diff --git a/doc/main.md b/doc/main.md index fe81e59..30c79f3 100644 --- a/doc/main.md +++ b/doc/main.md @@ -26,15 +26,15 @@ Before proceeding, ensure the following: ## Creating and Setting Up the Incus Container -Create a Debian container named `dnsmasq-container` using the following -commands on the host: +Create a Debian container named `deb1` using the following commands on +the host: ``` {.bash language="bash"} -incus create images:debian/12 dnsmasq-container -incus config set dnsmasq-container security.syscalls.intercept.mount true -incus config set dnsmasq-container security.nesting true -incus config set dnsmasq-container security.privileged true -incus start dnsmasq-container +incus create images:debian/12 deb1 +incus config set deb1 security.syscalls.intercept.mount true +incus config set deb1 security.nesting true +incus config set deb1 security.privileged true +incus start deb1 ``` The `security.syscalls.intercept.mount`, `security.nesting`, and @@ -54,8 +54,8 @@ wireless interface, the following iptables rules are applied: Install the necessary packages inside the container: ``` {.bash language="bash"} -incus exec dnsmasq-container -- apt update -incus exec dnsmasq-container -- apt install -y \ +incus exec deb1 -- apt update +incus exec deb1 -- apt install -y \ netplan.io \ sudo vim nano git tmux mc zip unzip curl wget htop lynx \ iproute2 termshark bridge-utils \ @@ -72,7 +72,7 @@ Configure user access and permissions within the container. Set the root password to \"passroot\": ``` {.bash language="bash"} -incus exec dnsmasq-container -- bash -c 'echo "root:passroot" | chpasswd' +incus exec deb1 -- bash -c 'echo "root:passroot" | chpasswd' ``` ### Adding a New User @@ -89,7 +89,7 @@ sudo useradd -m -s /bin/bash -G sudo user && echo 'user:pass' | sudo chpasswd Access the container's shell: ``` {.bash language="bash"} -incus exec dnsmasq-container -- su - user +incus exec deb1 -- su - user ``` # Setting Up a Veth Pair Between Container and Network Namespace @@ -97,16 +97,15 @@ incus exec dnsmasq-container -- su - user To enable direct communication between a container and a network namespace, a virtual Ethernet (`veth`) pair is created. The following Python script (`link.py`) is used to create a `veth` pair between the -`dnsmasq-container` (an Incus container) and the `ns1` network -namespace, with interfaces named `vA` and `vB`. +`deb1` (an Incus container) and the `ns1` network namespace, with +interfaces named `vA` and `vB`. - sudo python3 link.py -n1 vA -t2 incus -ns2 dnsmasq-container -n2 vB + sudo python3 link.py -n1 vA -t2 incus -ns2 deb1 -n2 vB This command: - Creates a `veth` pair with one end (`vA`) in the default namespace - and the other end (`vB`) in the `dnsmasq-container`'s network - namespace. + and the other end (`vB`) in the `deb1`'s network namespace. - Ensures the interfaces are set up and operational, allowing network traffic to flow between the container and the `ns1` namespace (or @@ -114,8 +113,8 @@ This command: The script uses the `pyroute2` library to manage network interfaces and namespaces, and supports container types such as Incus, LXC, LXD, and -Docker. Ensure the `dnsmasq-container` is running in Incus before -executing the command. +Docker. Ensure the `deb1` is running in Incus before executing the +command. ## Configuring the Network with Netplan @@ -124,7 +123,7 @@ address. Create or edit the Netplan configuration file at `/etc/netplan/01-netcfg.yaml`: ``` {.bash language="bash"} -incus exec dnsmasq-container -- nano /etc/netplan/01-netcfg.yaml +incus exec deb1 -- nano /etc/netplan/01-netcfg.yaml ``` Add the following configuration: @@ -147,7 +146,7 @@ network: Apply the configuration: ``` {.bash language="bash"} -incus exec dnsmasq-container -- netplan apply +incus exec deb1 -- netplan apply ``` ## Installing dnsmasq @@ -155,8 +154,8 @@ incus exec dnsmasq-container -- netplan apply Update the package list and install `dnsmasq`: ``` {.bash language="bash"} -incus exec dnsmasq-container -- apt update -incus exec dnsmasq-container -- apt install dnsmasq -y +incus exec deb1 -- apt update +incus exec deb1 -- apt install dnsmasq -y ``` ## Configuring dnsmasq @@ -164,7 +163,7 @@ incus exec dnsmasq-container -- apt install dnsmasq -y Edit the `dnsmasq` configuration file at `/etc/dnsmasq.conf`: ``` {.bash language="bash"} -incus exec dnsmasq-container -- nano /etc/dnsmasq.conf +incus exec deb1 -- nano /etc/dnsmasq.conf ``` Add or modify the following settings to enable DNS and DHCP: @@ -207,14 +206,14 @@ Add or modify the following settings to enable DNS and DHCP: Restart and enable the `dnsmasq` service: ``` {.bash language="bash"} -incus exec dnsmasq-container -- systemctl restart dnsmasq -incus exec dnsmasq-container -- systemctl enable dnsmasq +incus exec deb1 -- systemctl restart dnsmasq +incus exec deb1 -- systemctl enable dnsmasq ``` Verify that `dnsmasq` is running: ``` {.bash language="bash"} -incus exec dnsmasq-container -- systemctl status dnsmasq +incus exec deb1 -- systemctl status dnsmasq ``` ## Testing the Configuration @@ -222,7 +221,7 @@ incus exec dnsmasq-container -- systemctl status dnsmasq Test DNS resolution from within the container: ``` {.bash language="bash"} -incus exec dnsmasq-container -- nslookup example.local 192.168.1.10 +incus exec deb1 -- nslookup example.local 192.168.1.10 ``` To test DHCP, connect a client device to the same network and verify @@ -233,14 +232,12 @@ that it receives an IP address in the range If `dnsmasq` fails to start: -- Check the logs: - `incus exec dnsmasq-container – journalctl -u dnsmasq`. +- Check the logs: `incus exec deb1 – journalctl -u dnsmasq`. - Ensure no other service is using port 53 (DNS) or 67 (DHCP). -- Verify the network configuration with - `incus exec dnsmasq-container – ip a` and - `incus exec dnsmasq-container – ping 8.8.8.8`. +- Verify the network configuration with `incus exec deb1 – ip a` and + `incus exec deb1 – ping 8.8.8.8`. # Conclusion diff --git a/doc/main.pdf b/doc/main.pdf index 3b1afa0..b291df1 100644 Binary files a/doc/main.pdf and b/doc/main.pdf differ diff --git a/doc/main.tex b/doc/main.tex index d782291..1bd9dd5 100644 --- a/doc/main.tex +++ b/doc/main.tex @@ -54,13 +54,13 @@ Before proceeding, ensure the following: \section{Step-by-Step Configuration} \subsection{Creating and Setting Up the Incus Container} -Create a Debian container named \texttt{dnsmasq-container} using the following commands on the host: +Create a Debian container named \texttt{deb1} using the following commands on the host: \begin{lstlisting}[language=bash] -incus create images:debian/12 dnsmasq-container -incus config set dnsmasq-container security.syscalls.intercept.mount true -incus config set dnsmasq-container security.nesting true -incus config set dnsmasq-container security.privileged true -incus start dnsmasq-container +incus create images:debian/12 deb1 +incus config set deb1 security.syscalls.intercept.mount true +incus config set deb1 security.nesting true +incus config set deb1 security.privileged true +incus start deb1 \end{lstlisting} The \texttt{security.syscalls.intercept.mount}, \texttt{security.nesting}, and \texttt{security.privileged} settings are required for \texttt{dnsmasq} and Docker to function correctly in the container. @@ -77,8 +77,8 @@ sudo iptables -A FORWARD -i wlo1 -o incusbr0 -m state --state RELATED,ESTABLISHE \subsection{Installing Additional Packages} Install the necessary packages inside the container: \begin{lstlisting}[language=bash] -incus exec dnsmasq-container -- apt update -incus exec dnsmasq-container -- apt install -y \ +incus exec deb1 -- apt update +incus exec deb1 -- apt install -y \ netplan.io \ sudo vim nano git tmux mc zip unzip curl wget htop lynx \ iproute2 termshark bridge-utils \ @@ -92,7 +92,7 @@ Configure user access and permissions within the container. \subsubsection{Changing the Root Password} Set the root password to "passroot": \begin{lstlisting}[language=bash] -incus exec dnsmasq-container -- bash -c 'echo "root:passroot" | chpasswd' +incus exec deb1 -- bash -c 'echo "root:passroot" | chpasswd' \end{lstlisting} \subsubsection{Adding a New User} @@ -104,29 +104,29 @@ sudo useradd -m -s /bin/bash -G sudo user && echo 'user:pass' | sudo chpasswd \subsection{Accessing the Container} Access the container's shell: \begin{lstlisting}[language=bash] -incus exec dnsmasq-container -- su - user +incus exec deb1 -- su - user \end{lstlisting} % New section for veth pair setup \section{Setting Up a Veth Pair Between Container and Network Namespace} -To enable direct communication between a container and a network namespace, a virtual Ethernet (\texttt{veth}) pair is created. The following Python script (\texttt{link.py}) is used to create a \texttt{veth} pair between the \texttt{dnsmasq-container} (an Incus container) and the \texttt{ns1} network namespace, with interfaces named \texttt{vA} and \texttt{vB}. +To enable direct communication between a container and a network namespace, a virtual Ethernet (\texttt{veth}) pair is created. The following Python script (\texttt{link.py}) is used to create a \texttt{veth} pair between the \texttt{deb1} (an Incus container) and the \texttt{ns1} network namespace, with interfaces named \texttt{vA} and \texttt{vB}. \begin{lstlisting} -sudo python3 link.py -n1 vA -t2 incus -ns2 dnsmasq-container -n2 vB +sudo python3 link.py -n1 vA -t2 incus -ns2 deb1 -n2 vB \end{lstlisting} This command: \begin{itemize} - \item Creates a \texttt{veth} pair with one end (\texttt{vA}) in the default namespace and the other end (\texttt{vB}) in the \texttt{dnsmasq-container}'s network namespace. + \item Creates a \texttt{veth} pair with one end (\texttt{vA}) in the default namespace and the other end (\texttt{vB}) in the \texttt{deb1}'s network namespace. \item Ensures the interfaces are set up and operational, allowing network traffic to flow between the container and the \texttt{ns1} namespace (or default namespace if \texttt{ns1} is not explicitly created). \end{itemize} -The script uses the \texttt{pyroute2} library to manage network interfaces and namespaces, and supports container types such as Incus, LXC, LXD, and Docker. Ensure the \texttt{dnsmasq-container} is running in Incus before executing the command. +The script uses the \texttt{pyroute2} library to manage network interfaces and namespaces, and supports container types such as Incus, LXC, LXD, and Docker. Ensure the \texttt{deb1} is running in Incus before executing the command. \subsection{Configuring the Network with Netplan} Configure the container's network using Netplan to assign a static IP address. Create or edit the Netplan configuration file at \texttt{/etc/netplan/01-netcfg.yaml}: \begin{lstlisting}[language=bash] -incus exec dnsmasq-container -- nano /etc/netplan/01-netcfg.yaml +incus exec deb1 -- nano /etc/netplan/01-netcfg.yaml \end{lstlisting} Add the following configuration: \begin{lstlisting}[language=yaml] @@ -145,22 +145,22 @@ network: \end{lstlisting} Apply the configuration: \begin{lstlisting}[language=bash] -incus exec dnsmasq-container -- netplan apply +incus exec deb1 -- netplan apply \end{lstlisting} \subsection{Installing dnsmasq} Update the package list and install \texttt{dnsmasq}: \begin{lstlisting}[language=bash] -incus exec dnsmasq-container -- apt update -incus exec dnsmasq-container -- apt install dnsmasq -y +incus exec deb1 -- apt update +incus exec deb1 -- apt install dnsmasq -y \end{lstlisting} \subsection{Configuring dnsmasq} Edit the \texttt{dnsmasq} configuration file at \texttt{/etc/dnsmasq.conf}: \begin{lstlisting}[language=bash] -incus exec dnsmasq-container -- nano /etc/dnsmasq.conf +incus exec deb1 -- nano /etc/dnsmasq.conf \end{lstlisting} Add or modify the following settings to enable DNS and DHCP: \begin{lstlisting} @@ -193,30 +193,31 @@ dhcp-option=6,8.8.8.8,8.8.4.4 \subsection{Starting and Enabling dnsmasq} Restart and enable the \texttt{dnsmasq} service: \begin{lstlisting}[language=bash] -incus exec dnsmasq-container -- systemctl restart dnsmasq -incus exec dnsmasq-container -- systemctl enable dnsmasq +incus exec deb1 -- systemctl restart dnsmasq +incus exec deb1 -- systemctl enable dnsmasq \end{lstlisting} Verify that \texttt{dnsmasq} is running: \begin{lstlisting}[language=bash] -incus exec dnsmasq-container -- systemctl status dnsmasq +incus exec deb1 -- systemctl status dnsmasq \end{lstlisting} \subsection{Testing the Configuration} Test DNS resolution from within the container: \begin{lstlisting}[language=bash] -incus exec dnsmasq-container -- nslookup example.local 192.168.1.10 +incus exec deb1 -- nslookup example.local 192.168.1.10 \end{lstlisting} To test DHCP, connect a client device to the same network and verify that it receives an IP address in the range \texttt{192.168.1.100--192.168.1.200}. \section{Troubleshooting} If \texttt{dnsmasq} fails to start: \begin{itemize} - \item Check the logs: \texttt{incus exec dnsmasq-container -- journalctl -u dnsmasq}. + \item Check the logs: \texttt{incus exec deb1 -- journalctl -u dnsmasq}. \item Ensure no other service is using port 53 (DNS) or 67 (DHCP). - \item Verify the network configuration with \texttt{incus exec dnsmasq-container -- ip a} and \texttt{incus exec dnsmasq-container -- ping 8.8.8.8}. + \item Verify the network configuration with \texttt{incus exec deb1 -- ip a} and \texttt{incus exec deb1 -- ping 8.8.8.8}. \end{itemize} \section{Conclusion} This guide configures \texttt{dnsmasq} as a DNS and DHCP server in an Incus container on Debian. The Netplan configuration ensures proper network setup. For advanced configurations, refer to the \texttt{dnsmasq} documentation (\texttt{man dnsmasq}). \end{document} +