c2023/dnsmasq
17
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: c2023:13021a85d049d511dc197f25de5cfb04b445f727
Branches Tags
c2023:fabian-3
c2023:bmiast
c2023:f2
c2023:fab
c2023:dominik
c2023:slomka
c2023:borys-2025-05-22
c2023:f-deb2
c2023:build
c2023:fabian-poprawione2
c2023:fabian-poprawione
c2023:f1
c2023:fabian
...
compare: c2023:8bbeb3545912c2b747499d430d639710db9e9c23
Branches Tags
c2023:bmiast
c2023:fabian-3
c2023:f2
c2023:fab
c2023:dominik
c2023:slomka
c2023:borys-2025-05-22
c2023:f-deb2
c2023:build
c2023:fabian-poprawione2
c2023:fabian-poprawione
c2023:f1
c2023:fabian

5 Commits
13021a85d0 ... 8bbeb35459

Author SHA1 Message Date
bmiast
8bbeb35459 faster user adding + md file, bmiast + siah 2025-05-28 06:59:44 +00:00
Twoje Imię Nazwisko
c9da328783 dnsmasq run ok 2025-05-22 10:33:38 +02:00
Twoje Imię Nazwisko
9e8db987c5 added: veth ns1<->dnsmasq-container 2025-05-22 10:23:22 +02:00
Twoje Imię Nazwisko
ba33230ebe added: link.py 2025-05-22 10:18:05 +02:00
Twoje Imię Nazwisko
c31c8aa5c0 added iptables rules 2025-05-22 09:35:19 +02:00
6 changed files with 717 additions and 367 deletions
Show Stats Expand all files Collapse all files

18
doc/main.aux
View File

@ -1,18 +0,0 @@
\relax
\@writefile{toc}{\contentsline {section}{\numberline {1}Introduction}{1}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {2}Prerequisites}{1}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {3}Step-by-Step Configuration}{1}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.1}Creating and Setting Up the Incus Container}{1}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.2}Installing Additional Packages}{1}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.3}Configuring Users and Permissions}{2}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {3.3.1}Changing the Root Password}{2}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {3.3.2}Adding a New User}{2}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.4}Accessing the Container}{2}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.5}Installing dnsmasq}{2}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.6}Configuring the Network with Netplan}{2}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.7}Configuring dnsmasq}{3}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.8}Starting and Enabling dnsmasq}{4}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.9}Testing the Configuration}{4}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {4}Troubleshooting}{4}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {5}Conclusion}{4}{}\protected@file@percent }
\gdef \@abspage@last{4}

337
doc/main.log
View File

@ -1,337 +0,0 @@
This is pdfTeX, Version 3.141592653-2.6-1.40.26 (TeX Live 2025/dev/Debian) (preloaded format=pdflatex 2024.12.27) 15 MAY 2025 09:28
entering extended mode
restricted \write18 enabled.
%&-line parsing enabled.
**main
(./main.tex
LaTeX2e <2024-11-01>
L3 programming layer <2024-11-02>
(/usr/share/texlive/texmf-dist/tex/latex/base/article.cls
Document Class: article 2024/06/29 v1.4n Standard LaTeX document class
(/usr/share/texlive/texmf-dist/tex/latex/base/size12.clo
File: size12.clo 2024/06/29 v1.4n Standard LaTeX file (size option)
)
\c@part=\count196
\c@section=\count197
\c@subsection=\count198
\c@subsubsection=\count199
\c@paragraph=\count266
\c@subparagraph=\count267
\c@figure=\count268
\c@table=\count269
\abovecaptionskip=\skip49
\belowcaptionskip=\skip50
\bibindent=\dimen141
)
(/usr/share/texlive/texmf-dist/tex/latex/base/inputenc.sty
Package: inputenc 2024/02/08 v1.3d Input encoding file
\inpenc@prehook=\toks17
\inpenc@posthook=\toks18
)
(/usr/share/texlive/texmf-dist/tex/latex/base/fontenc.sty
Package: fontenc 2021/04/29 v2.0v Standard LaTeX package
)
(/usr/share/texmf/tex/latex/lm/lmodern.sty
Package: lmodern 2015/05/01 v1.6.1 Latin Modern Fonts
LaTeX Font Info: Overwriting symbol font `operators' in version `normal'
(Font) OT1/cmr/m/n --> OT1/lmr/m/n on input line 22.
LaTeX Font Info: Overwriting symbol font `letters' in version `normal'
(Font) OML/cmm/m/it --> OML/lmm/m/it on input line 23.
LaTeX Font Info: Overwriting symbol font `symbols' in version `normal'
(Font) OMS/cmsy/m/n --> OMS/lmsy/m/n on input line 24.
LaTeX Font Info: Overwriting symbol font `largesymbols' in version `normal'
(Font) OMX/cmex/m/n --> OMX/lmex/m/n on input line 25.
LaTeX Font Info: Overwriting symbol font `operators' in version `bold'
(Font) OT1/cmr/bx/n --> OT1/lmr/bx/n on input line 26.
LaTeX Font Info: Overwriting symbol font `letters' in version `bold'
(Font) OML/cmm/b/it --> OML/lmm/b/it on input line 27.
LaTeX Font Info: Overwriting symbol font `symbols' in version `bold'
(Font) OMS/cmsy/b/n --> OMS/lmsy/b/n on input line 28.
LaTeX Font Info: Overwriting symbol font `largesymbols' in version `bold'
(Font) OMX/cmex/m/n --> OMX/lmex/m/n on input line 29.
LaTeX Font Info: Overwriting math alphabet `\mathbf' in version `normal'
(Font) OT1/cmr/bx/n --> OT1/lmr/bx/n on input line 31.
LaTeX Font Info: Overwriting math alphabet `\mathsf' in version `normal'
(Font) OT1/cmss/m/n --> OT1/lmss/m/n on input line 32.
LaTeX Font Info: Overwriting math alphabet `\mathit' in version `normal'
(Font) OT1/cmr/m/it --> OT1/lmr/m/it on input line 33.
LaTeX Font Info: Overwriting math alphabet `\mathtt' in version `normal'
(Font) OT1/cmtt/m/n --> OT1/lmtt/m/n on input line 34.
LaTeX Font Info: Overwriting math alphabet `\mathbf' in version `bold'
(Font) OT1/cmr/bx/n --> OT1/lmr/bx/n on input line 35.
LaTeX Font Info: Overwriting math alphabet `\mathsf' in version `bold'
(Font) OT1/cmss/bx/n --> OT1/lmss/bx/n on input line 36.
LaTeX Font Info: Overwriting math alphabet `\mathit' in version `bold'
(Font) OT1/cmr/bx/it --> OT1/lmr/bx/it on input line 37.
LaTeX Font Info: Overwriting math alphabet `\mathtt' in version `bold'
(Font) OT1/cmtt/m/n --> OT1/lmtt/m/n on input line 38.
)
(/usr/share/texlive/texmf-dist/tex/latex/geometry/geometry.sty
Package: geometry 2020/01/02 v5.9 Page Geometry
(/usr/share/texlive/texmf-dist/tex/latex/graphics/keyval.sty
Package: keyval 2022/05/29 v1.15 key=value parser (DPC)
\KV@toks@=\toks19
)
(/usr/share/texlive/texmf-dist/tex/generic/iftex/ifvtex.sty
Package: ifvtex 2019/10/25 v1.7 ifvtex legacy package. Use iftex instead.
(/usr/share/texlive/texmf-dist/tex/generic/iftex/iftex.sty
Package: iftex 2022/02/03 v1.0f TeX engine tests
))
\Gm@cnth=\count270
\Gm@cntv=\count271
\c@Gm@tempcnt=\count272
\Gm@bindingoffset=\dimen142
\Gm@wd@mp=\dimen143
\Gm@odd@mp=\dimen144
\Gm@even@mp=\dimen145
\Gm@layoutwidth=\dimen146
\Gm@layoutheight=\dimen147
\Gm@layouthoffset=\dimen148
\Gm@layoutvoffset=\dimen149
\Gm@dimlist=\toks20
)
(/usr/share/texlive/texmf-dist/tex/latex/listings/listings.sty
\lst@mode=\count273
\lst@gtempboxa=\box52
\lst@token=\toks21
\lst@length=\count274
\lst@currlwidth=\dimen150
\lst@column=\count275
\lst@pos=\count276
\lst@lostspace=\dimen151
\lst@width=\dimen152
\lst@newlines=\count277
\lst@lineno=\count278
\lst@maxwidth=\dimen153
(/usr/share/texlive/texmf-dist/tex/latex/listings/lstpatch.sty
File: lstpatch.sty 2024/09/23 1.10c (Carsten Heinz)
)
(/usr/share/texlive/texmf-dist/tex/latex/listings/lstmisc.sty
File: lstmisc.sty 2024/09/23 1.10c (Carsten Heinz)
\c@lstnumber=\count279
\lst@skipnumbers=\count280
\lst@framebox=\box53
)
(/usr/share/texlive/texmf-dist/tex/latex/listings/listings.cfg
File: listings.cfg 2024/09/23 1.10c listings configuration
))
Package: listings 2024/09/23 1.10c (Carsten Heinz)
(/usr/share/texlive/texmf-dist/tex/latex/xcolor/xcolor.sty
Package: xcolor 2024/09/29 v3.02 LaTeX color extensions (UK)
(/usr/share/texlive/texmf-dist/tex/latex/graphics-cfg/color.cfg
File: color.cfg 2016/01/02 v1.6 sample color configuration
)
Package xcolor Info: Driver file: pdftex.def on input line 274.
(/usr/share/texlive/texmf-dist/tex/latex/graphics-def/pdftex.def
File: pdftex.def 2024/04/13 v1.2c Graphics/color driver for pdftex
)
(/usr/share/texlive/texmf-dist/tex/latex/graphics/mathcolor.ltx)
Package xcolor Info: Model `cmy' substituted by `cmy0' on input line 1349.
Package xcolor Info: Model `hsb' substituted by `rgb' on input line 1353.
Package xcolor Info: Model `RGB' extended on input line 1365.
Package xcolor Info: Model `HTML' substituted by `rgb' on input line 1367.
Package xcolor Info: Model `Hsb' substituted by `hsb' on input line 1368.
Package xcolor Info: Model `tHsb' substituted by `hsb' on input line 1369.
Package xcolor Info: Model `HSB' substituted by `hsb' on input line 1370.
Package xcolor Info: Model `Gray' substituted by `gray' on input line 1371.
Package xcolor Info: Model `wave' substituted by `hsb' on input line 1372.
)
(/usr/share/texlive/texmf-dist/tex/latex/parskip/parskip.sty
Package: parskip 2021-03-14 v2.0h non-zero parskip adjustments
(/usr/share/texlive/texmf-dist/tex/latex/kvoptions/kvoptions.sty
Package: kvoptions 2022-06-15 v3.15 Key value format for package options (HO)
(/usr/share/texlive/texmf-dist/tex/generic/ltxcmds/ltxcmds.sty
Package: ltxcmds 2023-12-04 v1.26 LaTeX kernel commands for general use (HO)
)
(/usr/share/texlive/texmf-dist/tex/latex/kvsetkeys/kvsetkeys.sty
Package: kvsetkeys 2022-10-05 v1.19 Key value parser (HO)
))
(/usr/share/texlive/texmf-dist/tex/latex/etoolbox/etoolbox.sty
Package: etoolbox 2020/10/05 v2.5k e-TeX tools for LaTeX (JAW)
\etb@tempcnta=\count281
))
LaTeX Font Info: Trying to load font information for T1+lmr on input line 35
.
(/usr/share/texmf/tex/latex/lm/t1lmr.fd
File: t1lmr.fd 2015/05/01 v1.6.1 Font defs for Latin Modern
)
(/usr/share/texlive/texmf-dist/tex/latex/l3backend/l3backend-pdftex.def
File: l3backend-pdftex.def 2024-05-08 L3 backend support: PDF output (pdfTeX)
\l__color_backend_stack_int=\count282
\l__pdf_internal_box=\box54
)
(./main.aux)
\openout1 = `main.aux'.
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 35.
LaTeX Font Info: ... okay on input line 35.
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 35.
LaTeX Font Info: ... okay on input line 35.
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 35.
LaTeX Font Info: ... okay on input line 35.
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 35.
LaTeX Font Info: ... okay on input line 35.
LaTeX Font Info: Checking defaults for TS1/cmr/m/n on input line 35.
LaTeX Font Info: ... okay on input line 35.
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 35.
LaTeX Font Info: ... okay on input line 35.
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 35.
LaTeX Font Info: ... okay on input line 35.
*geometry* driver: auto-detecting
*geometry* detected driver: pdftex
*geometry* verbose mode - [ preamble ] result:
* driver: pdftex
* paper: a4paper
* layout: <same size as paper>
* layoutoffset:(h,v)=(0.0pt,0.0pt)
* modes:
* h-part:(L,W,R)=(72.26999pt, 452.9679pt, 72.26999pt)
* v-part:(T,H,B)=(72.26999pt, 700.50687pt, 72.26999pt)
* \paperwidth=597.50787pt
* \paperheight=845.04684pt
* \textwidth=452.9679pt
* \textheight=700.50687pt
* \oddsidemargin=0.0pt
* \evensidemargin=0.0pt
* \topmargin=-37.0pt
* \headheight=12.0pt
* \headsep=25.0pt
* \topskip=12.0pt
* \footskip=30.0pt
* \marginparwidth=35.0pt
* \marginparsep=10.0pt
* \columnsep=10.0pt
* \skip\footins=10.8pt plus 4.0pt minus 2.0pt
* \hoffset=0.0pt
* \voffset=0.0pt
* \mag=1000
* \@twocolumnfalse
* \@twosidefalse
* \@mparswitchfalse
* \@reversemarginfalse
* (1in=72.27pt=25.4mm, 1cm=28.453pt)
\c@lstlisting=\count283
(/usr/share/texlive/texmf-dist/tex/context/base/mkii/supp-pdf.mkii
[Loading MPS to PDF converter (version 2006.09.02).]
\scratchcounter=\count284
\scratchdimen=\dimen154
\scratchbox=\box55
\nofMPsegments=\count285
\nofMParguments=\count286
\everyMPshowfont=\toks22
\MPscratchCnt=\count287
\MPscratchDim=\dimen155
\MPnumerator=\count288
\makeMPintoPDFobject=\count289
\everyMPtoPDFconversion=\toks23
)
LaTeX Font Info: Trying to load font information for OT1+lmr on input line 4
0.
(/usr/share/texmf/tex/latex/lm/ot1lmr.fd
File: ot1lmr.fd 2015/05/01 v1.6.1 Font defs for Latin Modern
)
LaTeX Font Info: Trying to load font information for OML+lmm on input line 4
0.
(/usr/share/texmf/tex/latex/lm/omllmm.fd
File: omllmm.fd 2015/05/01 v1.6.1 Font defs for Latin Modern
)
LaTeX Font Info: Trying to load font information for OMS+lmsy on input line
40.
(/usr/share/texmf/tex/latex/lm/omslmsy.fd
File: omslmsy.fd 2015/05/01 v1.6.1 Font defs for Latin Modern
)
LaTeX Font Info: Trying to load font information for OMX+lmex on input line
40.
(/usr/share/texmf/tex/latex/lm/omxlmex.fd
File: omxlmex.fd 2015/05/01 v1.6.1 Font defs for Latin Modern
)
LaTeX Font Info: External font `lmex10' loaded for size
(Font) <14.4> on input line 40.
LaTeX Font Info: External font `lmex10' loaded for size
(Font) <10> on input line 40.
LaTeX Font Info: External font `lmex10' loaded for size
(Font) <7> on input line 40.
LaTeX Font Info: Trying to load font information for T1+lmtt on input line 4
3.
(/usr/share/texmf/tex/latex/lm/t1lmtt.fd
File: t1lmtt.fd 2015/05/01 v1.6.1 Font defs for Latin Modern
)
LaTeX Font Info: Trying to load font information for TS1+lmr on input line 4
8.
(/usr/share/texmf/tex/latex/lm/ts1lmr.fd
File: ts1lmr.fd 2015/05/01 v1.6.1 Font defs for Latin Modern
)
(/usr/share/texlive/texmf-dist/tex/latex/listings/lstlang1.sty
File: lstlang1.sty 2024/09/23 1.10c listings language file
)
(/usr/share/texlive/texmf-dist/tex/latex/listings/lstlang1.sty
File: lstlang1.sty 2024/09/23 1.10c listings language file
)
Overfull \hbox (23.59369pt too wide) in paragraph at lines 65--66
\T1/lmr/m/n/12 The \T1/lmtt/m/n/12 security.syscalls.intercept.mount\T1/lmr/m/n
/12 , \T1/lmtt/m/n/12 security.nesting\T1/lmr/m/n/12 , and \T1/lmtt/m/n/12 secu
rity.privileged
[]
[1
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}{/usr/share/texmf/fonts/enc/
dvips/lm/lm-ec.enc}{/usr/share/texmf/fonts/enc/dvips/lm/lm-ts1.enc}]
[2]
LaTeX Font Info: Font shape `T1/lmtt/bx/n' in size <10.95> not available
(Font) Font shape `T1/lmtt/b/n' tried instead on input line 117.
Overfull \hbox (25.69144pt too wide) in paragraph at lines 164--165
[]\T1/lmtt/m/n/12 dhcp-range\T1/lmr/m/n/12 : De-fines the IP range for DHCP cli
ents (from 192.168.1.100 to 192.168.1.200,
[]
[3]
[4] (./main.aux)
***********
LaTeX2e <2024-11-01>
L3 programming layer <2024-11-02>
***********
)
Here is how much of TeX's memory you used:
5009 strings out of 473362
72806 string characters out of 5723554
842560 words of memory out of 5000000
28076 multiletter control sequences out of 15000+600000
598499 words of font info for 61 fonts, out of 8000000 for 9000
1141 hyphenation exceptions out of 8191
57i,6n,65p,493b,1661s stack positions out of 10000i,1000n,20000p,200000b,200000s
</usr/share/texmf/fonts/type1/public/lm/lmbx12.pfb></usr/share/texmf/fonts/ty
pe1/public/lm/lmr12.pfb></usr/share/texmf/fonts/type1/public/lm/lmr17.pfb></usr
/share/texmf/fonts/type1/public/lm/lmr6.pfb></usr/share/texmf/fonts/type1/publi
c/lm/lmtk10.pfb></usr/share/texmf/fonts/type1/public/lm/lmtt10.pfb></usr/share/
texmf/fonts/type1/public/lm/lmtt12.pfb>
Output written on main.pdf (4 pages, 199974 bytes).
PDF statistics:
57 PDF objects out of 1000 (max. 8388607)
35 compressed objects within 1 object stream
0 named destinations out of 1000 (max. 500000)
1 words of extra memory for PDF output out of 10000 (max. 10000000)

250
doc/main.md Normal file
View File

@ -0,0 +1,250 @@
---
title: Basic Configuration of dnsmasq in an Incus Container on Debian
with Netplan
---
# Introduction
This guide provides step-by-step instructions for setting up `dnsmasq`
as a DNS and DHCP server in an Incus container running Debian. The
network configuration is managed using Netplan to ensure proper network
integration.
# Prerequisites
Before proceeding, ensure the following:
- Incus is installed on the host system (`sudo apt install incus`).
- A Debian-based container is created in Incus.
- Basic knowledge of Linux networking and container management.
- Root or sudo access to the host and container.
# Step-by-Step Configuration
## Creating and Setting Up the Incus Container
Create a Debian container named `dnsmasq-container` using the following
commands on the host:
``` {.bash language="bash"}
incus create images:debian/12 dnsmasq-container
incus config set dnsmasq-container security.syscalls.intercept.mount true
incus config set dnsmasq-container security.nesting true
incus config set dnsmasq-container security.privileged true
incus start dnsmasq-container
```
The `security.syscalls.intercept.mount`, `security.nesting`, and
`security.privileged` settings are required for `dnsmasq` and Docker to
function correctly in the container.
## Firewall Configuration
To allow traffic forwarding between the `incusbr0` bridge and the `wlo1`
wireless interface, the following iptables rules are applied:
sudo iptables -A FORWARD -i incusbr0 -o wlo1 -j ACCEPT
sudo iptables -A FORWARD -i wlo1 -o incusbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
## Installing Additional Packages
Install the necessary packages inside the container:
``` {.bash language="bash"}
incus exec dnsmasq-container -- apt update
incus exec dnsmasq-container -- apt install -y \
netplan.io \
sudo vim nano git tmux mc zip unzip curl wget htop lynx \
iproute2 termshark bridge-utils \
python3 python3-ipython python3-pyroute2 python3-scapy \
docker.io docker-compose
```
## Configuring Users and Permissions
Configure user access and permissions within the container.
### Changing the Root Password
Set the root password to \"passroot\":
``` {.bash language="bash"}
incus exec dnsmasq-container -- bash -c 'echo "root:passroot" | chpasswd'
```
### Adding a New User
Add a new user named \"user\" with the password \"pass\" and add them to
the \"sudo\" and \"docker\" groups:
``` {.bash language="bash"}
sudo useradd -m -s /bin/bash -G sudo user && echo 'user:pass' | sudo chpasswd
```
## Accessing the Container
Access the container's shell:
``` {.bash language="bash"}
incus exec dnsmasq-container -- su - user
```
# Setting Up a Veth Pair Between Container and Network Namespace
To enable direct communication between a container and a network
namespace, a virtual Ethernet (`veth`) pair is created. The following
Python script (`link.py`) is used to create a `veth` pair between the
`dnsmasq-container` (an Incus container) and the `ns1` network
namespace, with interfaces named `vA` and `vB`.
sudo python3 link.py -n1 vA -t2 incus -ns2 dnsmasq-container -n2 vB
This command:
- Creates a `veth` pair with one end (`vA`) in the default namespace
and the other end (`vB`) in the `dnsmasq-container`'s network
namespace.
- Ensures the interfaces are set up and operational, allowing network
traffic to flow between the container and the `ns1` namespace (or
default namespace if `ns1` is not explicitly created).
The script uses the `pyroute2` library to manage network interfaces and
namespaces, and supports container types such as Incus, LXC, LXD, and
Docker. Ensure the `dnsmasq-container` is running in Incus before
executing the command.
## Configuring the Network with Netplan
Configure the container's network using Netplan to assign a static IP
address. Create or edit the Netplan configuration file at
`/etc/netplan/01-netcfg.yaml`:
``` {.bash language="bash"}
incus exec dnsmasq-container -- nano /etc/netplan/01-netcfg.yaml
```
Add the following configuration:
``` {.yaml language="yaml"}
network:
version: 2
ethernets:
vB:
dhcp4: no
addresses:
- 192.168.1.10/24
routes:
- to: default
via: 192.168.1.1
nameservers:
addresses: [8.8.8.8, 8.8.4.4]
```
Apply the configuration:
``` {.bash language="bash"}
incus exec dnsmasq-container -- netplan apply
```
## Installing dnsmasq
Update the package list and install `dnsmasq`:
``` {.bash language="bash"}
incus exec dnsmasq-container -- apt update
incus exec dnsmasq-container -- apt install dnsmasq -y
```
## Configuring dnsmasq
Edit the `dnsmasq` configuration file at `/etc/dnsmasq.conf`:
``` {.bash language="bash"}
incus exec dnsmasq-container -- nano /etc/dnsmasq.conf
```
Add or modify the following settings to enable DNS and DHCP:
# DNS settings
domain-needed
bogus-priv
no-resolv
server=8.8.8.8
server=8.8.4.4
local=/example.local/
domain=example.local
# DHCP settings
dhcp-range=192.168.1.100,192.168.1.200,12h
dhcp-option=3,192.168.1.1
dhcp-option=6,8.8.8.8,8.8.4.4
**Explanation:**
- `domain-needed`: Prevents incomplete domain names from being sent to
upstream DNS.
- `bogus-priv`: Blocks reverse DNS lookups for private IP ranges.
- `no-resolv`: Disables reading `/etc/resolv.conf`.
- `server`: Specifies upstream DNS servers (Google DNS in this case).
- `local` and `domain`: Configures a local domain.
- `dhcp-range`: Defines the IP range for DHCP clients (from
192.168.1.100 to 192.168.1.200, lease time 12 hours).
- `dhcp-option`: Sets the default gateway (option 3) and DNS servers
(option 6).
## Starting and Enabling dnsmasq
Restart and enable the `dnsmasq` service:
``` {.bash language="bash"}
incus exec dnsmasq-container -- systemctl restart dnsmasq
incus exec dnsmasq-container -- systemctl enable dnsmasq
```
Verify that `dnsmasq` is running:
``` {.bash language="bash"}
incus exec dnsmasq-container -- systemctl status dnsmasq
```
## Testing the Configuration
Test DNS resolution from within the container:
``` {.bash language="bash"}
incus exec dnsmasq-container -- nslookup example.local 192.168.1.10
```
To test DHCP, connect a client device to the same network and verify
that it receives an IP address in the range
`192.168.1.100192.168.1.200`.
# Troubleshooting
If `dnsmasq` fails to start:
- Check the logs:
`incus exec dnsmasq-container journalctl -u dnsmasq`.
- Ensure no other service is using port 53 (DNS) or 67 (DHCP).
- Verify the network configuration with
`incus exec dnsmasq-container ip a` and
`incus exec dnsmasq-container ping 8.8.8.8`.
# Conclusion
This guide configures `dnsmasq` as a DNS and DHCP server in an Incus
container on Debian. The Netplan configuration ensures proper network
setup. For advanced configurations, refer to the `dnsmasq` documentation
(`man dnsmasq`).

BIN
doc/main.pdf
View File

Binary file not shown.

49
doc/main.tex
View File

@ -64,6 +64,16 @@ incus start dnsmasq-container
\end{lstlisting}
The \texttt{security.syscalls.intercept.mount}, \texttt{security.nesting}, and \texttt{security.privileged} settings are required for \texttt{dnsmasq} and Docker to function correctly in the container.
% New subsection for firewall settings
\subsection{Firewall Configuration}
To allow traffic forwarding between the \texttt{incusbr0} bridge and the \texttt{wlo1} wireless interface, the following iptables rules are applied:
\begin{lstlisting}
sudo iptables -A FORWARD -i incusbr0 -o wlo1 -j ACCEPT
sudo iptables -A FORWARD -i wlo1 -o incusbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
\end{lstlisting}
\subsection{Installing Additional Packages}
Install the necessary packages inside the container:
\begin{lstlisting}[language=bash]
@ -88,25 +98,31 @@ incus exec dnsmasq-container -- bash -c 'echo "root:passroot" | chpasswd'
\subsubsection{Adding a New User}
Add a new user named "user" with the password "pass" and add them to the "sudo" and "docker" groups:
\begin{lstlisting}[language=bash]
incus exec dnsmasq-container -- useradd -m -s /bin/bash user
incus exec dnsmasq-container -- bash -c 'echo "user:pass" | chpasswd'
incus exec dnsmasq-container -- usermod -aG sudo user
incus exec dnsmasq-container -- usermod -aG docker user
sudo useradd -m -s /bin/bash -G sudo user && echo 'user:pass' | sudo chpasswd
\end{lstlisting}
\subsection{Accessing the Container}
Access the container's shell:
\begin{lstlisting}[language=bash]
incus exec dnsmasq-container -- bash
incus exec dnsmasq-container -- su - user
\end{lstlisting}
\subsection{Installing dnsmasq}
Update the package list and install \texttt{dnsmasq}:
\begin{lstlisting}[language=bash]
incus exec dnsmasq-container -- apt update
incus exec dnsmasq-container -- apt install dnsmasq -y
% New section for veth pair setup
\section{Setting Up a Veth Pair Between Container and Network Namespace}
To enable direct communication between a container and a network namespace, a virtual Ethernet (\texttt{veth}) pair is created. The following Python script (\texttt{link.py}) is used to create a \texttt{veth} pair between the \texttt{dnsmasq-container} (an Incus container) and the \texttt{ns1} network namespace, with interfaces named \texttt{vA} and \texttt{vB}.
\begin{lstlisting}
sudo python3 link.py -n1 vA -t2 incus -ns2 dnsmasq-container -n2 vB
\end{lstlisting}
This command:
\begin{itemize}
\item Creates a \texttt{veth} pair with one end (\texttt{vA}) in the default namespace and the other end (\texttt{vB}) in the \texttt{dnsmasq-container}'s network namespace.
\item Ensures the interfaces are set up and operational, allowing network traffic to flow between the container and the \texttt{ns1} namespace (or default namespace if \texttt{ns1} is not explicitly created).
\end{itemize}
The script uses the \texttt{pyroute2} library to manage network interfaces and namespaces, and supports container types such as Incus, LXC, LXD, and Docker. Ensure the \texttt{dnsmasq-container} is running in Incus before executing the command.
\subsection{Configuring the Network with Netplan}
Configure the container's network using Netplan to assign a static IP address. Create or edit the Netplan configuration file at \texttt{/etc/netplan/01-netcfg.yaml}:
\begin{lstlisting}[language=bash]
@ -117,7 +133,7 @@ Add the following configuration:
network:
version: 2
ethernets:
eth0:
vB:
dhcp4: no
addresses:
- 192.168.1.10/24
@ -132,6 +148,15 @@ Apply the configuration:
incus exec dnsmasq-container -- netplan apply
\end{lstlisting}
\subsection{Installing dnsmasq}
Update the package list and install \texttt{dnsmasq}:
\begin{lstlisting}[language=bash]
incus exec dnsmasq-container -- apt update
incus exec dnsmasq-container -- apt install dnsmasq -y
\end{lstlisting}
\subsection{Configuring dnsmasq}
Edit the \texttt{dnsmasq} configuration file at \texttt{/etc/dnsmasq.conf}:
\begin{lstlisting}[language=bash]
@ -194,4 +219,4 @@ If \texttt{dnsmasq} fails to start:
\section{Conclusion}
This guide configures \texttt{dnsmasq} as a DNS and DHCP server in an Incus container on Debian. The Netplan configuration ensures proper network setup. For advanced configurations, refer to the \texttt{dnsmasq} documentation (\texttt{man dnsmasq}).
\end{document}
\end{document}

430
py/link.py Normal file
View File

@ -0,0 +1,430 @@
import argparse
import os
import subprocess
import sys
from pyroute2 import IPRoute, NetNS
class NetworkNamespaceManager:
"""
Provides functionalities to manage network namespaces.
Network namespaces partition network resources such as network links,
IP addresses, and port numbers into disjoint sets.
"""
@staticmethod
def list_netns():
"""
List all available network namespaces.
Scans the '/var/run/netns' directory and prints out all
the network namespace files present. If no namespaces are found, it
prints a message indicating that.
"""
netns_dir = "/var/run/netns"
try:
netns_files = os.listdir(netns_dir)
if netns_files:
print("List of available network namespaces:")
for netns_file in netns_files:
print(f"- {netns_file}")
else:
print("No network namespaces found.")
except OSError as e:
print(f"Error listing network namespaces: {e}")
class ContainerNetnsExposer:
"""
Responsible for exposing network namespaces of containers.
Supports Docker, LXC, LXD, and Incus containers, allowing the user to interact
with their network namespaces.
"""
def __init__(self):
"""
Initializes the ContainerNetnsExposer instance.
"""
self.netns_pid = None
self.netns_path = None
def expose_container_netns(self, container_id_or_name, container_type='docker'):
"""
Expose the network namespace of a specified container.
Parameters:
container_id_or_name (str): The identifier or name of the container.
container_type (str): The type of the container ('docker', 'lxc', 'lxd', or 'incus').
Returns:
str: The PID of the container as a string.
Raises:
SystemExit: If the container type is unsupported or if there is an error
in retrieving the container's PID.
"""
if container_type == 'docker':
self.get_docker_container_pid(container_id_or_name)
elif container_type in ('lxc', 'lxd', 'incus'):
self.get_lxc_container_pid(container_id_or_name, container_type)
else:
print("Unsupported container type. Only 'docker', 'lxc', 'lxd', and 'incus' are supported.")
sys.exit(1)
self.create_netns_directory()
self.create_or_remove_netns_symlink()
return str(self.netns_pid)
def get_docker_container_pid(self, container_id_or_name):
"""
Retrieve the PID of a Docker container.
Parameters:
container_id_or_name (str): The identifier or name of the Docker container.
Raises:
SystemExit: If there is an error in retrieving the Docker container's PID.
"""
try:
self.netns_pid = subprocess.check_output(
["sudo", "docker", "inspect", "-f", "{{.State.Pid}}", container_id_or_name],
universal_newlines=True
).strip()
except subprocess.CalledProcessError:
print("Error retrieving Docker container PID. Make sure the container exists and is running.")
sys.exit(1)
def get_lxc_container_pid(self, container_name, container_type='lxc'):
"""
Retrieve the PID of an LXC, LXD, or Incus container.
Parameters:
container_name (str): The name of the container.
container_type (str): The type of the container ('lxc', 'lxd', or 'incus').
Raises:
SystemExit: If there is an error in retrieving the container's PID.
"""
try:
if container_type == 'lxc':
output = subprocess.check_output(
["lxc-info", "-n", container_name, "-p"],
universal_newlines=True
)
self.netns_pid = output.strip().split()[-1]
elif container_type == 'lxd':
output = subprocess.check_output(
["sudo", "lxc", "info", container_name],
universal_newlines=True
)
for line in output.splitlines():
if line.strip().startswith("PID:"):
self.netns_pid = line.split(':')[1].strip()
break
else:
print(f"PID not found in 'lxc info' output for container '{container_name}'.")
sys.exit(1)
elif container_type == 'incus':
output = subprocess.check_output(
["sudo", "incus", "info", container_name],
universal_newlines=True
)
for line in output.splitlines():
if line.strip().startswith("PID:"):
self.netns_pid = line.split(':')[1].strip()
break
else:
print(f"PID not found in 'incus info' output for container '{container_name}'.")
sys.exit(1)
except subprocess.CalledProcessError as e:
print(f"Error retrieving {container_type.upper()} container PID for '{container_name}'. Error: {e}")
sys.exit(1)
def create_netns_directory(self):
"""
Create the network namespace directory if it does not exist.
Ensures that the directory '/var/run/netns' exists, which is used
to store network namespace symlinks.
"""
try:
subprocess.run(["sudo", "mkdir", "-p", "/var/run/netns"], check=True)
except subprocess.CalledProcessError as e:
print(f"Error creating network namespace directory: {e.stderr.strip()}")
sys.exit(1)
def create_or_remove_netns_symlink(self):
"""
Create or remove a symlink to the network namespace of a container.
Sets up a symlink in '/var/run/netns', pointing to the network namespace
of the container identified by its PID. If a symlink with the same name
already exists, it is removed before creating a new one.
"""
self.netns_path = f"/var/run/netns/{self.netns_pid}"
try:
if os.path.exists(self.netns_path):
subprocess.run(["sudo", "rm", "-rf", self.netns_path], check=True)
subprocess.run(["sudo", "ln", "-s", f"/proc/{self.netns_pid}/ns/net", self.netns_path], check=True)
except subprocess.CalledProcessError as e:
print(f"Error creating or removing symlink: {e}")
sys.exit(1)
class IfaceManager:
"""
Manages network interfaces, including creation, deletion, and configuration
of veth pairs, VLANs, and bridges.
"""
def delete(self, iface_name, namespace=None):
"""
Delete a network interface.
Parameters:
iface_name (str): The name of the interface to delete.
namespace (str, optional): The network namespace where the interface exists.
Raises:
Exception: If the interface cannot be deleted.
"""
try:
if namespace:
context_manager = NetNS(namespace)
else:
context_manager = IPRoute()
with context_manager as ns:
iface_idx_list = ns.link_lookup(ifname=iface_name)
if not iface_idx_list:
raise ValueError(f"Interface {iface_name} not found.")
iface_idx = iface_idx_list[0]
ns.link('del', index=iface_idx)
except Exception as e:
print(f"Error deleting interface {iface_name} in namespace {namespace}: {e}")
def create_veth(self, iface1, iface2, namespace=None):
"""
Create a veth pair.
Parameters:
iface1 (str): The name of the first interface.
iface2 (str): The name of the second interface.
namespace (str, optional): The network namespace where to create the veth pair.
Raises:
Exception: If the veth pair cannot be created.
"""
try:
if namespace:
context_manager = NetNS(namespace)
else:
context_manager = IPRoute()
with context_manager as ns:
ns.link('add', ifname=iface1, peer={'ifname': iface2}, kind='veth')
except Exception as e:
print(f"Error creating veth pair {iface1} and {iface2}: {e}")
def create_vlan(self, base_iface, vlan_id, namespace=None):
"""
Create a VLAN interface.
Parameters:
base_iface (str): The base interface name.
vlan_id (int): The VLAN ID.
namespace (str, optional): The network namespace where to create the VLAN interface.
Raises:
Exception: If the VLAN interface cannot be created.
"""
try:
if namespace:
context_manager = NetNS(namespace)
else:
context_manager = IPRoute()
with context_manager as ns:
base_iface_idx_list = ns.link_lookup(ifname=base_iface)
if not base_iface_idx_list:
raise ValueError(f"Base interface {base_iface} not found.")
base_iface_idx = base_iface_idx_list[0]
vlan_iface = f"{base_iface}.{vlan_id}"
ns.link('add', ifname=vlan_iface, link=base_iface_idx, kind='vlan', vlan_info={'id': vlan_id})
except Exception as e:
print(f"Error creating VLAN on interface {base_iface}: {e}")
def create_bridge(self, bridge_name, namespace=None):
"""
Create a bridge interface.
Parameters:
bridge_name (str): The name of the bridge.
namespace (str, optional): The network namespace where to create the bridge.
Raises:
Exception: If the bridge cannot be created.
"""
try:
if namespace:
context_manager = NetNS(namespace)
else:
context_manager = IPRoute()
with context_manager as ns:
ns.link('add', ifname=bridge_name, kind='bridge')
except Exception as e:
print(f"Error creating bridge {bridge_name}: {e}")
def move(self, iface, namespace):
"""
Move a network interface to another namespace.
Parameters:
iface (str): The interface name to move.
namespace (str): The target network namespace.
Raises:
Exception: If the interface cannot be moved.
"""
try:
ipr = IPRoute()
idx_list = ipr.link_lookup(ifname=iface)
if not idx_list:
raise ValueError(f"Interface {iface} not found.")
idx = idx_list[0]
ipr.link('set', index=idx, net_ns_fd=namespace)
except Exception as e:
print(f"Error moving interface {iface} to namespace {namespace}: {e}")
def set_interface_up(self, iface_name, namespace=None):
"""
Set a network interface up.
Parameters:
iface_name (str): The name of the interface.
namespace (str, optional): The network namespace where the interface exists.
Raises:
Exception: If the interface cannot be set up.
"""
try:
if namespace:
context_manager = NetNS(namespace)
else:
context_manager = IPRoute()
with context_manager as ns:
iface_idx_list = ns.link_lookup(ifname=iface_name)
if not iface_idx_list:
raise ValueError(f"Interface {iface_name} not found.")
iface_idx = iface_idx_list[0]
ns.link("set", index=iface_idx, state="up")
except Exception as e:
print(f"Error setting up interface {iface_name} in namespace {namespace}: {e}")
def attach_to_bridge(self, iface_name, bridge_name, namespace=None):
"""
Attach an interface to a bridge.
Parameters:
iface_name (str): The name of the interface.
bridge_name (str): The name of the bridge.
namespace (str, optional): The network namespace where the interface and bridge exist.
Raises:
Exception: If the interface cannot be attached to the bridge.
"""
try:
if namespace:
context_manager = NetNS(namespace)
else:
context_manager = IPRoute()
with context_manager as ns:
iface_idx_list = ns.link_lookup(ifname=iface_name)
if not iface_idx_list:
raise ValueError(f"Interface {iface_name} not found.")
iface_idx = iface_idx_list[0]
bridge_idx_list = ns.link_lookup(ifname=bridge_name)
if not bridge_idx_list:
raise ValueError(f"Bridge {bridge_name} not found.")
bridge_idx = bridge_idx_list[0]
ns.link("set", index=iface_idx, master=bridge_idx)
except Exception as e:
print(f"Error attaching interface {iface_name} to bridge {bridge_name} in namespace {namespace}: {e}")
def interpret_namespace(namespace_arg):
"""
Interpret the namespace argument.
If the argument is '1', converts it to None (representing the default namespace),
otherwise returns the argument as is.
Parameters:
namespace_arg (str): The namespace argument.
Returns:
str or None: The interpreted namespace.
"""
return None if namespace_arg == '1' else namespace_arg
def main():
parser = argparse.ArgumentParser(description="Create veth pairs between containers with optional bridge attachment.")
parser.add_argument("-ns1", "--namespace1", default=None, help="Name of the first namespace or container, or '1' for the default namespace.")
parser.add_argument("-ns2", "--namespace2", default=None, help="Name of the second namespace or container, or '1' for the default namespace.")
parser.add_argument("-n1", "--name1", required=True, help="Name of the first veth interface.")
parser.add_argument("-n2", "--name2", required=True, help="Name of the second veth interface.")
parser.add_argument("-b1", "--bridge1", default=None, help="Name of the network bridge for ns1.")
parser.add_argument("-b2", "--bridge2", default=None, help="Name of the network bridge for ns2.")
parser.add_argument("-t1", "--type1", default=None, help="Container type for ns1 ('docker', 'lxc', 'lxd', 'incus', or 'None' for the default namespace).")
parser.add_argument("-t2", "--type2", default=None, help="Container type for ns2 ('docker', 'lxc', 'lxd', 'incus', or 'None' for the default namespace).")
args = parser.parse_args()
# Processing namespace arguments and container types
ns1, type1 = interpret_namespace(args.namespace1), args.type1
ns2, type2 = interpret_namespace(args.namespace2), args.type2
# Instantiate management classes
iface_manager = IfaceManager()
container_exposer = ContainerNetnsExposer()
# Expose container network namespaces if applicable
if type1 and ns1:
ns1_pid = container_exposer.expose_container_netns(ns1, type1)
ns1 = ns1_pid
if type2 and ns2:
ns2_pid = container_exposer.expose_container_netns(ns2, type2)
ns2 = ns2_pid
# Create veth pair
iface_manager.create_veth(args.name1, args.name2)
# Move ends of the veth pair to appropriate namespaces if required
if ns1:
iface_manager.move(args.name1, ns1)
if ns2:
iface_manager.move(args.name2, ns2)
# Optional: Attach to network bridge and bring interfaces up
if args.bridge1 and args.name1:
iface_manager.attach_to_bridge(args.name1, args.bridge1, ns1)
iface_manager.set_interface_up(args.name1, ns1)
if args.bridge2 and args.name2:
iface_manager.attach_to_bridge(args.name2, args.bridge2, ns2)
iface_manager.set_interface_up(args.name2, ns2)
# Bring up interfaces if not already up
if not args.bridge1 and args.name1:
iface_manager.set_interface_up(args.name1, ns1)
if not args.bridge2 and args.name2:
iface_manager.set_interface_up(args.name2, ns2)
if __name__ == "__main__":
main()