Re:Complex dnsmasq configuration

Hello,

I wanted to reply to this thread

However, it has been strangely locked despite being one of the top results on google for

openwrt dhcpproxy

Anyway, my question is this, what is the most straightforward way and minimum required to enable dnsmasq to operate in dhcpproxy mode.

Can it be done using the Web UI only ?

Thanks !

Who cares about google?
The issue was solved and then the tread becomes locked.

Who cares about google?

People who use google for solving their openwrt issues ?

I mean, imagine I said "bing" or duckduckgo, like that ?

You say the issue was closed because it was solved but it does not answer my question.

Also it says "automatically closed after 10 days without an answer"

Here is a more comprehensive answer to the question "Who cares about google?"

When it comes to forums like the OpenWRT community forum, understanding why "we should care about Google users" and why prematurely closing threads can be problematic requires considering the larger ecosystem of information-sharing and how people access help for their problems. Here's a breakdown:

1. Why Should We Care About Google Users?

• Google as a Gateway for Solutions: Many people search for solutions to technical problems using search engines like Google, Bing, or DuckDuckGo. If a thread appears as the top result for a query (e.g., "openwrt dhcpproxy"), it is likely because it is relevant and useful. This makes the forum thread a critical resource for people seeking answers.
• Improved Community Reach: By providing accessible and detailed information in threads, the forum builds its reputation as a go-to source for OpenWRT-related help. This, in turn, increases traffic to the site, helping it thrive as a community resource.
• Helping the Silent Majority: The majority of users who benefit from forum threads never actively post. They quietly find solutions to their issues by reading existing discussions. Locking threads prematurely limits the value these users can gain from the forum.

2. Why Prematurely Closing Threads Can Be a Problem

• Unanswered Questions Stay Unresolved: Even if the "original" issue in the thread has been resolved, follow-up questions (like the one raised by "shodanx" about using dnsmasq in DHCP proxy mode) may not yet be addressed. Closing the thread prevents others from contributing helpful insights or clarifications.
• Information Gaps for Complex Topics: In technical discussions, it is common for threads to organically expand into related subtopics. For example, understanding how to configure dnsmasq in DHCP proxy mode might involve nuances that aren't fully addressed in the initial resolution. Closing the thread stops this natural growth of knowledge.
• Community Collaboration Stifled: Forums thrive on collaboration, where users share knowledge and offer feedback. Locking threads cuts off this process prematurely, reducing the overall quality of shared information.
• Search Engine Ranking Impact: When users click on a locked thread that doesn’t provide a clear solution to their problem, they might leave the forum site dissatisfied. This can hurt the forum's reputation and visibility in search rankings over time.

3. Why Threads Should Stay Open (With Exceptions)

• Allow Future Contributions: New users who face similar issues might have fresh insights, alternative solutions, or more questions. Leaving threads open encourages participation and knowledge sharing.
• Clarification for Other Users: Sometimes, the "solution" doesn't make sense to everyone. Others may want to ask for clarification, share their experiences, or refine the answer.
• Exceptions for Truly Resolved Threads: Threads can be locked if they are clearly resolved and there is no further discussion expected. For example, if the topic is a one-off issue or a bug that's been fixed in a newer OpenWRT release, locking might make sense.

4. Summary

Caring about Google users and leaving threads open matters because:

• Search engines help people find solutions, making the forum valuable to a global audience.
• Locked threads prevent the natural growth of shared knowledge, leaving gaps for future users.
• Open threads encourage collaboration and foster a thriving community.

In technical forums, the goal is to ensure that threads remain valuable resources for the long term—not just for the person who originally asked the question but for everyone searching for help in the future. By doing so, forums can fulfill their purpose as reliable, living repositories of information.

Maybe your chatbot can answer your question, too.

Apart from that: you are always free to open a new/follow-up thread if your question hasn't been answered in another thread.

In fact, opening a new thread prevents convoluted threads with dozens of subtopics, where people who google for one particular subquestion have to scroll endlessly to find the part suitable to their own question.

Yup, once a admin or a solved checkbox is checked then the tread closes and the 10day timer start to count, unless admin shuts it down directly.

The answer is the same with all search engines. The forums isn’t here to please search engines.

To be honest a lot of questions here in the forum would be solved by themself if the users would take time to read the wiki or google the answer and actually read the answer.

Wow, did you actually ask google the question who cares about google🤣

This seems like a contradiction to me.

Anyway , here is the crux of the question

In luci you give it a confdir

uci set dhcp.@dnsmasq[0].confdir='/etc/dnsmasq.d'

The the important line to add next is dhcp-range

I have found to formulation, not sure which is right

dhcp-range=proxy,192.168.1.1,192.168.1.100
dhcp-range=192.168.1.0,proxy,255.255.255.0

What I'm not clear is how do I tell it which dhcp server is the real dhcp server, in my case it is 192.168.1.1 / router.lan

(later will be refining )

Here is my attempt so far
from a fresh openwrt install

mkdir /etc/dnsmasq.d/ /tftp /iso
wget https://boot.ipxe.org/ipxe.efi -P /tftp/
wget https://boot.ipxe.org/ipxe.pxe -P /tftp/
wget https://boot.ipxe.org/snponly.efi -P /tftp/
uci set dhcp.@dnsmasq[0].confdir='/etc/dnsmasq.d'
set dhcp.@dnsmasq[0].enable_tftp='1'
uci set dhcp.@dnsmasq[0].tftp_root='/tftp'
uci commit dhcp
/etc/init.d/dnsmasq restart

File /etc/dnsmasq.d/pxe.conf

# Enable Proxy DHCP
#dhcp-range=proxy,192.168.1.1,192.168.1.200
dhcp-range=192.168.1.0,proxy,255.255.255.0

# PXE boot options for BIOS and UEFI clients
#pxe-service=x86PC,'Network Boot BIOS',pxelinux.0
#pxe-service=X86-64_EFI,'Network Boot UEFI x86_64',pxelinux.efi

# bios"
pxe-service=x86PC,'Network Boot BIOS',ipxe.pxe

# uefi"
#pxe-service=X86-64_EFI,'Network Boot UEFI x86_64',snponly.efi
pxe-service=X86-64_EFI,'Network Boot UEFI x86_64',ipxe.efi

# PXE prompt message
#pxe-prompt='Press F12 for Network Boot',10

added for debug help

uci set dhcp.@dnsmasq[0].logqueries='1'
uci set dhcp.@dnsmasq[0].logdhcp='1'
uci set dhcp.@dnsmasq[0].logfacility='/var/log/dnsmasq.log'
uci commit dhcp
/etc/init.d/dnsmasq restart

Current config

uci show dhcp
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].boguspriv='1'
dhcp.@dnsmasq[0].filterwin2k='0'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].nonegcache='0'
dhcp.@dnsmasq[0].cachesize='1000'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.d/resolv.conf.auto'
dhcp.@dnsmasq[0].nonwildcard='1'
dhcp.@dnsmasq[0].localservice='1'
dhcp.@dnsmasq[0].ednspacket_max='1232'
dhcp.@dnsmasq[0].filter_aaaa='0'
dhcp.@dnsmasq[0].filter_a='0'
dhcp.@dnsmasq[0].confdir='/etc/dnsmasq.d'
dhcp.@dnsmasq[0].tftp_root='/tftp'
dhcp.@dnsmasq[0].logqueries='1'
dhcp.@dnsmasq[0].logdhcp='1'
dhcp.@dnsmasq[0].logfacility='/var/log/dnsmasq.log'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='100'
dhcp.lan.limit='150'
dhcp.lan.leasetime='12h'
dhcp.lan.dhcpv4='server'
dhcp.lan.dhcpv6='server'
dhcp.lan.ra='server'
dhcp.lan.ra_slaac='1'
dhcp.lan.ra_flags='managed-config' 'other-config'
dhcp.lan.ignore='1'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'

result of /etc/init.d/dnsmasq from /var/log/dnsmasq.log

Dec 30 14:02:31 dnsmasq[4736]: exiting on receipt of SIGTERM
Dec 30 14:02:31 dnsmasq[4892]: started, version 2.90 cachesize 1000
Dec 30 14:02:31 dnsmasq[4892]: DNS service limited to local subnets
Dec 30 14:02:31 dnsmasq[4892]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-nftset no-auth no-cryptohash no-DNSSEC no-ID loop-detect inotify dumpfile
Dec 30 14:02:31 dnsmasq[4892]: UBus support enabled: connected to system bus
Dec 30 14:02:31 dnsmasq-dhcp[4892]: DHCP, proxy on subnet 192.168.1.0
Dec 30 14:02:31 dnsmasq[4892]: using only locally-known addresses for test
Dec 30 14:02:31 dnsmasq[4892]: using only locally-known addresses for onion
Dec 30 14:02:31 dnsmasq[4892]: using only locally-known addresses for localhost
Dec 30 14:02:31 dnsmasq[4892]: using only locally-known addresses for local
Dec 30 14:02:31 dnsmasq[4892]: using only locally-known addresses for invalid
Dec 30 14:02:31 dnsmasq[4892]: using only locally-known addresses for bind
Dec 30 14:02:31 dnsmasq[4892]: using only locally-known addresses for lan
Dec 30 14:02:31 dnsmasq[4892]: reading /tmp/resolv.conf.d/resolv.conf.auto
Dec 30 14:02:31 dnsmasq[4892]: using nameserver 192.168.1.1#53
Dec 30 14:02:31 dnsmasq[4892]: using nameserver 192.168.1.1#53
Dec 30 14:02:31 dnsmasq[4892]: using nameserver fe80::dcad:beff:feef:6644%eth1#53
Dec 30 14:02:31 dnsmasq[4892]: using only locally-known addresses for test
Dec 30 14:02:31 dnsmasq[4892]: using only locally-known addresses for onion
Dec 30 14:02:31 dnsmasq[4892]: using only locally-known addresses for localhost
Dec 30 14:02:31 dnsmasq[4892]: using only locally-known addresses for local
Dec 30 14:02:31 dnsmasq[4892]: using only locally-known addresses for invalid
Dec 30 14:02:31 dnsmasq[4892]: using only locally-known addresses for bind
Dec 30 14:02:31 dnsmasq[4892]: using only locally-known addresses for lan
Dec 30 14:02:31 dnsmasq[4892]: read /etc/hosts - 14 names
Dec 30 14:02:31 dnsmasq[4892]: read /tmp/hosts/dhcp.cfg01411c - 0 names
Dec 30 14:02:31 dnsmasq[4892]: read /tmp/hosts/odhcpd - 0 names
Dec 30 14:02:31 dnsmasq-dhcp[4892]: read /etc/ethers - 0 addresses

Here is the exchange I see on the wire

NOTE -----
192.168.1.1 router.lan actual dhcp server
192.168.1.153 ipxe.lan dhcp proxy server (no packet seen)
bc:24:11:72:ba:18 PXE boot client
NOTE -----

13:40:13.071408 IP (tos 0x0, ttl 64, id 20386, offset 0, flags [none], proto UDP (17), length 375)
    0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from bc:24:11:72:ba:18 (oui Unknown), length 347, xid 0x5b79e0e, secs 4, Flags [Broadcast] (0x8000)
          Client-Ethernet-Address bc:24:11:72:ba:18 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message (53), length 1: Discover
            MSZ (57), length 2: 1472
            Parameter-Request (55), length 35: 
              Subnet-Mask (1), Time-Zone (2), Default-Gateway (3), Time-Server (4)
              IEN-Name-Server (5), Domain-Name-Server (6), Hostname (12), BS (13)
              Domain-Name (15), RP (17), EP (18), RSZ (22)
              TTL (23), BR (28), YD (40), YS (41)
              NTP (42), Vendor-Option (43), Requested-IP (50), Lease-Time (51)
              Server-ID (54), RN (58), RB (59), Vendor-Class (60)
              TFTP (66), BF (67), GUID (97), Unknown (128)
              Unknown (129), Unknown (130), Unknown (131), Unknown (132)
              Unknown (133), Unknown (134), Unknown (135)
            GUID (97), length 17: 0.205.2.112.198.77.118.112.78.171.192.66.117.72.90.44.243
            NDI (94), length 3: 1.3.1
            ARCH (93), length 2: 7
            Vendor-Class (60), length 32: "PXEClient:Arch:00007:UNDI:003001"
        0x0000:  4500 0177 4fa2 0000 4011 29d5 0000 0000  E..wO...@.).....
        0x0010:  ffff ffff 0044 0043 0163 3a51 0101 0600  .....D.C.c:Q....
        0x0020:  05b7 9e0e 0004 8000 0000 0000 0000 0000  ................
        0x0030:  0000 0000 0000 0000 bc24 1172 ba18 0000  .........$.r....
        0x0040:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0050:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0060:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0070:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0080:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0090:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00a0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00b0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00c0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00d0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00e0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00f0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0100:  0000 0000 0000 0000 6382 5363 3501 0139  ........c.Sc5..9
        0x0110:  0205 c037 2301 0203 0405 060c 0d0f 1112  ...7#...........
        0x0120:  1617 1c28 292a 2b32 3336 3a3b 3c42 4361  ...()*+236:;<BCa
        0x0130:  8081 8283 8485 8687 6111 00cd 0270 c64d  ........a....p.M
        0x0140:  7670 4eab c042 7548 5a2c f35e 0301 0301  vpN..BuHZ,.^....
        0x0150:  5d02 0007 3c20 5058 4543 6c69 656e 743a  ]...<.PXEClient:
        0x0160:  4172 6368 3a30 3030 3037 3a55 4e44 493a  Arch:00007:UNDI:
        0x0170:  3030 3330 3031 ff                        003001.
		
13:40:13.108126 IP (tos 0xc0, ttl 64, id 37583, offset 0, flags [none], proto UDP (17), length 328)
    192.168.1.1.67 > 255.255.255.255.68: [udp sum ok] BOOTP/DHCP, Reply, length 300, xid 0x5b79e0e, Flags [Broadcast] (0x8000)
          Your-IP 192.168.1.139
          Server-IP 192.168.1.1
          Client-Ethernet-Address bc:24:11:72:ba:18 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message (53), length 1: Offer
            Server-ID (54), length 4: 192.168.1.1
            Lease-Time (51), length 4: 43200
            RN (58), length 4: 21600
            RB (59), length 4: 37800
            Subnet-Mask (1), length 4: 255.255.255.0
            BR (28), length 4: 192.168.1.255
            Default-Gateway (3), length 4: 192.168.1.1
            Domain-Name-Server (6), length 4: 192.168.1.1
            Domain-Name (15), length 3: "lan"
        0x0000:  45c0 0148 92cf 0000 4011 246d c0a8 0101  E..H....@.$m....
        0x0010:  ffff ffff 0043 0044 0134 2195 0201 0600  .....C.D.4!.....
        0x0020:  05b7 9e0e 0000 8000 0000 0000 c0a8 018b  ................
        0x0030:  c0a8 0101 0000 0000 bc24 1172 ba18 0000  .........$.r....
        0x0040:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0050:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0060:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0070:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0080:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0090:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00a0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00b0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00c0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00d0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00e0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00f0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0100:  0000 0000 0000 0000 6382 5363 3501 0236  ........c.Sc5..6
        0x0110:  04c0 a801 0133 0400 00a8 c03a 0400 0054  .....3.....:...T
        0x0120:  603b 0400 0093 a801 04ff ffff 001c 04c0  `;..............
        0x0130:  a801 ff03 04c0 a801 0106 04c0 a801 010f  ................
        0x0140:  036c 616e ff00 0000                      .lan....

Oh wait

uci set dhcp.lan.ignore='0'
uci commit dhcp
/etc/init.d/dnsmasq restart

Dec 30 14:06:47 dnsmasq-dhcp[5055]: 1088725052 available DHCP subnet: 192.168.1.0/255.255.255.0
Dec 30 14:06:47 dnsmasq-dhcp[5055]: 1088725052 vendor class: PXEClient:Arch:00007:UNDI:003001
Dec 30 14:06:47 dnsmasq-dhcp[5055]: 1088725052 PXE(eth0) bc:24:11:72:ba:18 proxy
Dec 30 14:06:47 dnsmasq-dhcp[5055]: 1088725052 tags: eth0
Dec 30 14:06:47 dnsmasq-dhcp[5055]: 1088725052 next server: 192.168.1.153
Dec 30 14:06:47 dnsmasq-dhcp[5055]: 1088725052 broadcast response
Dec 30 14:06:47 dnsmasq-dhcp[5055]: 1088725052 sent size:  1 option: 53 message-type  2
Dec 30 14:06:47 dnsmasq-dhcp[5055]: 1088725052 sent size:  4 option: 54 server-identifier  192.168.1.153
Dec 30 14:06:47 dnsmasq-dhcp[5055]: 1088725052 sent size:  9 option: 60 vendor-class  50:58:45:43:6c:69:65:6e:74
Dec 30 14:06:47 dnsmasq-dhcp[5055]: 1088725052 sent size: 17 option: 97 client-machine-id  00:cd:02:70:c6:4d:76:70:4e:ab:c0:42:75:48...
Dec 30 14:06:47 dnsmasq[5055]: 5 127.0.0.1/47609 query[PTR] 153.1.168.192.in-addr.arpa from 127.0.0.1
Dec 30 14:06:47 dnsmasq[5055]: 5 127.0.0.1/47609 config 192.168.1.153 is NXDOMAIN
Dec 30 14:06:47 dnsmasq[5055]: 6 ::1/47609 query[PTR] 153.1.168.192.in-addr.arpa from ::1
Dec 30 14:06:47 dnsmasq[5055]: 6 ::1/47609 config 192.168.1.153 is NXDOMAIN
Dec 30 14:06:50 dnsmasq-dhcp[5055]: 1088725052 available DHCP subnet: 192.168.1.0/255.255.255.0
Dec 30 14:06:50 dnsmasq-dhcp[5055]: 1088725052 vendor class: PXEClient:Arch:00007:UNDI:003001
Dec 30 14:06:50 dnsmasq-dhcp[5055]: 1088725052 PXE(eth0) bc:24:11:72:ba:18 proxy
Dec 30 14:06:50 dnsmasq-dhcp[5055]: 1088725052 tags: eth0
Dec 30 14:06:50 dnsmasq-dhcp[5055]: 1088725052 next server: 192.168.1.153
Dec 30 14:06:50 dnsmasq-dhcp[5055]: 1088725052 broadcast response
Dec 30 14:06:50 dnsmasq-dhcp[5055]: 1088725052 sent size:  1 option: 53 message-type  2
Dec 30 14:06:50 dnsmasq-dhcp[5055]: 1088725052 sent size:  4 option: 54 server-identifier  192.168.1.153
Dec 30 14:06:50 dnsmasq-dhcp[5055]: 1088725052 sent size:  9 option: 60 vendor-class  50:58:45:43:6c:69:65:6e:74
Dec 30 14:06:50 dnsmasq-dhcp[5055]: 1088725052 sent size: 17 option: 97 client-machine-id  00:cd:02:70:c6:4d:76:70:4e:ab:c0:42:75:48...
Dec 30 14:06:58 dnsmasq-dhcp[5055]: 1088725052 available DHCP subnet: 192.168.1.0/255.255.255.0
Dec 30 14:06:58 dnsmasq-dhcp[5055]: 1088725052 vendor class: PXEClient:Arch:00007:UNDI:003001
Dec 30 14:06:58 dnsmasq-dhcp[5055]: 3891223962 available DHCP subnet: 192.168.1.0/255.255.255.0
Dec 30 14:06:58 dnsmasq-dhcp[5055]: 3891223962 vendor class: PXEClient:Arch:00007:UNDI:003001
Dec 30 14:06:58 dnsmasq-dhcp[5055]: 3891223962 PXE(eth0) bc:24:11:72:ba:18 proxy
Dec 30 14:06:58 dnsmasq-dhcp[5055]: 3891223962 tags: eth0
Dec 30 14:06:58 dnsmasq-dhcp[5055]: 3891223962 bootfile name: ipxe.efi
Dec 30 14:06:58 dnsmasq-dhcp[5055]: 3891223962 server name: 192.168.1.153
Dec 30 14:06:58 dnsmasq-dhcp[5055]: 3891223962 next server: 192.168.1.153
Dec 30 14:06:58 dnsmasq-dhcp[5055]: 3891223962 sent size:  1 option: 53 message-type  5
Dec 30 14:06:58 dnsmasq-dhcp[5055]: 3891223962 sent size:  4 option: 54 server-identifier  192.168.1.153
Dec 30 14:06:58 dnsmasq-dhcp[5055]: 3891223962 sent size:  9 option: 60 vendor-class  50:58:45:43:6c:69:65:6e:74
Dec 30 14:06:58 dnsmasq-dhcp[5055]: 3891223962 sent size: 17 option: 97 client-machine-id  00:cd:02:70:c6:4d:76:70:4e:ab:c0:42:75:48...

and it's answering

14:08:45.691167 IP (tos 0x0, ttl 64, id 17762, offset 0, flags [none], proto UDP (17), length 375)
    0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from bc:24:11:72:ba:18 (oui Unknown), length 347, xid 0xbe2e93cf, Flags [Broadcast] (0x8000)
          Client-Ethernet-Address bc:24:11:72:ba:18 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message (53), length 1: Discover
            MSZ (57), length 2: 1472
            Parameter-Request (55), length 35: 
              Subnet-Mask (1), Time-Zone (2), Default-Gateway (3), Time-Server (4)
              IEN-Name-Server (5), Domain-Name-Server (6), Hostname (12), BS (13)
              Domain-Name (15), RP (17), EP (18), RSZ (22)
              TTL (23), BR (28), YD (40), YS (41)
              NTP (42), Vendor-Option (43), Requested-IP (50), Lease-Time (51)
              Server-ID (54), RN (58), RB (59), Vendor-Class (60)
              TFTP (66), BF (67), GUID (97), Unknown (128)
              Unknown (129), Unknown (130), Unknown (131), Unknown (132)
              Unknown (133), Unknown (134), Unknown (135)
            GUID (97), length 17: 0.205.2.112.198.77.118.112.78.171.192.66.117.72.90.44.243
            NDI (94), length 3: 1.3.1
            ARCH (93), length 2: 7
            Vendor-Class (60), length 32: "PXEClient:Arch:00007:UNDI:003001"
        0x0000:  4500 0177 4562 0000 4011 3415 0000 0000  E..wEb..@.4.....
        0x0010:  ffff ffff 0044 0043 0163 8c1c 0101 0600  .....D.C.c......
        0x0020:  be2e 93cf 0000 8000 0000 0000 0000 0000  ................
        0x0030:  0000 0000 0000 0000 bc24 1172 ba18 0000  .........$.r....
        0x0040:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0050:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0060:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0070:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0080:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0090:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00a0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00b0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00c0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00d0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00e0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00f0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0100:  0000 0000 0000 0000 6382 5363 3501 0139  ........c.Sc5..9
        0x0110:  0205 c037 2301 0203 0405 060c 0d0f 1112  ...7#...........
        0x0120:  1617 1c28 292a 2b32 3336 3a3b 3c42 4361  ...()*+236:;<BCa
        0x0130:  8081 8283 8485 8687 6111 00cd 0270 c64d  ........a....p.M
        0x0140:  7670 4eab c042 7548 5a2c f35e 0301 0301  vpN..BuHZ,.^....
        0x0150:  5d02 0007 3c20 5058 4543 6c69 656e 743a  ]...<.PXEClient:
        0x0160:  4172 6368 3a30 3030 3037 3a55 4e44 493a  Arch:00007:UNDI:
        0x0170:  3030 3330 3031 ff                        003001.
14:08:45.691701 IP (tos 0xc0, ttl 64, id 11941, offset 0, flags [none], proto UDP (17), length 328)
    192.168.1.153.67 > 255.255.255.255.68: [bad udp cksum 0xc386 -> 0xf266!] BOOTP/DHCP, Reply, length 300, xid 0xbe2e93cf, Flags [Broadcast] (0x8000)
          Server-IP 192.168.1.153
          Client-Ethernet-Address bc:24:11:72:ba:18 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message (53), length 1: Offer
            Server-ID (54), length 4: 192.168.1.153
            Vendor-Class (60), length 9: "PXEClient"
            GUID (97), length 17: 0.205.2.112.198.77.118.112.78.171.192.66.117.72.90.44.243
        0x0000:  45c0 0148 2ea5 0000 4011 87ff c0a8 0199  E..H....@.......
        0x0010:  ffff ffff 0043 0044 0134 c386 0201 0600  .....C.D.4......
        0x0020:  be2e 93cf 0000 8000 0000 0000 0000 0000  ................
        0x0030:  c0a8 0199 0000 0000 bc24 1172 ba18 0000  .........$.r....
        0x0040:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0050:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0060:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0070:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0080:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0090:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00a0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00b0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00c0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00d0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00e0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00f0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0100:  0000 0000 0000 0000 6382 5363 3501 0236  ........c.Sc5..6
        0x0110:  04c0 a801 993c 0950 5845 436c 6965 6e74  .....<.PXEClient
        0x0120:  6111 00cd 0270 c64d 7670 4eab c042 7548  a....p.MvpN..BuH
        0x0130:  5a2c f3ff 0000 0000 0000 0000 0000 0000  Z,..............
        0x0140:  0000 0000 0000 0000                      ........

Please ocr all your screenshots and paste text instead.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall

Read the dnsmasq documentation.

You're configuring dnsmasq as a server, but you seem to want it to be a proxy to another? Can an admin just nuke this whole thread and start it again, with a very clear question?

For anyone following at home, here are some useful commands for debug

#sniff the broadcast
tcpdump -i eth0 ether broadcast

#sniff ethernet, only target client
tcpdump -i eth0 ether host bc:24:11:72:ba:18

#sniff the dhcp
tcpdump -i eth0 port 67 or port 68


#sniff the tftp
tcpdump -i eth0 port 69  -vv -X

It's almost working only issue is that complaint on the client

NBP filesize is 0 Bytes
PXE-E99 Unexpected network error

Looking at the tftp sniff, only a single packet comes out of the dhcp-proxy server

14:28:19.320194 IP (tos 0x0, ttl 64, id 62405, offset 0, flags [none], proto UDP (17), length 79)
    192.168.1.139.1033 > 192.168.1.153.69: [udp sum ok] TFTP, length 51, RRQ "ipxe.efi" octet tsize 0 blksize 1468 windowsize 4
        0x0000:  4500 004f f3c5 0000 4011 0264 c0a8 018b  E..O....@..d....
        0x0010:  c0a8 0199 0409 0045 003b 3df9 0001 6970  .......E.;=...ip
        0x0020:  7865 2e65 6669 006f 6374 6574 0074 7369  xe.efi.octet.tsi
        0x0030:  7a65 0030 0062 6c6b 7369 7a65 0031 3436  ze.0.blksize.146
        0x0040:  3800 7769 6e64 6f77 7369 7a65 0034 00    8.windowsize.4.

and then nothing ...

and nothing obvious in /var/log/dnsmasq.log ...

edit: it is not the file permissions, I did chown -R dnsmasq /tftp/

root@ipxe:/tftp# ls -lsh
1020.0K -rw-r--r--    1 dnsmasq  root     1020.0K Dec 30 13:17 ipxe.efi
 340.0K -rw-r--r--    1 dnsmasq  root      337.1K Dec 30 13:17 ipxe.pxe
  32.0K -rw-r--r--    1 dnsmasq  root       32.0K Dec 30 13:17 snponly.efi

I also have a bios-style client
It exhibits the same behaviour
The first tftp packets is sent
just the first packet, and then it gives up

14:36:30.633833 IP (tos 0x0, ttl 64, id 1046, offset 0, flags [none], proto UDP (17), length 66)
    192.168.1.181.37614 > 192.168.1.153.69: [udp sum ok] TFTP, length 38, RRQ "ipxe.pxe" octet blksize 1432 tsize 0
        0x0000:  4500 0042 0416 0000 4011 f1f6 c0a8 01b5  E..B....@.......
        0x0010:  c0a8 0199 92ee 0045 002e 61cc 0001 6970  .......E..a...ip
        0x0020:  7865 2e70 7865 006f 6374 6574 0062 6c6b  xe.pxe.octet.blk
        0x0030:  7369 7a65 0031 3433 3200 7473 697a 6500  size.1432.tsize.
        0x0040:  3000  

Here is the OCR of the view from the PXE bios client (ipxe firmware)

iPXE 1.20.1+ (g4bdO)
Open Source Network Boot Firmware —— http : //ipxe .org
"eatures: DNS HTTP iSCSI TFTP AoE ELF MBOOT PXE bzlmage Menu PXEXT
net@: using 8Z540em on
(open)
[Link:up, TX:O TXE:O RX:o RXE:O]
Conf iguring (net@ bc:Z4:11:9e:91:69)
0k
netO: 192.168.1.181/255.255.255.0 gw 192.168.1.1
Booting from P XE menu
PXE
PXEBS (neto type 128)
0k
Next server: 192.168.1.153
F i lename: ipxe .pxe
tftp .168.1.153/ .pxe
No more network devices
Connection timed out
(http : // i px

The OCR is gibberish, but basically it says it tries to get ipxe.pxe, then times out
And something about PXEBS (net0 type 128)

hi,
if i am understanding correctly what you are looking for then the answer is: you don't tell.
in a proxydhcp configuration you have two independent DHCP servers: one is responsible to provide the regular IP address stuff, the other can be used to provide TFTP service for example. but in general DHCP is a discovery protocol, i.e. the client does not know at start who is the DHCP server, just send a broadcast message to everybody that "hi, i'm here i need an ip address. please help". then the dhcp server(s) respond with an offer. in proxydhcp configuration one server will respond with an offer including the IP address, the other the will send an offer without ip address but with tftp details.

probably this guide can help you in the start: https://docs.fogproject.org/en/latest/installation/network-setup/proxy-dhcp/ note: it is not openwrt specific though.

@grrr2

Yes that was the initial question
I have answered myself mostly in this post

Now dhcpproxy works with the specified config

The issues have progressed to a TFTP error.
However right now I have burnt out, I spent all night at this.
I have to go to bed. I will pick this up in the evening.

I think it is very very close to working.

EDIT:
Couldn't sleep
Last piece of the puzzle

uci set dhcp.@dnsmasq[0].enable_tftp='1'

boots into ipxe, now just needs also an autoexec.ipxe

maybe this wget https://boot.netboot.xyz/ -O /tftp/autoexec.ipxe

Hi @shodanx ,
I want to share some ideas from my experience.
I see it was the missing uci keyword at the begginning of the command.
In case you need, I recommend you a guide I followed to compile ipxe, with this you can have a separate config file to list the operating systems you can boot, and edit it at anytime to include additional systems.

• I don't know what are the ipxe files you downloaded, maybe you just don't need this, in that case it's ok too.
• I'm not sure if you can compile it in OpenWRT, I used an Ubuntu server system. Anyway you can virtualize Ubuntu and do it there, then take the files to you router.
• This guide tells the ipxe.pxe and ipxe.efi to read the configuration from /tftp/config/boot.ipxe
• If you need examples of menu entries for Windows installation / LinuxPXE I can give you examples, just ask
  Hope you get it to work somehow
  Regards
  Free

Thank you borhacker,

I worked on this over the holidays.

I have things half-way working.

One large side-issue was that the ipxe binary files available at

https://boot.ipxe.org/ipxe.pxe
https://boot.ipxe.org/ipxe.efi

Do not include most of the build options such as https and sanboot support (even console command is missing!)

So I created install scripts to create the build environment in proxmox LXC containers, now I have a mostly-working customer ipxe rom that include most of the things I will need.

The next stick point it tag matching in openwrt, there is no current support.
I did find a thread about it but it was already prematurely closed, so I will make a new thread responding to it and asking for clarification.

It is too bad for google users would will end up on the first thread series, and then never find the following threads in the series as they will be buried by older threads in the search results !