c2023/dnsmasq
17
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

changed dnsmasq-container -> deb1

Browse Source
This commit is contained in:
bmiast 2025-05-28 07:06:44 +00:00
parent 8bbeb35459
commit 66864909de
3 changed files with 55 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
doc/main.md
View File

@ -26,15 +26,15 @@ Before proceeding, ensure the following:
## Creating and Setting Up the Incus Container ## Creating and Setting Up the Incus Container
Create a Debian container named `dnsmasq-container` using the following Create a Debian container named `deb1` using the following commands on
commands on the host: the host:
``` {.bash language="bash"} ``` {.bash language="bash"}
incus create images:debian/12 dnsmasq-container incus create images:debian/12 deb1
incus config set dnsmasq-container security.syscalls.intercept.mount true incus config set deb1 security.syscalls.intercept.mount true
incus config set dnsmasq-container security.nesting true incus config set deb1 security.nesting true
incus config set dnsmasq-container security.privileged true incus config set deb1 security.privileged true
incus start dnsmasq-container incus start deb1
``` ```
The `security.syscalls.intercept.mount`, `security.nesting`, and The `security.syscalls.intercept.mount`, `security.nesting`, and
@ -54,8 +54,8 @@ wireless interface, the following iptables rules are applied:
Install the necessary packages inside the container: Install the necessary packages inside the container:
``` {.bash language="bash"} ``` {.bash language="bash"}
incus exec dnsmasq-container -- apt update incus exec deb1 -- apt update
incus exec dnsmasq-container -- apt install -y \ incus exec deb1 -- apt install -y \
netplan.io \ netplan.io \
sudo vim nano git tmux mc zip unzip curl wget htop lynx \ sudo vim nano git tmux mc zip unzip curl wget htop lynx \
iproute2 termshark bridge-utils \ iproute2 termshark bridge-utils \
@ -72,7 +72,7 @@ Configure user access and permissions within the container.
Set the root password to \"passroot\": Set the root password to \"passroot\":
``` {.bash language="bash"} ``` {.bash language="bash"}
incus exec dnsmasq-container -- bash -c 'echo "root:passroot" | chpasswd' incus exec deb1 -- bash -c 'echo "root:passroot" | chpasswd'
``` ```
### Adding a New User ### Adding a New User
@ -89,7 +89,7 @@ sudo useradd -m -s /bin/bash -G sudo user && echo 'user:pass' | sudo chpasswd
Access the container's shell: Access the container's shell:
``` {.bash language="bash"} ``` {.bash language="bash"}
incus exec dnsmasq-container -- su - user incus exec deb1 -- su - user
``` ```
# Setting Up a Veth Pair Between Container and Network Namespace # Setting Up a Veth Pair Between Container and Network Namespace
@ -97,16 +97,15 @@ incus exec dnsmasq-container -- su - user
To enable direct communication between a container and a network To enable direct communication between a container and a network
namespace, a virtual Ethernet (`veth`) pair is created. The following namespace, a virtual Ethernet (`veth`) pair is created. The following
Python script (`link.py`) is used to create a `veth` pair between the Python script (`link.py`) is used to create a `veth` pair between the
`dnsmasq-container` (an Incus container) and the `ns1` network `deb1` (an Incus container) and the `ns1` network namespace, with
namespace, with interfaces named `vA` and `vB`. interfaces named `vA` and `vB`.
sudo python3 link.py -n1 vA -t2 incus -ns2 dnsmasq-container -n2 vB sudo python3 link.py -n1 vA -t2 incus -ns2 deb1 -n2 vB
This command: This command:
- Creates a `veth` pair with one end (`vA`) in the default namespace - Creates a `veth` pair with one end (`vA`) in the default namespace
and the other end (`vB`) in the `dnsmasq-container`'s network and the other end (`vB`) in the `deb1`'s network namespace.
namespace.
- Ensures the interfaces are set up and operational, allowing network - Ensures the interfaces are set up and operational, allowing network
traffic to flow between the container and the `ns1` namespace (or traffic to flow between the container and the `ns1` namespace (or
@ -114,8 +113,8 @@ This command:
The script uses the `pyroute2` library to manage network interfaces and The script uses the `pyroute2` library to manage network interfaces and
namespaces, and supports container types such as Incus, LXC, LXD, and namespaces, and supports container types such as Incus, LXC, LXD, and
Docker. Ensure the `dnsmasq-container` is running in Incus before Docker. Ensure the `deb1` is running in Incus before executing the
executing the command. command.
## Configuring the Network with Netplan ## Configuring the Network with Netplan
@ -124,7 +123,7 @@ address. Create or edit the Netplan configuration file at
`/etc/netplan/01-netcfg.yaml`: `/etc/netplan/01-netcfg.yaml`:
``` {.bash language="bash"} ``` {.bash language="bash"}
incus exec dnsmasq-container -- nano /etc/netplan/01-netcfg.yaml incus exec deb1 -- nano /etc/netplan/01-netcfg.yaml
``` ```
Add the following configuration: Add the following configuration:
@ -147,7 +146,7 @@ network:
Apply the configuration: Apply the configuration:
``` {.bash language="bash"} ``` {.bash language="bash"}
incus exec dnsmasq-container -- netplan apply incus exec deb1 -- netplan apply
``` ```
## Installing dnsmasq ## Installing dnsmasq
@ -155,8 +154,8 @@ incus exec dnsmasq-container -- netplan apply
Update the package list and install `dnsmasq`: Update the package list and install `dnsmasq`:
``` {.bash language="bash"} ``` {.bash language="bash"}
incus exec dnsmasq-container -- apt update incus exec deb1 -- apt update
incus exec dnsmasq-container -- apt install dnsmasq -y incus exec deb1 -- apt install dnsmasq -y
``` ```
## Configuring dnsmasq ## Configuring dnsmasq
@ -164,7 +163,7 @@ incus exec dnsmasq-container -- apt install dnsmasq -y
Edit the `dnsmasq` configuration file at `/etc/dnsmasq.conf`: Edit the `dnsmasq` configuration file at `/etc/dnsmasq.conf`:
``` {.bash language="bash"} ``` {.bash language="bash"}
incus exec dnsmasq-container -- nano /etc/dnsmasq.conf incus exec deb1 -- nano /etc/dnsmasq.conf
``` ```
Add or modify the following settings to enable DNS and DHCP: Add or modify the following settings to enable DNS and DHCP:
@ -207,14 +206,14 @@ Add or modify the following settings to enable DNS and DHCP:
Restart and enable the `dnsmasq` service: Restart and enable the `dnsmasq` service:
``` {.bash language="bash"} ``` {.bash language="bash"}
incus exec dnsmasq-container -- systemctl restart dnsmasq incus exec deb1 -- systemctl restart dnsmasq
incus exec dnsmasq-container -- systemctl enable dnsmasq incus exec deb1 -- systemctl enable dnsmasq
``` ```
Verify that `dnsmasq` is running: Verify that `dnsmasq` is running:
``` {.bash language="bash"} ``` {.bash language="bash"}
incus exec dnsmasq-container -- systemctl status dnsmasq incus exec deb1 -- systemctl status dnsmasq
``` ```
## Testing the Configuration ## Testing the Configuration
@ -222,7 +221,7 @@ incus exec dnsmasq-container -- systemctl status dnsmasq
Test DNS resolution from within the container: Test DNS resolution from within the container:
``` {.bash language="bash"} ``` {.bash language="bash"}
incus exec dnsmasq-container -- nslookup example.local 192.168.1.10 incus exec deb1 -- nslookup example.local 192.168.1.10
``` ```
To test DHCP, connect a client device to the same network and verify To test DHCP, connect a client device to the same network and verify
@ -233,14 +232,12 @@ that it receives an IP address in the range
If `dnsmasq` fails to start: If `dnsmasq` fails to start:
- Check the logs: - Check the logs: `incus exec deb1 journalctl -u dnsmasq`.
`incus exec dnsmasq-container journalctl -u dnsmasq`.
- Ensure no other service is using port 53 (DNS) or 67 (DHCP). - Ensure no other service is using port 53 (DNS) or 67 (DHCP).
- Verify the network configuration with - Verify the network configuration with `incus exec deb1 ip a` and
`incus exec dnsmasq-container ip a` and `incus exec deb1 ping 8.8.8.8`.
`incus exec dnsmasq-container ping 8.8.8.8`.
# Conclusion # Conclusion

BIN
doc/main.pdf
View File

Binary file not shown.

51
doc/main.tex
View File

@ -54,13 +54,13 @@ Before proceeding, ensure the following:
\section{Step-by-Step Configuration} \section{Step-by-Step Configuration}
\subsection{Creating and Setting Up the Incus Container} \subsection{Creating and Setting Up the Incus Container}
Create a Debian container named \texttt{dnsmasq-container} using the following commands on the host: Create a Debian container named \texttt{deb1} using the following commands on the host:
\begin{lstlisting}[language=bash] \begin{lstlisting}[language=bash]
incus create images:debian/12 dnsmasq-container incus create images:debian/12 deb1
incus config set dnsmasq-container security.syscalls.intercept.mount true incus config set deb1 security.syscalls.intercept.mount true
incus config set dnsmasq-container security.nesting true incus config set deb1 security.nesting true
incus config set dnsmasq-container security.privileged true incus config set deb1 security.privileged true
incus start dnsmasq-container incus start deb1
\end{lstlisting} \end{lstlisting}
The \texttt{security.syscalls.intercept.mount}, \texttt{security.nesting}, and \texttt{security.privileged} settings are required for \texttt{dnsmasq} and Docker to function correctly in the container. The \texttt{security.syscalls.intercept.mount}, \texttt{security.nesting}, and \texttt{security.privileged} settings are required for \texttt{dnsmasq} and Docker to function correctly in the container.
@ -77,8 +77,8 @@ sudo iptables -A FORWARD -i wlo1 -o incusbr0 -m state --state RELATED,ESTABLISHE
\subsection{Installing Additional Packages} \subsection{Installing Additional Packages}
Install the necessary packages inside the container: Install the necessary packages inside the container:
\begin{lstlisting}[language=bash] \begin{lstlisting}[language=bash]
incus exec dnsmasq-container -- apt update incus exec deb1 -- apt update
incus exec dnsmasq-container -- apt install -y \ incus exec deb1 -- apt install -y \
netplan.io \ netplan.io \
sudo vim nano git tmux mc zip unzip curl wget htop lynx \ sudo vim nano git tmux mc zip unzip curl wget htop lynx \
iproute2 termshark bridge-utils \ iproute2 termshark bridge-utils \
@ -92,7 +92,7 @@ Configure user access and permissions within the container.
\subsubsection{Changing the Root Password} \subsubsection{Changing the Root Password}
Set the root password to "passroot": Set the root password to "passroot":
\begin{lstlisting}[language=bash] \begin{lstlisting}[language=bash]
incus exec dnsmasq-container -- bash -c 'echo "root:passroot" | chpasswd' incus exec deb1 -- bash -c 'echo "root:passroot" | chpasswd'
\end{lstlisting} \end{lstlisting}
\subsubsection{Adding a New User} \subsubsection{Adding a New User}
@ -104,29 +104,29 @@ sudo useradd -m -s /bin/bash -G sudo user && echo 'user:pass' | sudo chpasswd
\subsection{Accessing the Container} \subsection{Accessing the Container}
Access the container's shell: Access the container's shell:
\begin{lstlisting}[language=bash] \begin{lstlisting}[language=bash]
incus exec dnsmasq-container -- su - user incus exec deb1 -- su - user
\end{lstlisting} \end{lstlisting}
% New section for veth pair setup % New section for veth pair setup
\section{Setting Up a Veth Pair Between Container and Network Namespace} \section{Setting Up a Veth Pair Between Container and Network Namespace}
To enable direct communication between a container and a network namespace, a virtual Ethernet (\texttt{veth}) pair is created. The following Python script (\texttt{link.py}) is used to create a \texttt{veth} pair between the \texttt{dnsmasq-container} (an Incus container) and the \texttt{ns1} network namespace, with interfaces named \texttt{vA} and \texttt{vB}. To enable direct communication between a container and a network namespace, a virtual Ethernet (\texttt{veth}) pair is created. The following Python script (\texttt{link.py}) is used to create a \texttt{veth} pair between the \texttt{deb1} (an Incus container) and the \texttt{ns1} network namespace, with interfaces named \texttt{vA} and \texttt{vB}.
\begin{lstlisting} \begin{lstlisting}
sudo python3 link.py -n1 vA -t2 incus -ns2 dnsmasq-container -n2 vB sudo python3 link.py -n1 vA -t2 incus -ns2 deb1 -n2 vB
\end{lstlisting} \end{lstlisting}
This command: This command:
\begin{itemize} \begin{itemize}
\item Creates a \texttt{veth} pair with one end (\texttt{vA}) in the default namespace and the other end (\texttt{vB}) in the \texttt{dnsmasq-container}'s network namespace. \item Creates a \texttt{veth} pair with one end (\texttt{vA}) in the default namespace and the other end (\texttt{vB}) in the \texttt{deb1}'s network namespace.
\item Ensures the interfaces are set up and operational, allowing network traffic to flow between the container and the \texttt{ns1} namespace (or default namespace if \texttt{ns1} is not explicitly created). \item Ensures the interfaces are set up and operational, allowing network traffic to flow between the container and the \texttt{ns1} namespace (or default namespace if \texttt{ns1} is not explicitly created).
\end{itemize} \end{itemize}
The script uses the \texttt{pyroute2} library to manage network interfaces and namespaces, and supports container types such as Incus, LXC, LXD, and Docker. Ensure the \texttt{dnsmasq-container} is running in Incus before executing the command. The script uses the \texttt{pyroute2} library to manage network interfaces and namespaces, and supports container types such as Incus, LXC, LXD, and Docker. Ensure the \texttt{deb1} is running in Incus before executing the command.
\subsection{Configuring the Network with Netplan} \subsection{Configuring the Network with Netplan}
Configure the container's network using Netplan to assign a static IP address. Create or edit the Netplan configuration file at \texttt{/etc/netplan/01-netcfg.yaml}: Configure the container's network using Netplan to assign a static IP address. Create or edit the Netplan configuration file at \texttt{/etc/netplan/01-netcfg.yaml}:
\begin{lstlisting}[language=bash] \begin{lstlisting}[language=bash]
incus exec dnsmasq-container -- nano /etc/netplan/01-netcfg.yaml incus exec deb1 -- nano /etc/netplan/01-netcfg.yaml
\end{lstlisting} \end{lstlisting}
Add the following configuration: Add the following configuration:
\begin{lstlisting}[language=yaml] \begin{lstlisting}[language=yaml]
@ -145,22 +145,22 @@ network:
\end{lstlisting} \end{lstlisting}
Apply the configuration: Apply the configuration:
\begin{lstlisting}[language=bash] \begin{lstlisting}[language=bash]
incus exec dnsmasq-container -- netplan apply incus exec deb1 -- netplan apply
\end{lstlisting} \end{lstlisting}
\subsection{Installing dnsmasq} \subsection{Installing dnsmasq}
Update the package list and install \texttt{dnsmasq}: Update the package list and install \texttt{dnsmasq}:
\begin{lstlisting}[language=bash] \begin{lstlisting}[language=bash]
incus exec dnsmasq-container -- apt update incus exec deb1 -- apt update
incus exec dnsmasq-container -- apt install dnsmasq -y incus exec deb1 -- apt install dnsmasq -y
\end{lstlisting} \end{lstlisting}
\subsection{Configuring dnsmasq} \subsection{Configuring dnsmasq}
Edit the \texttt{dnsmasq} configuration file at \texttt{/etc/dnsmasq.conf}: Edit the \texttt{dnsmasq} configuration file at \texttt{/etc/dnsmasq.conf}:
\begin{lstlisting}[language=bash] \begin{lstlisting}[language=bash]
incus exec dnsmasq-container -- nano /etc/dnsmasq.conf incus exec deb1 -- nano /etc/dnsmasq.conf
\end{lstlisting} \end{lstlisting}
Add or modify the following settings to enable DNS and DHCP: Add or modify the following settings to enable DNS and DHCP:
\begin{lstlisting} \begin{lstlisting}
@ -193,30 +193,31 @@ dhcp-option=6,8.8.8.8,8.8.4.4
\subsection{Starting and Enabling dnsmasq} \subsection{Starting and Enabling dnsmasq}
Restart and enable the \texttt{dnsmasq} service: Restart and enable the \texttt{dnsmasq} service:
\begin{lstlisting}[language=bash] \begin{lstlisting}[language=bash]
incus exec dnsmasq-container -- systemctl restart dnsmasq incus exec deb1 -- systemctl restart dnsmasq
incus exec dnsmasq-container -- systemctl enable dnsmasq incus exec deb1 -- systemctl enable dnsmasq
\end{lstlisting} \end{lstlisting}
Verify that \texttt{dnsmasq} is running: Verify that \texttt{dnsmasq} is running:
\begin{lstlisting}[language=bash] \begin{lstlisting}[language=bash]
incus exec dnsmasq-container -- systemctl status dnsmasq incus exec deb1 -- systemctl status dnsmasq
\end{lstlisting} \end{lstlisting}
\subsection{Testing the Configuration} \subsection{Testing the Configuration}
Test DNS resolution from within the container: Test DNS resolution from within the container:
\begin{lstlisting}[language=bash] \begin{lstlisting}[language=bash]
incus exec dnsmasq-container -- nslookup example.local 192.168.1.10 incus exec deb1 -- nslookup example.local 192.168.1.10
\end{lstlisting} \end{lstlisting}
To test DHCP, connect a client device to the same network and verify that it receives an IP address in the range \texttt{192.168.1.100--192.168.1.200}. To test DHCP, connect a client device to the same network and verify that it receives an IP address in the range \texttt{192.168.1.100--192.168.1.200}.
\section{Troubleshooting} \section{Troubleshooting}
If \texttt{dnsmasq} fails to start: If \texttt{dnsmasq} fails to start:
\begin{itemize} \begin{itemize}
\item Check the logs: \texttt{incus exec dnsmasq-container -- journalctl -u dnsmasq}. \item Check the logs: \texttt{incus exec deb1 -- journalctl -u dnsmasq}.
\item Ensure no other service is using port 53 (DNS) or 67 (DHCP). \item Ensure no other service is using port 53 (DNS) or 67 (DHCP).
\item Verify the network configuration with \texttt{incus exec dnsmasq-container -- ip a} and \texttt{incus exec dnsmasq-container -- ping 8.8.8.8}. \item Verify the network configuration with \texttt{incus exec deb1 -- ip a} and \texttt{incus exec deb1 -- ping 8.8.8.8}.
\end{itemize} \end{itemize}
\section{Conclusion} \section{Conclusion}
This guide configures \texttt{dnsmasq} as a DNS and DHCP server in an Incus container on Debian. The Netplan configuration ensures proper network setup. For advanced configurations, refer to the \texttt{dnsmasq} documentation (\texttt{man dnsmasq}). This guide configures \texttt{dnsmasq} as a DNS and DHCP server in an Incus container on Debian. The Netplan configuration ensures proper network setup. For advanced configurations, refer to the \texttt{dnsmasq} documentation (\texttt{man dnsmasq}).
\end{document} \end{document}