NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
6.9.3 : Bug with static ip adresses
Situation:
I configure static IP address and DNS server on eth0 via ReadyNAS webgui
Static DNS server shows up in resolv.conf:
root@NAS2:~# cat /etc/resolv.conf # Generated by Connection Manager search lan nameserver 192.168.1.1
But a few hours later, my static DNS server is overwritten by the one advertised by my DHCP server:
(It seems to happen 2 times per day, but that might be related to the lease duration of my DHCP server)
root@NAS2:~# cat /etc/resolv.conf # Generated by dhcpcd from eth0 # /etc/resolv.conf.head can replace this line nameserver 192.168.1.12 # /etc/resolv.conf.tail can replace this line
Solution:
ReadyNAS should not directly alter config files while dhcpcd service is still running.
Instead, if someone configures a static IP + DNS on eth0, then it should alter /etc/dhcpcd.conf and add these lines:
interface eth0 static ip_address=192.168.1.12/24 static routers=192.168.1.1 static domain_name_servers=192.168.1.1
if someone only configures a static DNS on eth0 and keeps the IP dynamic then probably ReadyNAS should only add this (not tested):
interface eth0 static domain_name_servers=192.168.1.1
Another solution (but this one would not support dynamic IP + static DNS) (and also did not test it myself):
If someone configures a static IP + DNS, then ReadyNAS should add these lines in /etc/dhcpcd.conf:
denyinterfaces eth0
I'm not sure if the same bug also exists on IPv6 because I'm not using that. But perhaps it is worth to look into.
5 Replies
Replies have been turned off for this discussion
Hi rgerrits, would it be possible to also use your router to assign the concerned ip-address (ip4, ip6, or both) to your nas?
Of course that is possible, but that is besides the point.
If GUI offers a way to use static IP addresses, then it should work properly.
I managed to work around this by manually fixing dhcpd.conf, but Netgear should fix this for ppl that do not want to enable ssh.
One could even see this as security bug. An attacker could place a DHCP server in the same subnet to change DNS and even default gateway that were staticly defined and via that way become man in the middle.
(But of course if an attacker has access to your network, then you may have bigger issues.)
rgerrits wrote:
One could even see this as security bug. An attacker could place a DHCP server in the same subnet to change DNS and even default gateway that were staticly defined and via that way become man in the middle.
DHCP isn't a secure protocol to begin with, so that's a hard case to make. DHCP clients will discover and respond to the attacker's server, and it can set the gateway and subnet mask to force all traffic from those clients to a man-in-the-middle server. That's already toxic - having it touch a few more devices that use static addresses doesn't make it much worse. Yes, the attacker could climb through that window, but why bother - the door is standing wide open.
FWIW, I use DHCP with reserved addresses, and I haven't seen my configured DNS servers change on the NAS. That said, as long as the DNS servers resolve correctly I might not.
Netgear should look at this, since your analysis does suggest something isn't quite right.
We use Connection Manager to manage all network connections, not dhcpcd/udhcpc. Is it possible you installed some apps or some programs, perhaps some network tools package, or you did an apt-get upgrade?
Connman's adapter configurations exist in /var/lib/connman. dhcpcd.conf is not a standard ReadyNASOS config file. You might want to inspect your device further and find out why your ReadyNAS is using dhcpcd at all. If you are paranoid, perhaps the support team can wipe your OS and rebuild it from scratch to give you back a pristine ReadyNASOS install while keeping your data as it was.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
