Skip to main content
Topic: connman listens on localhost:53 by default but I badly need it for dnscrypt-prox (Read 4156 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

connman listens on localhost:53 by default but I badly need it for dnscrypt-prox

Hi everyone
I encountered a problem wherein connman listens localhost:53 by default so my dnscrypt-proxy could not bind itself to that to listen for dns queries. Because of that, I actually tried to fix things by killing the connman process but what ended up happening was knocking the ethernet interface down.

After quite some frustrations I finally figured out my way to make things work by getting the interface back up and assigning the ip address through ifconfig.

I actually had alot of trouble trying to assign a static ip address with connman. Despite me already using linux for over a year that still didn't prevent me from getting quite confused on how to properly use this software as even manpages and --help doesn't have much information to begin with. A good amount of examples would've been very helpful.

As to why I badly wanted a static ip, it's because there's some bloody annoying advanced persistent threat lurking in my ISP and much to my dismay they are so good that the DHCP alone is enough for them to compromise my system... Well at least that was my experience with systemd-based distros, I'm trying my luck with non-systemd-based so far.

Since connman was purposefully crashed by killing it and I got my net up through ifconfig, I was finally able to get my dnscrypt-proxy up and running but seriously I don't wanna go through this again if possible so I could really use some guidance hahaha if possible some way to make the connman not listen on port 53 and just set the resolv.conf which is pretty much the behavior of networkmanager

I would also like to ask an extra question if possible.
I made a mistake on adding the default route which is 0.0.0.0. The mistake was that I didn't notice I ended up setting a netmask of 255.255.255.0 instead of 0.0.0.0 which ended up in a route entry of 0.0.0.0 yet I could not delete it no matter what with "route del 0.0.0.0". Is there a way to delete routes by just specifying which number or line it is? I also tried to directly change it through modifying /proc/net/route but sadly no luck


 

Re: connman listens on localhost:53 by default but I badly need it for dnscrypt-prox

Reply #2
Your post does not make clear whether you need the help of a 'network manager' due to a complex setup, or  you are using wifi etc.

If using just one Ethernet (wired)  connection to your router any 'network manger' is overkill imho. You don't actually need one with a simple wired setup


The  Artix wiki 'Migration' page  explains it better than the  'Installation' page
https://wiki.artixlinux.org/Main/Migration#Configure_networking

In a nutshell
Make sure netifrc is installed

Symlink  /etc/init.d/net.lo to /etc/init.d/net.NAME_OF_YOUR_ETHERNET_INTERFACE  (In my case eno1 so ln -s /etc/init.d/net.lo /etc/init.d/net.eno1)

Add similar to the following to the bottom of /etc/conf.d/net
Code: [Select]
config_eno1="192.168.1.100/24"
routes_eno1="default via 192.168.1.1"
dns_servers_eno1="192.168.1.1"
Changing 'eno1' to the same interface name you used in the symlink.

Add the interface to the boot runlevel
Code: [Select]
rc-update add net.eno1 boot

config_eno1="192.168.1.100/24" sets my static ip to 192.168.1.100 .  /24 is the netmask, same as 255.255.255.0
routes_eno1="default via 192.168.1.1" is setting the default route. 192.168.1.1 is the ip address of my router. Change if necessary to the ip address of yours.
dns_servers_eno1="192.168.1.1" sets dns to be provided by my router. In your case you would want it to be 127.0.0.1 , I imagine, if using dnscrypt-proxy.

I'm not suggesting you do this. Just letting you know it is an option, in case you didn't know.
For many years I've been averse to ' Network Managers' as they just add complexity I don't need.

/etc/conf.d/net is well documented in its comments.
If you wanted to try, but you're not comfortable possibly breaking your current setup, I'd advise playing around with it all in a virtual machine first.
 





Re: connman listens on localhost:53 by default but I badly need it for dnscrypt-prox

Reply #3

Hey there, thanks for this! Exactly what I needed for my problem with connman interfering with DNSCrypt

Your post does not make clear whether you need the help of a 'network manager' due to a complex setup, or  you are using wifi etc.

If using just one Ethernet (wired)  connection to your router any 'network manger' is overkill imho. You don't actually need one with a simple wired setup


The  Artix wiki 'Migration' page  explains it better than the  'Installation' page
https://wiki.artixlinux.org/Main/Migration#Configure_networking

In a nutshell
Make sure netifrc is installed

Symlink  /etc/init.d/net.lo to /etc/init.d/net.NAME_OF_YOUR_ETHERNET_INTERFACE  (In my case eno1 so ln -s /etc/init.d/net.lo /etc/init.d/net.eno1)

Add similar to the following to the bottom of /etc/conf.d/net
Code: [Select]
config_eno1="192.168.1.100/24"
routes_eno1="default via 192.168.1.1"
dns_servers_eno1="192.168.1.1"
Changing 'eno1' to the same interface name you used in the symlink.

config_eno1="192.168.1.100/24" sets my static ip to 192.168.1.100 .  /24 is the netmask, same as 255.255.255.0
routes_eno1="default via 192.168.1.1" is setting the default route. 192.168.1.1 is the ip address of my router. Change if necessary to the ip address of yours.
dns_servers_eno1="192.168.1.1" sets dns to be provided by my router. In your case you would want it to be 127.0.0.1 , I imagine, if using dnscrypt-proxy.

I'm not suggesting you do this. Just letting you know it is an option, in case you didn't know.
For many years I've been averse to ' Network Managers' as they just add complexity I don't need.

/etc/conf.d/net is well documented in its comments.
If you wanted to try, but you're not comfortable possibly breaking your current setup, I'd advise playing around with it all in a virtual machine first.

Sorry for not being able to include those details. Apparently I don't have a complex setup nor do I plan to use wifi on my Desktop, Ethernet is all I'm ever going to use for it so like you said, a network manager is indeed overkill but is there a way to ensure that configuration persists across reboots? I personally haven't tested whether the ip address that I've set using ifconfig actually persists through a reboot but looking up the nature and purpose of netifrc implies to me that it wouldn't persist.

I wanna ask though, is net.lo not an init script for the loopback interface? Cause I don't get why make a symlink posing as Ethernet interface towards lo.

Truth be told I haven't installed Artix yet because I want to be absolutely sure I fix this problem first because I really didn't want the inconvenience of not having internet access to search for solutions on the same device that I am working on but you suggesting to try things out in a VM sounds like a good idea for me to recklessly crash course on things toward a hopeful elegant working state so..

Thank you very much for the help!

Re: connman listens on localhost:53 by default but I badly need it for dnscrypt-prox

Reply #4


Sorry for not being able to include those details. Apparently I don't have a complex setup nor do I plan to use wifi on my Desktop, Ethernet is all I'm ever going to use for it so like you said, a network manager is indeed overkill but is there a way to ensure that configuration persists across reboots? I personally haven't tested whether the ip address that I've set using ifconfig actually persists through a reboot but looking up the nature and purpose of netifrc implies to me that it wouldn't persist.

I wanna ask though, is net.lo not an init script for the loopback interface? Cause I don't get why make a symlink posing as Ethernet interface towards lo.
No worries I was just pointing out my assumption which could easily have been incorrect
Yes it persists across reboots. The line
Code: [Select]
config_eno1="192.168.1.100/24"
is setting the ip to a static 192.168.1.100

netifrc is just a collection of scripts which handle setting up the network interfaces based on the settings in /etc/conf.d/net & files in /etc/init.d/ which start net.*  net.lo is already part of the installed netifrc package. When you symlink to it you are not linking to the actual loopback interface, just the file. You could copy net.lo and name the copy net.eth0(Or whatever your ethernet interface is called) or equally create a brand new file called net.eth0 and copy and paste the contents from net.lo into it. The end result would be the same. But a symlink is simple and takes almost no disk space ( not that that matters)

I've not read the scripts (well had a glance) but what I imagine happens is if a net.* script in /etc/init.d is assigned  a runlevel it is executed. It looks at its extension, whether it be .lo .eth0 or in my case .eno1 and looks in /etc/conf.d/net for relevant lines to get the settings for the interface (that's my educated guess :) ) again in my case I added
Code: [Select]
config_eno1="192.168.1.100/24"
routes_eno1="default via 192.168.1.1"
dns_servers_eno1="192.168.1.1"
which net.eno1 will find

I hope that makes some sense. It can be hard to get your head around.

Quote
Truth be told I haven't installed Artix yet because I want to be absolutely sure I fix this problem first because I really didn't want the inconvenience of not having internet access to search for solutions on the same device that I am working on but you suggesting to try things out in a VM sounds like a good idea for me to recklessly crash course on things toward a hopeful elegant working state so..

Thank you very much for the help!

Your welcome. There is nothing wrong with using a network manager. But they have caused me issues in the past so if I can avoid them I do.  When things go wrong using a network manager it can be hard to work out what happened and in the past some seemed to have a mind of there own !
It could be said that netifrc is still a network manager of sorts. Just a low level one. A real hardcore purist could just write the commands into a script to bring their network interfaces up themselves. But I'm not that hardcore :)

VM's are definitely a good way to play around and learn without breaking your main system. Have fun :)

Edit: In my first post I forgot to add you need to assign the net.* script to the boot runlevel. In my case
Code: [Select]
rc-update add net.eno1 boot
I've edited that post just in case anybody else sees it and doesn't read the rest of the thread.