Hi All,
How do I get updates to stop altering my network configuration?
I use a local caching named server (named-chroot)
The last round altered the following:
/etc/named.conf file is not a link, so should be left alone (and still not a link)
Altered file: # Generated by NetworkManager search netgear.com acme.local # netgear.com ?????? nameserver 192.168.250.1 # address of my gateway
Should have left alone at: search acme.local nameserver 127.0.0.1
AND SOMETHING KEEP CHANGING IT BACK to !!!!!
; generated by /usr/sbin/dhclient-script search netgear.com acme.local nameserver 192.168.250.1
/etc/sysconfig/network-scripts/ifcfg-eno2
Altered file: BOOTPROTO=none
Should have been left alone at: BOOTPROTO=dhcp
By the way, DNS1=127.0.0.1 in that file and was not altered
[Editorial comment] AAAAAAAAAHHHHHHHHHHHHH!!!!!!!! [/editorial comment]
-T
On 4/23/23 16:51, ToddAndMargo via users wrote:
/etc/named.conf file is not a link, so should be left alone (and still not a link)
Altered file: # Generated by NetworkManager search netgear.com acme.local # netgear.com ?????? nameserver 192.168.250.1 # address of my gateway
Should have left alone at: search acme.local nameserver 127.0.0.1
AND SOMETHING KEEP CHANGING IT BACK to !!!!!
; generated by /usr/sbin/dhclient-script search netgear.com acme.local nameserver 192.168.250.1
/etc/sysconfig/network-scripts/ifcfg-eno2
Altered file: BOOTPROTO=none
Should have been left alone at: BOOTPROTO=dhcp
By the way, DNS1=127.0.0.1 in that file and was not altered
Just posted:
dchp-client does not recognize a local named server https://bugzilla.redhat.com/show_bug.cgi?id=2188986
On Sun, 2023-04-23 at 16:51 -0700, ToddAndMargo via users wrote:
The last round altered the following:
/etc/named.conf file is not a link, so should be left alone (and still not a link)
Altered file: # Generated by NetworkManager search netgear.com acme.local # netgear.com ?????? nameserver 192.168.250.1 # address of my gateway Should have left alone at: search acme.local nameserver 127.0.0.1
Those parameters are not part of "/etc/named.conf". Do you mean "/etc/resolv.conf"?
What's your DHCP server? (A PC, a hardware router?) Can you configure it correctly for your network preferences?
You may also have problems with ".local" ZeroConf style of addresses with DHCP and DNS servers.
On 4/23/23 19:55, Tim via users wrote:
On Sun, 2023-04-23 at 16:51 -0700, ToddAndMargo via users wrote:
The last round altered the following:
/etc/named.conf file is not a link, so should be left alone (and still not a link)
Altered file: # Generated by NetworkManager search netgear.com acme.local # netgear.com ?????? nameserver 192.168.250.1 # address of my gateway Should have left alone at: search acme.local nameserver 127.0.0.1Those parameters are not part of "/etc/named.conf". Do you mean "/etc/resolv.conf"?
Yes. That is embarrasing
What's your DHCP server? (A PC, a hardware router?) Can you configure it correctly for your network preferences?
You may also have problems with ".local" ZeroConf style of addresses with DHCP and DNS servers.
Tim:
Those parameters are not part of "/etc/named.conf". Do you mean "/etc/resolv.conf"?
ToddAndMargo:
Yes. That is embarrasing
Don't forget to update your bugzilla entry, or they might close it.
On Mon, 2023-04-24 at 12:25 +0930, Tim via users wrote:
What's your DHCP server? (A PC, a hardware router?) Can you configure it correctly for your network preferences?
Is configuring your DHCP server with the DNS server address you want your clients to use possible? This would automate things for you.
A DHCP server will tell clients what DNS server to use, and it's only passing that information along to the clients (you are this IP, use that gateway, use that DNS server, etc). What it uses for itself is a different configuration.
On 4/24/23 00:19, Tim via users wrote:
On Mon, 2023-04-24 at 12:25 +0930, Tim via users wrote:
What's your DHCP server? (A PC, a hardware router?)
It is a frontier DSL modem/router/dhcp sever/hub
Can you configure it correctly for your network preferences?
Is configuring your DHCP server with the DNS server address you want your clients to use possible? This would automate things for you.
A DHCP server will tell clients what DNS server to use, and it's only passing that information along to the clients (you are this IP, use that gateway, use that DNS server, etc). What it uses for itself is a different configuration.
My main computers uses a caching name server.
There are devices outside my protected network at use the name server from the router. These devices are on the unprotected side and would not be able to see my name server.
I worked around it with these two commands:
# nmcli device modify eno2 ipv4.dns "127.0.0.1" # nmcli connection modify "Wired connection 2" ipv4.ignore-auto-dns yes
I also discovered that the `dhclient -r; dhclient` command still updates /etc/resolv.conf
But the up and down nmcli command fixes it.
nmcli up/down commands:
Show connections and devices: $ /usr/bin/nmcli connection
NAME UUID TYPE DEVICE Wired connection 2 3d30b55f-3675-3e71-88fd-a9796720a9f3 ethernet eno2 virbr0 72451e48-3fe4-44a6-9648-c632f9b45123 bridge virbr0 Wired connection 1 3bbdbba2-be96-3a0f-b0d5-b8a34912e7b7 ethernet --
Up: /usr/bin/nmcli connection up "Wired connection 2" /usr/bin/nmcli device up eno2
Down: /usr/bin/nmcli connection down "Wired connection 2" /usr/bin/nmcli device up down
Tim:
What's your DHCP server? (A PC, a hardware router?)
ToddAndMargo:
It is a frontier DSL modem/router/dhcp sever/hub
That can make it harder, most consumer devices have limited customisation options.
My modem/router is very limited, and major pain to configure (and wouldn't even let me log into its control page, today), so I don't use mine as any of the services. It's just a link between WAN and LAN, and one of my PCs does all the DHCP and DNS serving. I can easily configure that exactly the way I want it.
It's DHCP server can tell one PC to use 192.168.1.1 as its DNS server, and some other device to use 8.8.8.8 as their DNS server. As the network has more and more things added to it, it's much easier (for me) to centrally control things, rather than manually intervene on each device (if they even have user controls).
Some consumer routers do have a wider range of different settable options for the main LAN versus the isolated LAN. With mine the guest WLAN has just a few options, but it has no concept of a guest LAN on wired ethernet, just a DMZ that can be applied to one address where it treats something as completely standalone.
On 4/24/23 06:07, Tim via users wrote:
Tim:
What's your DHCP server? (A PC, a hardware router?)
ToddAndMargo:
It is a frontier DSL modem/router/dhcp sever/hub
That can make it harder, most consumer devices have limited customisation options.
My modem/router is very limited, and major pain to configure (and wouldn't even let me log into its control page, today), so I don't use mine as any of the services. It's just a link between WAN and LAN, and one of my PCs does all the DHCP and DNS serving. I can easily configure that exactly the way I want it.
It's DHCP server can tell one PC to use 192.168.1.1 as its DNS server, and some other device to use 8.8.8.8 as their DNS server. As the network has more and more things added to it, it's much easier (for me) to centrally control things, rather than manually intervene on each device (if they even have user controls).
Some consumer routers do have a wider range of different settable options for the main LAN versus the isolated LAN. With mine the guest WLAN has just a few options, but it has no concept of a guest LAN on wired ethernet, just a DMZ that can be applied to one address where it treats something as completely standalone.
I see a lot of routers in my customer visits. They all seems to have their own ways of doing things. The worst is the one from Charter. They won't even allow you to log into them.
Oh this took my breath away. The stinking update trashed my bridge and took out all my qemu-kvm virtual machines
My notes on how to restore br0:
How to add or restore a bridge (br0) when knocked out by an upgrade:
Reference:
https://www.thegeeksearch.com/how-to-configure-network-bridge-in-centos-rhel...
# nmcli con show 3: eno1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN mode DEFAULT group default qlen 1000 link/ether ac:1f:6b:62:10:06 brd ff:ff:ff:ff:ff:ff altname enp0s31f6
# nmcli con add type bridge con-name br0 ifname br0 Connection 'br0' (1ec4bd21-d652-40cf-8de9-392e35ce7445) successfully added.
# nmcli con add type bridge-slave con-name br0-port1 ifname enp0s31f6 master br0 Connection 'br0-port1' (e5c19095-d8a8-4f76-a8bd-fa8b11d19218) successfully added.
Note: enp0s31f6 is the "altname" from `nmcli con show`
# brctl show bridge name bridge id STP enabled interfaces br0 8000.fe627ffe1fdf yes virbr0 8000.52540085fab2 yes
# systemctl restart systemd-networkd.service;
On 4/24/23 17:02, ToddAndMargo via users wrote:
Oh this took my breath away. The stinking update trashed my bridge and took out all my qemu-kvm virtual machines
I don't understand why you're having so much trouble. I haven't had any issues with updates and I have a much more complicated network setup than that, including a separate bridge for VMs. Was this the upgrade to 38? I haven't got around to doing that yet.
On 4/24/23 17:10, Samuel Sieb wrote:
On 4/24/23 17:02, ToddAndMargo via users wrote:
Oh this took my breath away. The stinking update trashed my bridge and took out all my qemu-kvm virtual machines
I don't understand why you're having so much trouble. I haven't had any issues with updates and I have a much more complicated network setup than that, including a separate bridge for VMs. Was this the upgrade to 38? I haven't got around to doing that yet.
My wife says it is like a cloud following me around.
I am still on 37.
And now br0 won't wake up
On 4/24/23 18:10, Samuel Sieb wrote:
On 4/24/23 17:02, ToddAndMargo via users wrote:
Oh this took my breath away. The stinking update trashed my bridge and took out all my qemu-kvm virtual machines
I don't understand why you're having so much trouble. I haven't had any issues with updates and I have a much more complicated network setup than that, including a separate bridge for VMs. Was this the upgrade to 38? I haven't got around to doing that yet.
I upgraded 2 desktops, 1 laptop, 37->38 , all three have a separate bridge device under Networkmanager, some virtual machines too, the only problems:
- in Fedora 38 Gnome and GDM put the machine to sleep at 15 minutes, so you need to change the setting when rebooting in Fedora 38
On 4/24/23 17:10, Samuel Sieb wrote:
I don't understand why you're having so much trouble.
Hi Sam,
I do beleive after fixing and upgrading to the new networking method that what has been transpiring was my preference to stay on the old method.
I did not see the point in changing things just for the sake of change when it took me years to get things cherried out the way I needed. Their updates are suppose to support both, but increasingly they neglect testing the old method. (Or they just don't care anymomre.) So I got sabataged. I lost two days of billings over it. Not cool.
Well, I finally did change over. Not too happy that I was forced to do it.
-T
On Tue, 2023-04-25 at 02:03 -0700, ToddAndMargo via users wrote:
On 4/24/23 17:10, Samuel Sieb wrote:
I don't understand why you're having so much trouble.
Hi Sam,
I do beleive after fixing and upgrading to the new networking method that what has been transpiring was my preference to stay on the old method.
I did not see the point in changing things just for the sake of change when it took me years to get things cherried out the way I needed. Their updates are suppose to support both, but increasingly they neglect testing the old method. (Or they just don't care anymomre.) So I got sabataged. I lost two days of billings over it. Not cool.
Well, I finally did change over. Not too happy that I was forced to do it.
Frankly, that's a consequence of using Fedora. Things change, usually for the better, but you're expected to keep up. Relying on "the old ways" will eventually bite you.
poc
On 4/25/23 02:53, Patrick O'Callaghan wrote:
On Tue, 2023-04-25 at 02:03 -0700, ToddAndMargo via users wrote:
On 4/24/23 17:10, Samuel Sieb wrote:
I don't understand why you're having so much trouble.
Hi Sam,
I do beleive after fixing and upgrading to the new networking method that what has been transpiring was my preference to stay on the old method.
I did not see the point in changing things just for the sake of change when it took me years to get things cherried out the way I needed. Their updates are suppose to support both, but increasingly they neglect testing the old method. (Or they just don't care anymomre.) So I got sabataged. I lost two days of billings over it. Not cool.
Well, I finally did change over. Not too happy that I was forced to do it.
Frankly, that's a consequence of using Fedora. Things change, usually for the better, but you're expected to keep up. Relying on "the old ways" will eventually bite you.
poc
Very true.
My alternative would be RHEL, where they lock in the bugs, leave all the old outdated stuff as is, and never fix anything unless you put them on the payroll. Been there, done that, never want to do that again.
On 4/25/23 02:53, Patrick O'Callaghan wrote:
Frankly, that's a consequence of using Fedora. Things change, usually for the better, but you're expected to keep up. Relying on "the old ways" will eventually bite you.
The next one I guess I am going to have to bite the bullet on is transitioning from iptables to nftables.
I looked up nftalbes and how to transition. I totally spaced on it. I am so not looking forward to nftables.
On 4/26/23 15:08, ToddAndMargo via users wrote:
On 4/25/23 02:53, Patrick O'Callaghan wrote:
Frankly, that's a consequence of using Fedora. Things change, usually for the better, but you're expected to keep up. Relying on "the old ways" will eventually bite you.
The next one I guess I am going to have to bite the bullet on is transitioning from iptables to nftables.
I looked up nftalbes and how to transition. I totally spaced on it. I am so not looking forward to nftables.
Yes, this is going to be a problem for me as well. I have long-standing firewall scripts originally from Firewall Builder (which is sadly long abandoned now). Ideally, I would convert them to use firewalld if possible, but otherwise they needs to get converted to nftables.
Converting to firewalld would be much better of course because I've wanted to be able to make dynamic changes which that would allow.
On 4/25/23 02:03, ToddAndMargo via users wrote:
On 4/24/23 17:10, Samuel Sieb wrote:
I don't understand why you're having so much trouble.
I do beleive after fixing and upgrading to the new networking method that what has been transpiring was my preference to stay on the old method.
What new method? I haven't had to manually change anything yet. Everything just keeps working. I should migrate my connections to the new format at some point though.
On 4/25/23 09:56, Samuel Sieb wrote:
On 4/25/23 02:03, ToddAndMargo via users wrote:
On 4/24/23 17:10, Samuel Sieb wrote:
I don't understand why you're having so much trouble.
I do beleive after fixing and upgrading to the new networking method that what has been transpiring was my preference to stay on the old method.
What new method? I haven't had to manually change anything yet. Everything just keeps working. I should migrate my connections to the new format at some point though.
Keyfiles vs. ifcfg
https://fedoramagazine.org/converting-networkmanager-from-ifcfg-to-keyfiles/
On Tue, 25 Apr 2023 17:44:07 -0700 ToddAndMargo via users wrote:
Keyfiles vs. ifcfg
https://fedoramagazine.org/converting-networkmanager-from-ifcfg-to-keyfiles/
I converted when there was no longer default support for ifcfg files unless I installed NetworkManager-initscripts-ifcfg-rh.x86_64 and edited the /etc/NetworkManager/NetworkManager.conf file to say try the ifcfg-rs plugin first. The command
nmcli connection migrate
seemed to work fine for me (which shocked me given how complex I thought my network connections were). Been using keyfiles ever since, no ifcfg files any longer.
On 4/25/23 18:03, Tom Horsley wrote:
On Tue, 25 Apr 2023 17:44:07 -0700 ToddAndMargo via users wrote:
Keyfiles vs. ifcfg
https://fedoramagazine.org/converting-networkmanager-from-ifcfg-to-keyfiles/
I converted when there was no longer default support for ifcfg files unless I installed NetworkManager-initscripts-ifcfg-rh.x86_64 and edited the /etc/NetworkManager/NetworkManager.conf file to say try the ifcfg-rs plugin first. The command
nmcli connection migrate
seemed to work fine for me (which shocked me given how complex I thought my network connections were). Been using keyfiles ever since, no ifcfg files any longer.
I gave up and migrated as well.
What was annoying was that I could not create the device link to the bridge with nmcli commands, but it did properly create it with nmcli's migrate.
And what is with the second bridge? `slave-type=bridge` and `type=bridge`
bridge-br0.nmconnection br0.nmconnection
which is apparently needed for the same bridge:
<bridge-br0.nmconnection> [connection] id=bridge-br0 uuid=cb23d052-f04d-4e0b-ae21-18cbc6yyyyyy type=ethernet interface-name=eno1 master=br0 slave-type=bridge
[ethernet]
[bridge-port] </bridge-br0.nmconnection>
<br0.nmconnection> [connection] id=br0 uuid=8d395a48-3de6-40e8-ad3a-c57xxxxxxx type=bridge interface-name=br0
[ethernet]
[bridge]
[ipv4] address1=192.168.255.10/24 method=manual
[ipv6] addr-gen-mode=default method=disabled
[proxy] </<br0.nmconnection>
On 4/25/23 17:44, ToddAndMargo via users wrote:
On 4/25/23 09:56, Samuel Sieb wrote:
On 4/25/23 02:03, ToddAndMargo via users wrote:
On 4/24/23 17:10, Samuel Sieb wrote:
I don't understand why you're having so much trouble.
I do beleive after fixing and upgrading to the new networking method that what has been transpiring was my preference to stay on the old method.
What new method? I haven't had to manually change anything yet. Everything just keeps working. I should migrate my connections to the new format at some point though.
Keyfiles vs. ifcfg
https://fedoramagazine.org/converting-networkmanager-from-ifcfg-to-keyfiles/
Right, so that's what I meant that I haven't converted anything yet and nothing has broken so far. I just checked on the server with lots of vlans and an externally accessible bridge for VMs and it's still using all ifcfg files. So I really don't understand why you're having so much trouble with it. (Also, DNS is provided by freeipa on one of the VMs.)
On 4/25/23 21:00, Samuel Sieb wrote:
On 4/25/23 17:44, ToddAndMargo via users wrote:
On 4/25/23 09:56, Samuel Sieb wrote:
On 4/25/23 02:03, ToddAndMargo via users wrote:
On 4/24/23 17:10, Samuel Sieb wrote:
I don't understand why you're having so much trouble.
I do beleive after fixing and upgrading to the new networking method that what has been transpiring was my preference to stay on the old method.
What new method? I haven't had to manually change anything yet. Everything just keeps working. I should migrate my connections to the new format at some point though.
Keyfiles vs. ifcfg
https://fedoramagazine.org/converting-networkmanager-from-ifcfg-to-keyfiles/
Right, so that's what I meant that I haven't converted anything yet and nothing has broken so far. I just checked on the server with lots of vlans and an externally accessible bridge for VMs and it's still using all ifcfg files. So I really don't understand why you're having so much trouble with it. (Also, DNS is provided by freeipa on one of the VMs.)
I have seen you setup before. I can not tell you how impressed I am with what you have done.
And you think that my setup that is 1/20th as complex as yours would have so many problems.
It is working for now. The only thing I could not get to work with my new network was my qemu-kvm Android-x86. And I did not need it anymore, so I deleted it.
On 4/24/23 17:02, ToddAndMargo via users wrote:
Oh this took my breath away. The stinking update trashed my bridge and took out all my qemu-kvm virtual machines
My notes on how to restore br0:
My better updated notes:
How to add or restore a bridge (br0) when knocked out by an upgrade:
Reference:
https://www.thegeeksearch.com/how-to-configure-network-bridge-in-centos-rhel...
https://www.thegeekdiary.com/how-to-create-a-bridge-interface-using-nmcli-in...
Note: qemu-kvm virtual machines After restoring, if br0 will not pass traffic in your virtual machines (VM's), go into virt-manager and set the networm interface to comethig else, then set it back to br0
Note: to remove a bridge: # nmcli con show
# ip link set br0 down # brctl delbr br0 # nmcli connection delete br0 # nmcli connection delete br0-port1 # nmcli connection delete bridge-br0
Test if you got it with with: # nmcli con show # brctl show
1. Get a list of the system’s active network connections:
# nmcli conn show --active NAME UUID TYPE DEVICE Wired connection 1 3bbdbba2-be96-3a0f-b0d5-b8a34912e7b7 ethernet eno1 virbr0 5ed314a7-f7d5-4719-9f8a-e144718b6288 bridge virbr
Note: plug something into the eno1, such as teh router to activate it and do a # nmcli device up eno1
2. Next, create a network bridge by typing:
# nmcli conn add type bridge con-name br0 ifname br0 NAME UUID TYPE DEVICE Wired connection 1 3bbdbba2-be96-3a0f-b0d5-b8a34912e7b7 ethernet eno1 virbr0 5ed314a7-f7d5-4719-9f8a-e144718b6288 bridge virbr
3. Next, set a static IPv4 address for the bridge network:
Do not set a gateway
# nmcli conn mod br0 ipv4.address '192.168.255.10/24' ########## nmcli conn mod br0 ipv4.gateway '192.168.250.1' # nmcli conn mod br0 ipv4.method manual
4. Now, add the ethernet interface, eno1, to the bridge, br0, connection:
# nmcli conn add type ethernet slave-type bridge con-name bridge-br0 ifname eno1 master br0 Connection 'bridge-br0' (cb23d052-f04d-4e0b-ae21-18cbc67f1bd6) successfully added.
5. Activate the bridge connection:
# nmcli conn up br0 Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/25)
6. Deactivate the ethernet interface, eno1:
# nmcli conn down eno1 Error: 'eno1' is not an active connection. Error: no active connection provided.
7. Get a list of the active network connections:
# nmcli conn show --active
8. Display the current bridge port configuration and flags:
# bridge link show <nothing>
9. Display the new network bridge interface: # nmcli device up br0 Device 'br0' successfully activated with '8d395a48-3de6-40e8-ad3a-c57aa5f35315'.
# nmcli conn up bridge-br0 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/28)
# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP group default qlen 1000 link/ether 52:12:34:56:78:5d brd ff:ff:ff:ff:ff:ff 4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 52:12:34:56:78:5d brd ff:ff:ff:ff:ff:ff inet 192.168.xxx.yy/27 brd 192.168.122.31 scope global noprefixroute br0 valid_lft forever preferred_lft forever
10: more info: # nmcli con show br0
On Mon, 24 Apr 2023 20:02:12 -0700 ToddAndMargo via users wrote:
10: more info:
11: In some version of fedora, my br0 started getting a random MAC address but in the previous fedora, it inherited the MAC address of the physical ethernet port I connected it to. As a result, my DHCP server gave it the wrong IP, and my local network had big problems because everything else thought they knew the IP. I had to explicitly assign the same MAC as the physical interface to br0 to get everything back to normal.
-
Gabriel Ramirez -
Patrick O'Callaghan -
Samuel Sieb -
Tim -
ToddAndMargo -
Tom Horsley