From 52ba26ea0aaa31d253cb626d25b6b39a7d60d991 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Twoje=20Imi=C4=99=20Nazwisko?= Date: Thu, 29 May 2025 11:06:17 +0200 Subject: [PATCH] odpalneie dnsmasq na fab.pl:1122 i sprawdzenie w termshark --- doc/.main.tex.swo | Bin 0 -> 16384 bytes doc/.main.tex.swp | Bin 0 -> 24576 bytes doc/main.tex | 8 +- doc/~ | 257 +++++++++++++++++++++++++++++++++++ todo/.better_aproach.txt.swp | Bin 0 -> 12288 bytes todo/better_aproach.txt | 1 + 6 files changed, 264 insertions(+), 2 deletions(-) create mode 100644 doc/.main.tex.swo create mode 100644 doc/.main.tex.swp create mode 100644 doc/~ create mode 100644 todo/.better_aproach.txt.swp create mode 100644 todo/better_aproach.txt diff --git a/doc/.main.tex.swo b/doc/.main.tex.swo new file mode 100644 index 0000000000000000000000000000000000000000..cc34e036ed3f62d80a588623cf673d3d863f0540 GIT binary patch literal 16384 zcmeHOO>87b6>bRsBxDl=LLwrC^W$AKGq!h=Wn(bl*xtm_W@D|r3240}HQhBcmFem3 zR8@O+G7Ll@p-2cs#E%e2C^(Tcogjud2Fd#`eaJ zB7_h;JVxVH6VxVH6VxVH6VxVH6VxVH+e~kf?T@`!^Lci7v-t+IT+4X+e zzqr3%r29p?tNis7{{5L<{r%VKtzw{Jpkkn6pkkn6pkkn6pkkn6pkkn6pkkn6;J?5C zkAmQJnD>{I$m98ck^et`Z4mqjcoO&`@CXnAXMsiF7T{*!-M~w43xYob&jU{b-v_=1 z3;_;20DK%+1Q_tcYl7fQKn^s4dx7@>*8(qI9Rz;@{s83M%fg6Bl-x37B0KN%)1GoTu6qp5W1#STX;PRV;;AcProB@sje|b|7`~-L$ zcoay1C*K$Z-vS;5UU&oa1)c+*09JvUf$M?mfIq%I2)+w^0my(ezz2YrK=gCK*MSib z16|;Q04>606j6Q+dP2^Q4{gwpeO%-MJVnhoR7#nT}v#ni%}}La15IbVtPTVz90ArWT=*X)<&z zF@|ltQZyc67Li1ga|Ak%Qbs@T;8DctJyzFjt|^l_nv&J;Vy>#a&1*~ zJbOBPgBU1)Rc*<3 zu7o3!JL4dxGNF1>YZ!vIl*+`;T-r=y%2tYTXddE5TedgGW9&y3!^@H0kg5Mv57S=Bu1aPQ~V&Ma@Ot=85yx0dfbv%Y!v+A6C*beOTnW2SzdvfExa7zA4>!!o3O zW)yF=WXM{n>T_i`byJwW5YEE4@mn-w%&-`Kj+9Db;EestSPD~{p&LLDpRF$Lp-|mg< zSgY1&k~eMTi9I%OswjmMBp!f~X-kC5*nM!g{Qyf)#yZTvU4WN?TOwhc8{J1#EMqPX zYVH+3RNE^NI@MVTvR&Du-L~j{_&B$4+=;%|=yspIE3P|dtM(_8;{({AV8zPN(J_KY zChH-K8`~1RV-Mb0v($0hNwt}_B0C3lBqxsZf>x8A&+Its_H=@IxnrMpJD9bH{iYFF zy*a4U`yK-f>dYP-umbBZ{W0OsP?EvUhE;O|H{gKL=T5G%&ALh2j|KcLOIz%WOyFJN zHtA=eg_LDK2Hn7HPb9_7+l}V8Aj`9T_8c}QTRpq!Hs9SV8`vXiM<^nJdmbiOQhAaP z%g){!j68`apIX_Y-+CDaAszXVx4X0MXrry|HHP>I3d;WEciPJKrdYtMzn&PCMot~F zuO9CTBTbCMjgGkCDA?vXPIX0}?2Vx_la(oPU@G3vOlgKj&cbL({U);Uo|l$pbP+J( zik$2SS4ObL9#&Bs1um8@G%pTk_qjGRs-dB4q|G1}OWR=@Lr^$CdyDoSMx43_0tTaP zX%Jszg8KVLOBdpc!|j{gkl+so?T%P#@mSkdux1(hfsASKo{R_E_(^me(->Vbpzv&J zqGp_n(RQ_~crUK`Wv;1AzPA)qSt2JIJJR7Vx-mr7OO`P- zdAW5U)v*yny`s$H2FNr-07__XD>B|3V)ASKvIb1uO#Z z1l|E$5BwZC`P0DXfX9IAfFr=Qz>CPy1K_gP>u;o6^{N=C7^oPi82G@I^-7jYM%bTNaAxLs7ODJz%^s}XYKS%aNMuEnDro`f##8Heh+ z#*}Cw5clcV9$^dh+%#pPgYdqHsVTcDBX-2pVT@eUmKuOXHL&@Ok0E!Z3O3*_ zX0_SUbior9Gw!MbFViTawB%I7{u%kqZOvs?sKccctlHE@hDf)y&q=ZrWrEvJu%pO; zjxjKF^8NUXEXZYRb+*zGVb_Wtr)|AhF62H^K9uGPr7sjJSUoR^aarGbtL#~tK#Nn+ z5S-g$#YDolh4`5&V;z)Mp%fVvYRkwr7)e$m@=&QmhRj0Ld=jc??2uM|`80ymGN+=P z9Ra)JpQCnYu-2hK?f?TsdbdFZYzo^cE20ckp|(4&NG;rPys>cdRAZsBFh5_fkG~$D zp9jfTsJ={9s}mikX&0%dxWs!|EE;i&G7}pQh5tWxaG_(%s*f}kvZgWWt=JJQmG<_n zBv02bs4Lk9X$R9B+dbuW`6YscBlOucz7#s+ zF&X>aqhJ1y{-x?Bs4bkK>FmdS2;0ZwBs{uFS>Xf73!(ULeN!w$qZusNP3KU9h8Nxm&haC=^wi3eRjk zQkvofpmTslx%J;pMAAXQ0^#KJu|+(KPMAi*&q9LT31eJ;DA&dopzI@r@zWnHv)ewqLy4j!&tp6=u#3cZQfaHG J&JY^GzX2`P58080$I1qsZk-$p+F^S{=L5cX0C~zb+OBZco4d)Sc><){Mu`HJ*3tbvLhn`b~4* zzyGl36`4-u@s)l$x*huQl}dTu&q;$*TS>Yx)rqs7pWQdrNrI`KAI7a*U%GMwb%~mR znt>O_K#_NwH(%u)ot>GM2ChHw8uf~6&%dy?>RL4eH3KyRH3KyRH3KyRH3KyRH3Q$4 z4CMV6dv8MW?{w1l+~;@f_q`Ni9F=Ul$f>7h(z>pF_&yw$8|XFABkB;K|qX~Ps=EDI0mMaP}-KD?~xBucJ#_??bw z_Ea-dQ|&OGk}g&AHdVb>2M;P8tS9P_l%DJRS$0VMtbHG>%h#>Weg;7|zKZph=~Tsj zPj}P-Y4U*D3iEX%v1u(yc_F_YP<~7$Dl+t*$`e!OfJkOv9pEy`hBUC2CPhDUT#V7t z=?E9TIzzYT>1r<`!Z;{0r7!6~aV=&>HJi$E5U4|D+y~Mm$<4UsmjjHw9QL7ojC)z< zMr^68s_`)vGepzkF1Z)iQGjw5?~;n=gl33g0L*GPTq{y-iS(^<2vdEX_QEVf5i&z* z7@M9eooP+zO4*L|Biv+$?Q^3x_99F1V@Yp?iTkY?B)xu;X-{7E2l;vuA1yzdp?y$& z?+=)&T+dbyvcT^T)T*f*_T9@IDYA7x-B9f`?5yc#k%v*{N*T@E414HMoT#-BetX3w z)eF@9VP6%o{2LT$q_)=Jemzh6DjLL>TSa#Hdx`A^c8mW<2;0E!Sqg`C zafkifZ%1^|Jg06wd)M6ycb!xVi;GL=R(8H$sNOe2wG|~Sf&{@>7wvRfj01G!nw4Qc z?^-&&u(EWrv9!FhaN_i-<=dA|s^-1>X?xUW;`*to?KXp+w~{EPA=y%S>UXy*w{^aywbk%d?xN*+zFjsybZTQXT6ixD$k>Lgja0*naF3#O{XjPi|J_776P_#T z(n1LIS!{m4ABDOzIW@P^(w1mSxtM&J9j0VutW%70k%sx8l?_n#D9T!<-$3{CRxc^y zeAuW2tjfmP?gb4qhEo3Obw3R^!$_~`&QN7KmuKAv zOIXJq);Uv&<#s*E@<}Z+eMm(y;_MePo9cYuv~$YrPNjnT-Q2F!s`I6K)R`8BA}?nr*m+0jACgKVz9~#K~5qvAZhis?%YNb;WGTHPBMZ zs-9wOFx%5{?wVL|R5jT}(Zf;6FjIkHvmyEArclcnuOjQBVOReiBLYpJO%zJMG4sW?xQjvbEZSI^(j zd6-9RZnDK~54}~tU{_D&H}hiKs>$MnIH-!VGZQ1Dkkv4mQn!eVzvrZt9<2wAUr~r2 z@nncL_L#*iPvK(zLi^(Op*@}*7&a(q3uXBr((|i95+NuC(7ckhM~f5hAYd?D4Rid9 zzLxr~(ENqy;`ZwGwn_M7qutc=T|df9DYQ8ZTtj)@^?PA7SmjD|6iFK!dLZuEL`UtY z(8JYsm+205HePCeTP$J2wjCEVG4Oj)!%cGo7gg_|I3J3zYZk+FVE*!i0hZZXNcE71bz+N2krq9&wr9w{Za4`xCfjCXTUEI zlRpSv4Sodt8?pGuz_;*2Ob4)26uxS!T%D6e+`@mD_{=%Aou}r zE%+;9^2fnj!9(EX;2Ll>c!n6=1JAl~JuPFae`*G525JUs2L4|&U;@x`XPorTOMe*u zyo?P-q3-i@yDR6^dfcTeUG`u-ZtGQN5*3WQ)wmo*zol*^*77@>ejM1aXXL794VCIH zj<^fIb_rV!&vsJe0e1-iZ@4dL7* zE5-u875rz(jIEPeWl*A2X|im4=K$6>ep z`{WLD<~q>C4k#eu-8o5Mi`yFH*3^mTT68j_zQ z`!bQOjFt?Gp3GlJ zRnZL@9jZCfdx`D#P9IGSz{dA7t&(3P8SiFrA5vGE5A&t!R`ZV%x@a1CpO+jumdt4- z#~!*kl3AiulMAzdAiEEt?{YOnbzDzE-7fhhrbF!}$zGPugl(z4By!4^a?Bi)sV_e8 z@Hh4UlHG*b(irCJdvPD2`y3~6bd#vk28b0R`EP7f6b5rDkhAp}OL`mF6CK!eFRVVCXXl2b-$z8EJHZhk;>XT(n=4R7nL3S&K z$u5niw-aVY7j}wdbLgXTnVd81Ds<&_H%jS81Jcm2mFi8AUs6U4x@(xSM`Wdj?Cb`5 zw${U7oqUj_a3!e?2a|P54Qa5*kW{p%9GWO!rE6Ctq}2CPhyvr-v22)ZwwxWL+Wgu` zx6~Bn_OT{bs!GO;lp~eeL)9hKZM#!GYg+rA<`x-stqxb|?y#!@ol2&uw9LjLB?&u# z>;tM(82fESlrf}eAVw}bGRIkTtTF3Xv$ocyhh~@tl`~~<3cntgwcqh07?gbM6-vSN-4?Inb{~7Qh z@GkHm_<7)i9|JE1PZ9tB8TcUh0C)#D0TlR8@&QkR_k;I=hrus`Ef9e=SO#*g-vU1b zt^+RtpNFT9gO33p+zN!do50_5hW~fqm%-b>9pEeG5-B=jY4LPd8;gtNk!o0UbnSA!nZ-FVlL4EzV zAAX-YbN229wY>DY#XA<})N{%Ct&qpVn=RMABt4r+-<+r+6?sr&8pv(>MU<;Ga?@Mb zyTi7KI(o#c7crYI8CtzMUOJl-O&dpSIOme0wsG7w>z~P-h%@Lsz)T%B&d|71H7(Y9 z^ZB$;gmuwJS?Fp*MnELZZK?HHgPbu;D!huwcpaYQ4V zqBzlV+aS`^wPnmX9F2;r+SVd(rgu4eo!w7H$~AwyF`7ku*pqNUKXf}95|?TJ$&gW8|F zZmxeArF6cH(aJq!*?FeB#CAR5Wt6^AIA zHaBLuXR23C6mpJe-|R5%sXc2ORd0^hoSvFJ=E{xaaSzO)-JFUO^L_J#G*KPt$rmw= zc%XA?)^lkahI^UYfO3q-Z9sb;ZsLZ)~$!XSDa-^l)MGGtjhxT@Po^d)fp%Eq+*tIJ6 z9>rzWr^Gz8Z+xyD$I&Yi4h1Q9fEWQg>v(KlUSAusklLwS|l?yZLlAjs}PcGA)$j+l4|ZgN((==>6)`+9G9Eu5gRS{8AN2scADkrM@Um%k}9XU zyqpCSUAe3^elu${MrmhU>Nw-Rj9H(;4X#>RuDh|PM0KTiVahYenA?#05_hozt|$!3 z8zrSfW3@=Ur?TEAOK!+@yD+u!aKiaFxuDT)lFfzT5ur?kD}Bq6T&37Hy*XL&#HeD~ zo0*HTB~UeFvy>)r;wFHwbC*|Qau4MdN)kI8E$&7(;~BNNpqlxtct51ansH|DFY()~ z+B~txVl^4fGKJtB#f4~1MG5=S&tKCOCQ7blqQ`m{>^616_9lJmP4dRoO@53(NP=XW+)WO7RF?)DPd OF8;_$&Ozr$7yKWAa1USr literal 0 HcmV?d00001 diff --git a/doc/main.tex b/doc/main.tex index ab06ca8..ac700cf 100644 --- a/doc/main.tex +++ b/doc/main.tex @@ -74,7 +74,8 @@ To allow traffic forwarding between the \texttt{incusbr0} bridge and the \texttt \begin{lstlisting} sudo iptables -A FORWARD -i incusbr0 -o wlo1 -j ACCEPT sudo iptables -A FORWARD -i wlo1 -o incusbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT -\end{lstlisting} +sudo iptables -P FORWARD ACCEPT +\end{lstlistingi} \subsection{Installing Additional Packages} Install the necessary packages inside the container: @@ -164,6 +165,7 @@ Edit the \texttt{dnsmasq} configuration file at \texttt{/etc/dnsmasq.conf}: incus exec deb1 -- nano /etc/dnsmasq.conf \end{lstlisting} Add or modify the following settings to enable DNS and DHCP: + \begin{lstlisting} # DNS settings domain-needed @@ -177,7 +179,9 @@ domain=example.local # DHCP settings dhcp-range=192.168.1.100,192.168.1.200,12h dhcp-option=3,192.168.1.1 -dhcp-option=6,8.8.8.8,8.8.4.4 + +# Opcja DHCP numer 6 (dhcp-option=6) służy do ustawiania adresu serwera DNS dla klientów DHCP +dhcp-option=6,192.168.1.10 \end{lstlisting} \textbf{Explanation:} diff --git a/doc/~ b/doc/~ new file mode 100644 index 0000000..6d91c09 --- /dev/null +++ b/doc/~ @@ -0,0 +1,257 @@ +\documentclass[a4paper,12pt]{article} +\usepackage[utf8]{inputenc} +\usepackage[T1]{fontenc} +\usepackage{lmodern} +\usepackage{geometry} +\geometry{margin=1in} +\usepackage{listings} +\usepackage{xcolor} +\usepackage{parskip} + +\lstset{ + basicstyle=\ttfamily\small, + breaklines=true, + frame=single, + numbers=left, + numberstyle=\tiny, + keywordstyle=\color{blue}, + commentstyle=\color{gray}, + stringstyle=\color{red} +} + +% Define YAML language for listings +\lstdefinelanguage{yaml}{ + keywords={true,false,null,yaml,network,version,ethernets,dhcp4,addresses,routes,to,via,nameservers}, + keywordstyle=\color{blue}\bfseries, + basicstyle=\ttfamily\small, + sensitive=false, + comment=[l]{\#}, + commentstyle=\color{gray}\itshape, + stringstyle=\color{red}, + morestring=[b]{"}, + morestring=[b]{'} +} + +\begin{document} + +\title{Basic Configuration of dnsmasq in an Incus Container on Debian with Netplan} +\author{} +\date{} +\maketitle + +\section{Introduction} +This guide provides step-by-step instructions for setting up \texttt{dnsmasq} as a DNS and DHCP server in an Incus container running Debian. The network configuration is managed using Netplan to ensure proper network integration. + +\section{Prerequisites} +Before proceeding, ensure the following: + + +- Incus is installed on the host system (\texttt{sudo apt install incus}). + +- A Debian-based container is created in Incus. + +- Basic knowledge of Linux networking and container management. + +- Root or sudo access to the host and container. + + +\section{Step-by-Step Configuration} + +\subsection{Creating and Setting Up the Incus Container} +Create a Debian container named \texttt{deb1} using the following commands on the host: +\begin{lstlisting}[language=bash] +incus create images:debian/12 deb1 +incus config set deb1 security.syscalls.intercept.mount true +incus config set deb1 security.nesting true +incus config set deb1 security.privileged true +incus start deb1 +\end{lstlisting} +The \texttt{security.syscalls.intercept.mount}, \texttt{security.nesting}, and \texttt{security.privileged} settings are required for \texttt{dnsmasq} and Docker to function correctly in the container. + +\subsection{Firewall Configuration} +To allow traffic forwarding between the \texttt{incusbr0} bridge and the \texttt{wlo1} wireless interface, the following iptables rules are applied: + +\begin{lstlisting} +sudo iptables -A FORWARD -i incusbr0 -o wlo1 -j ACCEPT +sudo iptables -A FORWARD -i wlo1 -o incusbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT +sudo iptables -P FORWARD ACCEPT +\end{lstlistingi} + +\subsection{Installing Additional Packages} +Install the necessary packages inside the container: +\begin{lstlisting}[language=bash] +incus exec deb1 -- apt update +incus exec deb1 -- apt install -y \ + netplan.io \ + sudo vim nano git tmux mc zip unzip curl wget htop lynx \ + iproute2 termshark bridge-utils \ + python3 python3-ipython python3-pyroute2 python3-scapy \ + docker.io docker-compose +\end{lstlisting} + +\subsection{Configuring Users and Permissions} +Configure user access and permissions within the container. + +\subsubsection{Changing the Root Password} +Set the root password to "passroot": +\begin{lstlisting}[language=bash] +incus exec deb1 -- bash -c 'echo "root:passroot" | chpasswd' +\end{lstlisting} + +\subsubsection{Adding a New User} +Add a new user named "user" with the password "pass" and add them to the "sudo" and "docker" groups: +\begin{lstlisting}[language=bash] +sudo useradd -m -s /bin/bash -G sudo user && echo 'user:pass' | sudo chpasswd +\end{lstlisting} + +\subsection{Accessing the Container} +Access the container's shell: +\begin{lstlisting}[language=bash] +incus exec deb1 -- su - user +\end{lstlisting} + +\section{Setting Up a Veth Pair Between Container and Network Namespace} +To enable direct communication between a container and a network namespace, a virtual Ethernet (\texttt{veth}) pair is created. The following Python script (\texttt{link.py}) is used to create a \texttt{veth} pair between the \texttt{deb1} (an Incus container) and the \texttt{ns1} network namespace, with interfaces named \texttt{vA} and \texttt{vB}. + +\begin{lstlisting} +sudo python3 link.py -n1 vA -t2 incus -ns2 deb1 -n2 vB +\end{lstlisting} + +This command: + + +- Creates a \texttt{veth} pair with one end (\texttt{vA}) in the default namespace and the other end (\texttt{vB}) in the \texttt{deb1}'s network namespace. + +- Ensures the interfaces are set up and operational, allowing network traffic to flow between the container and the \texttt{ns1} namespace (or default namespace if \texttt{ns1} is not explicitly created). + + +The script uses the \texttt{pyroute2} library to manage network interfaces and namespaces, and supports container types such as Incus, LXC, LXD, and Docker. Ensure the \texttt{deb1} is running in Incus before executing the command. + +\subsection{Configuring the Network with Netplan} +Configure the container's network using Netplan to assign a static IP address. Create or edit the Netplan configuration file at \texttt{/etc/netplan/01-netcfg.yaml}: +\begin{lstlisting}[language=bash] +incus exec deb1 -- nano /etc/netplan/01-netcfg.yaml +\end{lstlisting} +Add the following configuration: +\begin{lstlisting}[language=yaml] +network: + version: 2 + ethernets: + vB: + dhcp4: no + addresses: + - 192.168.1.10/24 + routes: + - to: default + via: 192.168.1.1 + nameservers: + addresses: [8.8.8.8, 8.8.4.4] +\end{lstlisting} +Apply the configuration: +\begin{lstlisting}[language=bash] +incus exec deb1 -- netplan apply +\end{lstlisting} + +\subsection{Installing dnsmasq} +Update the package list and install \texttt{dnsmasq}: +\begin{lstlisting}[language=bash] +incus exec deb1 -- apt update +incus exec deb1 -- apt install dnsmasq -y +\end{lstlisting} + +\subsection{Configuring dnsmasq} +Edit the \texttt{dnsmasq} configuration file at \texttt{/etc/dnsmasq.conf}: +\begin{lstlisting}[language=bash] +incus exec deb1 -- nano /etc/dnsmasq.conf +\end{lstlisting} +Add or modify the following settings to enable DNS and DHCP: +\begin{lstlisting} +# DNS settings +domain-needed +bogus-priv +no-resolv +server=8.8.8.8 +server=8.8.4.4 +local=/example.local/ +domain=example.local + +# DHCP settings +dhcp-range=192.168.1.100,192.168.1.200,12h +dhcp-option=3,192.168.1.1 +dhcp-option=6,8.8.8.8,8.8.4.4 +\end{lstlisting} + +\textbf{Explanation:} + + +- \texttt{domain-needed}: Prevents incomplete domain names from being sent to upstream DNS. + +- \texttt{bogus-priv}: Blocks reverse DNS lookups for private IP ranges. + +- \texttt{no-resolv}: Disables reading \texttt{/etc/resolv.conf}. + +- \texttt{server}: Specifies upstream DNS servers (Google DNS in this case). + +- \texttt{local} and \texttt{domain}: Configures a local domain. + +- \texttt{dhcp-range}: Defines the IP range for DHCP clients (from 192.168.1.100 to 192.168.1.200, lease time 12 hours). + +- \texttt{dhcp-option}: Sets the default gateway (option 3) and DNS servers (option 6). + + +% ———————————————————————————————— +% 🔧 NOWA SEKCJA: System-Level Adjustments +% ———————————————————————————————— + +\subsection{System-Level Adjustments for Network Stability} +In some cases, especially in nested or privileged containers, additional system-level adjustments are necessary to ensure proper network functionality and avoid conflicts. + +To remount the \texttt{/sys} filesystem as read-write (required if certain networking tools fail due to mount restrictions): +\begin{lstlisting}[language=bash] +sudo mount -o remount,rw /sys +sudo systemctl restart systemd-udevd +\end{lstlisting} + +Additionally, to prevent DNS conflicts with \texttt{systemd-resolved}, which may interfere with \texttt{dnsmasq}, stop and disable the service: +\begin{lstlisting}[language=bash] +sudo systemctl stop systemd-resolved +sudo systemctl disable systemd-resolved +\end{lstlisting} + +This ensures that \texttt{dnsmasq} can bind to port 53 without conflicts. If you require \texttt{systemd-resolved}, consider configuring it to listen on a different interface or using socket activation. + +% ———————————————————————————————— + +\subsection{Starting and Enabling dnsmasq} +Restart and enable the \texttt{dnsmasq} service: +\begin{lstlisting}[language=bash] +incus exec deb1 -- systemctl restart dnsmasq +incus exec deb1 -- systemctl enable dnsmasq +\end{lstlisting} +Verify that \texttt{dnsmasq} is running: +\begin{lstlisting}[language=bash] +incus exec deb1 -- systemctl status dnsmasq +\end{lstlisting} + +\subsection{Testing the Configuration} +Test DNS resolution from within the container: +\begin{lstlisting}[language=bash] +incus exec deb1 -- nslookup example.local 192.168.1.10 +\end{lstlisting} +To test DHCP, connect a client device to the same network and verify that it receives an IP address in the range \texttt{192.168.1.100--192.168.1.200}. + +\section{Troubleshooting} +If \texttt{dnsmasq} fails to start: + + +- Check the logs: \texttt{incus exec deb1 -- journalctl -u dnsmasq}. + +- Ensure no other service is using port 53 (DNS) or 67 (DHCP). + +- Verify the network configuration with \texttt{incus exec deb1 -- ip a} and \texttt{incus exec deb1 -- ping 8.8.8.8}. + + +\section{Conclusion} +This guide configures \texttt{dnsmasq} as a DNS and DHCP server in an Incus container on Debian. The Netplan configuration ensures proper network setup. For advanced configurations, refer to the \texttt{dnsmasq} documentation (\texttt{man dnsmasq}). + +\end{document} diff --git a/todo/.better_aproach.txt.swp b/todo/.better_aproach.txt.swp new file mode 100644 index 0000000000000000000000000000000000000000..991052d7646a660596a744a100dd95b129452f45 GIT binary patch literal 12288 zcmeI%F;2rU6vpvaW)KK2U|^wt z|D?o8^!$|Xw?#<@_cyodsy~#bjzpIG$>ei&EnkU9UD?n+?yB6TrEy(dB5&PbhRd!5=CZFn$?;7vB^$7SrEMF#>1Y#>m_;vzYa%h7Pq?m9m^RVT-H8w{Wo z0R#|0009ILKmY**wp}1Dda`Ol?EM7k{jqL)PTn5@1Q0*~0R#|0009ILKmdVV7BIQU z`=Q83bF}~ef4~3N_qz;3b_5VW009ILKmY**5I_I{1pcLfGP7AZb}D;)QB&^1