul 29 '22 10:07 hayden-pan