LXC ip allocation using DHCP
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I'm trying to set up DHCP for my lxcontainers without using lxc-net. The reason for this decision is that I'd like to place my containers in different networks, such that they are unable to talk to each other by default. I have successfully created and run containers using static IPs assigned within the containers' config file before, but I'd like to use a DHCP server on the host this time.
I've installed dnsmasq on my host and configured it like this:
# /etc/dnsmasq.d/dnsmasq.lxcbr.conf
domain=local.lxc,10.10.10.0/24
interface=lxcbr
dhcp-range=lxcbr,10.10.10.1,10.10.10.200,24h
dhcp-option=option:router,10.10.10.254
According to this the file is being loaded correctly:
root@host:~# service dnsmasq status
◠dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled)
[...]
Feb 03 19:06:39 host dnsmasq[4228]: dnsmasq: syntax check OK.
Feb 03 19:06:39 host dnsmasq[4237]: started, version 2.72 cachesize 150
Feb 03 19:06:39 host dnsmasq[4237]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect
Feb 03 19:06:39 host dnsmasq-dhcp[4237]: DHCP, IP range 10.10.10.1 -- 10.10.10.200, lease time 1d
Feb 03 19:06:39 host dnsmasq[4237]: reading /etc/resolv.conf
Feb 03 19:06:39 host dnsmasq[4237]: using nameserver upstream.nameserver.ip.here#53
Feb 03 19:06:39 host dnsmasq[4237]: using nameserver upstream.nameserver.ip.here#53
Feb 03 19:06:39 host dnsmasq[4237]: read /etc/hosts - 5 addresses
lxcbr is the host's interface in the container's network:
root@host:~# ifconfig
[...]
lxcbrBind Link encap:Ethernet HWaddr fe:60:7a:cc:56:64
inet addr:10.10.10.254 Bcast:10.10.10.255 Mask:255.255.255.0
inet6 addr: fe80::7a:56ff:fe82:921f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:92 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5688 (5.5 KiB) TX bytes:928 (928.0 B)
veth0 Link encap:Ethernet HWaddr fe:60:7a:cc:56:64
inet6 addr: fe80::fc60:7aff:fecc:5664/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:648 (648.0 B) TX bytes:648 (648.0 B)
veth0 is the container's veth interface:
# /var/lib/lxc/container
lxc.network.type = veth
lxc.network.name = veth0
lxc.network.flags = up
lxc.network.link = lxcbr
lxc.network.veth.pair = veth0
I assume I'm doing something very stupid but I've run out of ideas at this point.
I appreciate your help,
Christopher
dhcp lxc dnsmasq container
asked Feb 3 '16 at 18:20
Cyclonit
265
bumped to the homepage by Community♦ 26 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |Â
up vote
0
down vote
favorite
I'm trying to set up DHCP for my lxcontainers without using lxc-net. The reason for this decision is that I'd like to place my containers in different networks, such that they are unable to talk to each other by default. I have successfully created and run containers using static IPs assigned within the containers' config file before, but I'd like to use a DHCP server on the host this time.
I've installed dnsmasq on my host and configured it like this:
# /etc/dnsmasq.d/dnsmasq.lxcbr.conf
domain=local.lxc,10.10.10.0/24
interface=lxcbr
dhcp-range=lxcbr,10.10.10.1,10.10.10.200,24h
dhcp-option=option:router,10.10.10.254
According to this the file is being loaded correctly:
root@host:~# service dnsmasq status
◠dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled)
[...]
Feb 03 19:06:39 host dnsmasq[4228]: dnsmasq: syntax check OK.
Feb 03 19:06:39 host dnsmasq[4237]: started, version 2.72 cachesize 150
Feb 03 19:06:39 host dnsmasq[4237]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect
Feb 03 19:06:39 host dnsmasq-dhcp[4237]: DHCP, IP range 10.10.10.1 -- 10.10.10.200, lease time 1d
Feb 03 19:06:39 host dnsmasq[4237]: reading /etc/resolv.conf
Feb 03 19:06:39 host dnsmasq[4237]: using nameserver upstream.nameserver.ip.here#53
Feb 03 19:06:39 host dnsmasq[4237]: using nameserver upstream.nameserver.ip.here#53
Feb 03 19:06:39 host dnsmasq[4237]: read /etc/hosts - 5 addresses
lxcbr is the host's interface in the container's network:
root@host:~# ifconfig
[...]
lxcbrBind Link encap:Ethernet HWaddr fe:60:7a:cc:56:64
inet addr:10.10.10.254 Bcast:10.10.10.255 Mask:255.255.255.0
inet6 addr: fe80::7a:56ff:fe82:921f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:92 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5688 (5.5 KiB) TX bytes:928 (928.0 B)
veth0 Link encap:Ethernet HWaddr fe:60:7a:cc:56:64
inet6 addr: fe80::fc60:7aff:fecc:5664/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:648 (648.0 B) TX bytes:648 (648.0 B)
veth0 is the container's veth interface:
# /var/lib/lxc/container
lxc.network.type = veth
lxc.network.name = veth0
lxc.network.flags = up
lxc.network.link = lxcbr
lxc.network.veth.pair = veth0
I assume I'm doing something very stupid but I've run out of ideas at this point.
I appreciate your help,
Christopher
dhcp lxc dnsmasq container
asked Feb 3 '16 at 18:20
Cyclonit
265
bumped to the homepage by Community♦ 26 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I'm trying to set up DHCP for my lxcontainers without using lxc-net. The reason for this decision is that I'd like to place my containers in different networks, such that they are unable to talk to each other by default. I have successfully created and run containers using static IPs assigned within the containers' config file before, but I'd like to use a DHCP server on the host this time.
I've installed dnsmasq on my host and configured it like this:
# /etc/dnsmasq.d/dnsmasq.lxcbr.conf
domain=local.lxc,10.10.10.0/24
interface=lxcbr
dhcp-range=lxcbr,10.10.10.1,10.10.10.200,24h
dhcp-option=option:router,10.10.10.254
According to this the file is being loaded correctly:
root@host:~# service dnsmasq status
◠dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled)
[...]
Feb 03 19:06:39 host dnsmasq[4228]: dnsmasq: syntax check OK.
Feb 03 19:06:39 host dnsmasq[4237]: started, version 2.72 cachesize 150
Feb 03 19:06:39 host dnsmasq[4237]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect
Feb 03 19:06:39 host dnsmasq-dhcp[4237]: DHCP, IP range 10.10.10.1 -- 10.10.10.200, lease time 1d
Feb 03 19:06:39 host dnsmasq[4237]: reading /etc/resolv.conf
Feb 03 19:06:39 host dnsmasq[4237]: using nameserver upstream.nameserver.ip.here#53
Feb 03 19:06:39 host dnsmasq[4237]: using nameserver upstream.nameserver.ip.here#53
Feb 03 19:06:39 host dnsmasq[4237]: read /etc/hosts - 5 addresses
lxcbr is the host's interface in the container's network:
root@host:~# ifconfig
[...]
lxcbrBind Link encap:Ethernet HWaddr fe:60:7a:cc:56:64
inet addr:10.10.10.254 Bcast:10.10.10.255 Mask:255.255.255.0
inet6 addr: fe80::7a:56ff:fe82:921f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:92 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5688 (5.5 KiB) TX bytes:928 (928.0 B)
veth0 Link encap:Ethernet HWaddr fe:60:7a:cc:56:64
inet6 addr: fe80::fc60:7aff:fecc:5664/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:648 (648.0 B) TX bytes:648 (648.0 B)
veth0 is the container's veth interface:
# /var/lib/lxc/container
lxc.network.type = veth
lxc.network.name = veth0
lxc.network.flags = up
lxc.network.link = lxcbr
lxc.network.veth.pair = veth0
I assume I'm doing something very stupid but I've run out of ideas at this point.
I appreciate your help,
Christopher
dhcp lxc dnsmasq container
asked Feb 3 '16 at 18:20
Cyclonit
265
I'm trying to set up DHCP for my lxcontainers without using lxc-net. The reason for this decision is that I'd like to place my containers in different networks, such that they are unable to talk to each other by default. I have successfully created and run containers using static IPs assigned within the containers' config file before, but I'd like to use a DHCP server on the host this time.
I've installed dnsmasq on my host and configured it like this:
# /etc/dnsmasq.d/dnsmasq.lxcbr.conf
domain=local.lxc,10.10.10.0/24
interface=lxcbr
dhcp-range=lxcbr,10.10.10.1,10.10.10.200,24h
dhcp-option=option:router,10.10.10.254
According to this the file is being loaded correctly:
root@host:~# service dnsmasq status
◠dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled)
[...]
Feb 03 19:06:39 host dnsmasq[4228]: dnsmasq: syntax check OK.
Feb 03 19:06:39 host dnsmasq[4237]: started, version 2.72 cachesize 150
Feb 03 19:06:39 host dnsmasq[4237]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect
Feb 03 19:06:39 host dnsmasq-dhcp[4237]: DHCP, IP range 10.10.10.1 -- 10.10.10.200, lease time 1d
Feb 03 19:06:39 host dnsmasq[4237]: reading /etc/resolv.conf
Feb 03 19:06:39 host dnsmasq[4237]: using nameserver upstream.nameserver.ip.here#53
Feb 03 19:06:39 host dnsmasq[4237]: using nameserver upstream.nameserver.ip.here#53
Feb 03 19:06:39 host dnsmasq[4237]: read /etc/hosts - 5 addresses
lxcbr is the host's interface in the container's network:
root@host:~# ifconfig
[...]
lxcbrBind Link encap:Ethernet HWaddr fe:60:7a:cc:56:64
inet addr:10.10.10.254 Bcast:10.10.10.255 Mask:255.255.255.0
inet6 addr: fe80::7a:56ff:fe82:921f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:92 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5688 (5.5 KiB) TX bytes:928 (928.0 B)
veth0 Link encap:Ethernet HWaddr fe:60:7a:cc:56:64
inet6 addr: fe80::fc60:7aff:fecc:5664/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:648 (648.0 B) TX bytes:648 (648.0 B)
veth0 is the container's veth interface:
# /var/lib/lxc/container
lxc.network.type = veth
lxc.network.name = veth0
lxc.network.flags = up
lxc.network.link = lxcbr
lxc.network.veth.pair = veth0
I assume I'm doing something very stupid but I've run out of ideas at this point.
I appreciate your help,
Christopher
dhcp lxc dnsmasq container
dhcp lxc dnsmasq container
asked Feb 3 '16 at 18:20
Cyclonit
265
asked Feb 3 '16 at 18:20
Cyclonit
265
edited Feb 3 '16 at 18:50
asked Feb 3 '16 at 18:20
Cyclonit
265
asked Feb 3 '16 at 18:20
Cyclonit
265
asked Feb 3 '16 at 18:20
Cyclonit
265
265
bumped to the homepage by Community♦ 26 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 26 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |Â
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
0
down vote
Make sure UDP packets have checksums
In virtual networks UDP checksums are not being computed. This causes dhclient to reject offers. You can fix this by telling the host to recompute missing checksums:iptables -t mangle -A POSTROUTING -p udp -j CHECKSUM --checksum-fill
Execute dhclient on the container
Because the containers /etc/network/interfaces is not used by LXC, you must execute dhclient manually.
answered Feb 11 '16 at 0:03
Cyclonit
265
add a comment |Â
up vote
0
down vote
The checksum filling solved the same issue for me.
You can be more precise by specifying the bridge interface where your LXC is attached:
iptables -t mangle -A POSTROUTING -p udp -j CHECKSUM -i bridge --checksum-fill
As for the automatic dhclient
Configure your interface to use dhcp in /etc/network/interfaces :
auto eth0
iface eth0 inet dhcp
then enable networking service in your container :
systemctl enable networking
systemctl start networking
answered Apr 19 '17 at 20:59
pheuzoune
1
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
Make sure UDP packets have checksums
In virtual networks UDP checksums are not being computed. This causes dhclient to reject offers. You can fix this by telling the host to recompute missing checksums:iptables -t mangle -A POSTROUTING -p udp -j CHECKSUM --checksum-fill
Execute dhclient on the container
Because the containers /etc/network/interfaces is not used by LXC, you must execute dhclient manually.
answered Feb 11 '16 at 0:03
Cyclonit
265
add a comment |Â
up vote
0
down vote
Make sure UDP packets have checksums
In virtual networks UDP checksums are not being computed. This causes dhclient to reject offers. You can fix this by telling the host to recompute missing checksums:iptables -t mangle -A POSTROUTING -p udp -j CHECKSUM --checksum-fill
Execute dhclient on the container
Because the containers /etc/network/interfaces is not used by LXC, you must execute dhclient manually.
answered Feb 11 '16 at 0:03
Cyclonit
265
add a comment |Â
up vote
0
down vote
up vote
0
down vote
Make sure UDP packets have checksums
In virtual networks UDP checksums are not being computed. This causes dhclient to reject offers. You can fix this by telling the host to recompute missing checksums:iptables -t mangle -A POSTROUTING -p udp -j CHECKSUM --checksum-fill
Execute dhclient on the container
Because the containers /etc/network/interfaces is not used by LXC, you must execute dhclient manually.
answered Feb 11 '16 at 0:03
Cyclonit
265
Make sure UDP packets have checksums
In virtual networks UDP checksums are not being computed. This causes dhclient to reject offers. You can fix this by telling the host to recompute missing checksums:iptables -t mangle -A POSTROUTING -p udp -j CHECKSUM --checksum-fill
Execute dhclient on the container
Because the containers /etc/network/interfaces is not used by LXC, you must execute dhclient manually.
answered Feb 11 '16 at 0:03
Cyclonit
265
answered Feb 11 '16 at 0:03
Cyclonit
265
answered Feb 11 '16 at 0:03
Cyclonit
265
answered Feb 11 '16 at 0:03
Cyclonit
265
265
add a comment |Â
add a comment |Â
up vote
0
down vote
The checksum filling solved the same issue for me.
You can be more precise by specifying the bridge interface where your LXC is attached:
iptables -t mangle -A POSTROUTING -p udp -j CHECKSUM -i bridge --checksum-fill
As for the automatic dhclient
Configure your interface to use dhcp in /etc/network/interfaces :
auto eth0
iface eth0 inet dhcp
then enable networking service in your container :
systemctl enable networking
systemctl start networking
answered Apr 19 '17 at 20:59
pheuzoune
1
add a comment |Â
up vote
0
down vote
The checksum filling solved the same issue for me.
You can be more precise by specifying the bridge interface where your LXC is attached:
iptables -t mangle -A POSTROUTING -p udp -j CHECKSUM -i bridge --checksum-fill
As for the automatic dhclient
Configure your interface to use dhcp in /etc/network/interfaces :
auto eth0
iface eth0 inet dhcp
then enable networking service in your container :
systemctl enable networking
systemctl start networking
answered Apr 19 '17 at 20:59
pheuzoune
1
add a comment |Â
up vote
0
down vote
up vote
0
down vote
The checksum filling solved the same issue for me.
You can be more precise by specifying the bridge interface where your LXC is attached:
iptables -t mangle -A POSTROUTING -p udp -j CHECKSUM -i bridge --checksum-fill
As for the automatic dhclient
Configure your interface to use dhcp in /etc/network/interfaces :
auto eth0
iface eth0 inet dhcp
then enable networking service in your container :
systemctl enable networking
systemctl start networking
answered Apr 19 '17 at 20:59
pheuzoune
1
The checksum filling solved the same issue for me.
You can be more precise by specifying the bridge interface where your LXC is attached:
iptables -t mangle -A POSTROUTING -p udp -j CHECKSUM -i bridge --checksum-fill
As for the automatic dhclient
Configure your interface to use dhcp in /etc/network/interfaces :
auto eth0
iface eth0 inet dhcp
then enable networking service in your container :
systemctl enable networking
systemctl start networking
answered Apr 19 '17 at 20:59
pheuzoune
1
answered Apr 19 '17 at 20:59
pheuzoune
1
answered Apr 19 '17 at 20:59
pheuzoune
1
answered Apr 19 '17 at 20:59
pheuzoune
1
1
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f259655%2flxc-ip-allocation-using-dhcp%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
