LXC ip allocation using DHCP
up vote
0
down vote
favorite
I'm trying to set up DHCP for my lxcontainers without using lxc-net. The reason for this decision is that I'd like to place my containers in different networks, such that they are unable to talk to each other by default. I have successfully created and run containers using static IPs assigned within the containers' config file before, but I'd like to use a DHCP server on the host this time.
I've installed dnsmasq on my host and configured it like this:
# /etc/dnsmasq.d/dnsmasq.lxcbr.conf
domain=local.lxc,10.10.10.0/24
interface=lxcbr
dhcp-range=lxcbr,10.10.10.1,10.10.10.200,24h
dhcp-option=option:router,10.10.10.254
According to this the file is being loaded correctly:
root@host:~# service dnsmasq status
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled)
[...]
Feb 03 19:06:39 host dnsmasq[4228]: dnsmasq: syntax check OK.
Feb 03 19:06:39 host dnsmasq[4237]: started, version 2.72 cachesize 150
Feb 03 19:06:39 host dnsmasq[4237]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect
Feb 03 19:06:39 host dnsmasq-dhcp[4237]: DHCP, IP range 10.10.10.1 -- 10.10.10.200, lease time 1d
Feb 03 19:06:39 host dnsmasq[4237]: reading /etc/resolv.conf
Feb 03 19:06:39 host dnsmasq[4237]: using nameserver upstream.nameserver.ip.here#53
Feb 03 19:06:39 host dnsmasq[4237]: using nameserver upstream.nameserver.ip.here#53
Feb 03 19:06:39 host dnsmasq[4237]: read /etc/hosts - 5 addresses
lxcbr is the host's interface in the container's network:
root@host:~# ifconfig
[...]
lxcbrBind Link encap:Ethernet HWaddr fe:60:7a:cc:56:64
inet addr:10.10.10.254 Bcast:10.10.10.255 Mask:255.255.255.0
inet6 addr: fe80::7a:56ff:fe82:921f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:92 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5688 (5.5 KiB) TX bytes:928 (928.0 B)
veth0 Link encap:Ethernet HWaddr fe:60:7a:cc:56:64
inet6 addr: fe80::fc60:7aff:fecc:5664/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:648 (648.0 B) TX bytes:648 (648.0 B)
veth0 is the container's veth interface:
# /var/lib/lxc/container
lxc.network.type = veth
lxc.network.name = veth0
lxc.network.flags = up
lxc.network.link = lxcbr
lxc.network.veth.pair = veth0
I assume I'm doing something very stupid but I've run out of ideas at this point.
I appreciate your help,
Christopher
dhcp lxc dnsmasq container
asked Feb 3 '16 at 18:20
Cyclonit
265
add a comment |
up vote
0
down vote
favorite
I'm trying to set up DHCP for my lxcontainers without using lxc-net. The reason for this decision is that I'd like to place my containers in different networks, such that they are unable to talk to each other by default. I have successfully created and run containers using static IPs assigned within the containers' config file before, but I'd like to use a DHCP server on the host this time.
I've installed dnsmasq on my host and configured it like this:
# /etc/dnsmasq.d/dnsmasq.lxcbr.conf
domain=local.lxc,10.10.10.0/24
interface=lxcbr
dhcp-range=lxcbr,10.10.10.1,10.10.10.200,24h
dhcp-option=option:router,10.10.10.254
According to this the file is being loaded correctly:
root@host:~# service dnsmasq status
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled)
[...]
Feb 03 19:06:39 host dnsmasq[4228]: dnsmasq: syntax check OK.
Feb 03 19:06:39 host dnsmasq[4237]: started, version 2.72 cachesize 150
Feb 03 19:06:39 host dnsmasq[4237]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect
Feb 03 19:06:39 host dnsmasq-dhcp[4237]: DHCP, IP range 10.10.10.1 -- 10.10.10.200, lease time 1d
Feb 03 19:06:39 host dnsmasq[4237]: reading /etc/resolv.conf
Feb 03 19:06:39 host dnsmasq[4237]: using nameserver upstream.nameserver.ip.here#53
Feb 03 19:06:39 host dnsmasq[4237]: using nameserver upstream.nameserver.ip.here#53
Feb 03 19:06:39 host dnsmasq[4237]: read /etc/hosts - 5 addresses
lxcbr is the host's interface in the container's network:
root@host:~# ifconfig
[...]
lxcbrBind Link encap:Ethernet HWaddr fe:60:7a:cc:56:64
inet addr:10.10.10.254 Bcast:10.10.10.255 Mask:255.255.255.0
inet6 addr: fe80::7a:56ff:fe82:921f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:92 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5688 (5.5 KiB) TX bytes:928 (928.0 B)
veth0 Link encap:Ethernet HWaddr fe:60:7a:cc:56:64
inet6 addr: fe80::fc60:7aff:fecc:5664/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:648 (648.0 B) TX bytes:648 (648.0 B)
veth0 is the container's veth interface:
# /var/lib/lxc/container
lxc.network.type = veth
lxc.network.name = veth0
lxc.network.flags = up
lxc.network.link = lxcbr
lxc.network.veth.pair = veth0
I assume I'm doing something very stupid but I've run out of ideas at this point.
I appreciate your help,
Christopher
dhcp lxc dnsmasq container
asked Feb 3 '16 at 18:20
Cyclonit
265
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I'm trying to set up DHCP for my lxcontainers without using lxc-net. The reason for this decision is that I'd like to place my containers in different networks, such that they are unable to talk to each other by default. I have successfully created and run containers using static IPs assigned within the containers' config file before, but I'd like to use a DHCP server on the host this time.
I've installed dnsmasq on my host and configured it like this:
# /etc/dnsmasq.d/dnsmasq.lxcbr.conf
domain=local.lxc,10.10.10.0/24
interface=lxcbr
dhcp-range=lxcbr,10.10.10.1,10.10.10.200,24h
dhcp-option=option:router,10.10.10.254
According to this the file is being loaded correctly:
root@host:~# service dnsmasq status
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled)
[...]
Feb 03 19:06:39 host dnsmasq[4228]: dnsmasq: syntax check OK.
Feb 03 19:06:39 host dnsmasq[4237]: started, version 2.72 cachesize 150
Feb 03 19:06:39 host dnsmasq[4237]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect
Feb 03 19:06:39 host dnsmasq-dhcp[4237]: DHCP, IP range 10.10.10.1 -- 10.10.10.200, lease time 1d
Feb 03 19:06:39 host dnsmasq[4237]: reading /etc/resolv.conf
Feb 03 19:06:39 host dnsmasq[4237]: using nameserver upstream.nameserver.ip.here#53
Feb 03 19:06:39 host dnsmasq[4237]: using nameserver upstream.nameserver.ip.here#53
Feb 03 19:06:39 host dnsmasq[4237]: read /etc/hosts - 5 addresses
lxcbr is the host's interface in the container's network:
root@host:~# ifconfig
[...]
lxcbrBind Link encap:Ethernet HWaddr fe:60:7a:cc:56:64
inet addr:10.10.10.254 Bcast:10.10.10.255 Mask:255.255.255.0
inet6 addr: fe80::7a:56ff:fe82:921f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:92 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5688 (5.5 KiB) TX bytes:928 (928.0 B)
veth0 Link encap:Ethernet HWaddr fe:60:7a:cc:56:64
inet6 addr: fe80::fc60:7aff:fecc:5664/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:648 (648.0 B) TX bytes:648 (648.0 B)
veth0 is the container's veth interface:
# /var/lib/lxc/container
lxc.network.type = veth
lxc.network.name = veth0
lxc.network.flags = up
lxc.network.link = lxcbr
lxc.network.veth.pair = veth0
I assume I'm doing something very stupid but I've run out of ideas at this point.
I appreciate your help,
Christopher
dhcp lxc dnsmasq container
asked Feb 3 '16 at 18:20
Cyclonit
265
I'm trying to set up DHCP for my lxcontainers without using lxc-net. The reason for this decision is that I'd like to place my containers in different networks, such that they are unable to talk to each other by default. I have successfully created and run containers using static IPs assigned within the containers' config file before, but I'd like to use a DHCP server on the host this time.
I've installed dnsmasq on my host and configured it like this:
# /etc/dnsmasq.d/dnsmasq.lxcbr.conf
domain=local.lxc,10.10.10.0/24
interface=lxcbr
dhcp-range=lxcbr,10.10.10.1,10.10.10.200,24h
dhcp-option=option:router,10.10.10.254
According to this the file is being loaded correctly:
root@host:~# service dnsmasq status
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled)
[...]
Feb 03 19:06:39 host dnsmasq[4228]: dnsmasq: syntax check OK.
Feb 03 19:06:39 host dnsmasq[4237]: started, version 2.72 cachesize 150
Feb 03 19:06:39 host dnsmasq[4237]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect
Feb 03 19:06:39 host dnsmasq-dhcp[4237]: DHCP, IP range 10.10.10.1 -- 10.10.10.200, lease time 1d
Feb 03 19:06:39 host dnsmasq[4237]: reading /etc/resolv.conf
Feb 03 19:06:39 host dnsmasq[4237]: using nameserver upstream.nameserver.ip.here#53
Feb 03 19:06:39 host dnsmasq[4237]: using nameserver upstream.nameserver.ip.here#53
Feb 03 19:06:39 host dnsmasq[4237]: read /etc/hosts - 5 addresses
lxcbr is the host's interface in the container's network:
root@host:~# ifconfig
[...]
lxcbrBind Link encap:Ethernet HWaddr fe:60:7a:cc:56:64
inet addr:10.10.10.254 Bcast:10.10.10.255 Mask:255.255.255.0
inet6 addr: fe80::7a:56ff:fe82:921f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:92 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5688 (5.5 KiB) TX bytes:928 (928.0 B)
veth0 Link encap:Ethernet HWaddr fe:60:7a:cc:56:64
inet6 addr: fe80::fc60:7aff:fecc:5664/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:648 (648.0 B) TX bytes:648 (648.0 B)
veth0 is the container's veth interface:
# /var/lib/lxc/container
lxc.network.type = veth
lxc.network.name = veth0
lxc.network.flags = up
lxc.network.link = lxcbr
lxc.network.veth.pair = veth0
I assume I'm doing something very stupid but I've run out of ideas at this point.
I appreciate your help,
Christopher
dhcp lxc dnsmasq container
dhcp lxc dnsmasq container
asked Feb 3 '16 at 18:20
Cyclonit
265
asked Feb 3 '16 at 18:20
Cyclonit
265
edited Feb 3 '16 at 18:50
asked Feb 3 '16 at 18:20
Cyclonit
265
asked Feb 3 '16 at 18:20
Cyclonit
265
asked Feb 3 '16 at 18:20
Cyclonit
265
265
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
up vote
0
down vote
Make sure UDP packets have checksums
In virtual networks UDP checksums are not being computed. This causes dhclient to reject offers. You can fix this by telling the host to recompute missing checksums:
iptables -t mangle -A POSTROUTING -p udp -j CHECKSUM --checksum-fill
Execute dhclient on the container
Because the containers /etc/network/interfaces is not used by LXC, you must execute dhclient manually.
answered Feb 11 '16 at 0:03
Cyclonit
265
add a comment |
up vote
0
down vote
The checksum filling solved the same issue for me.
You can be more precise by specifying the bridge interface where your LXC is attached:
iptables -t mangle -A POSTROUTING -p udp -j CHECKSUM -i bridge --checksum-fill
As for the automatic dhclient
Configure your interface to use dhcp in /etc/network/interfaces :
auto eth0
iface eth0 inet dhcp
then enable networking service in your container :
systemctl enable networking
systemctl start networking
answered Apr 19 '17 at 20:59
pheuzoune
1
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
Make sure UDP packets have checksums
In virtual networks UDP checksums are not being computed. This causes dhclient to reject offers. You can fix this by telling the host to recompute missing checksums:
iptables -t mangle -A POSTROUTING -p udp -j CHECKSUM --checksum-fill
Execute dhclient on the container
Because the containers /etc/network/interfaces is not used by LXC, you must execute dhclient manually.
answered Feb 11 '16 at 0:03
Cyclonit
265
add a comment |
up vote
0
down vote
Make sure UDP packets have checksums
In virtual networks UDP checksums are not being computed. This causes dhclient to reject offers. You can fix this by telling the host to recompute missing checksums:
iptables -t mangle -A POSTROUTING -p udp -j CHECKSUM --checksum-fill
Execute dhclient on the container
Because the containers /etc/network/interfaces is not used by LXC, you must execute dhclient manually.
answered Feb 11 '16 at 0:03
Cyclonit
265
add a comment |
up vote
0
down vote
up vote
0
down vote
Make sure UDP packets have checksums
In virtual networks UDP checksums are not being computed. This causes dhclient to reject offers. You can fix this by telling the host to recompute missing checksums:
iptables -t mangle -A POSTROUTING -p udp -j CHECKSUM --checksum-fill
Execute dhclient on the container
Because the containers /etc/network/interfaces is not used by LXC, you must execute dhclient manually.
answered Feb 11 '16 at 0:03
Cyclonit
265
Make sure UDP packets have checksums
In virtual networks UDP checksums are not being computed. This causes dhclient to reject offers. You can fix this by telling the host to recompute missing checksums:
iptables -t mangle -A POSTROUTING -p udp -j CHECKSUM --checksum-fill
Execute dhclient on the container
Because the containers /etc/network/interfaces is not used by LXC, you must execute dhclient manually.
answered Feb 11 '16 at 0:03
Cyclonit
265
answered Feb 11 '16 at 0:03
Cyclonit
265
answered Feb 11 '16 at 0:03
Cyclonit
265
answered Feb 11 '16 at 0:03
Cyclonit
265
265
add a comment |
add a comment |
up vote
0
down vote
The checksum filling solved the same issue for me.
You can be more precise by specifying the bridge interface where your LXC is attached:
iptables -t mangle -A POSTROUTING -p udp -j CHECKSUM -i bridge --checksum-fill
As for the automatic dhclient
Configure your interface to use dhcp in /etc/network/interfaces :
auto eth0
iface eth0 inet dhcp
then enable networking service in your container :
systemctl enable networking
systemctl start networking
answered Apr 19 '17 at 20:59
pheuzoune
1
add a comment |
up vote
0
down vote
The checksum filling solved the same issue for me.
You can be more precise by specifying the bridge interface where your LXC is attached:
iptables -t mangle -A POSTROUTING -p udp -j CHECKSUM -i bridge --checksum-fill
As for the automatic dhclient
Configure your interface to use dhcp in /etc/network/interfaces :
auto eth0
iface eth0 inet dhcp
then enable networking service in your container :
systemctl enable networking
systemctl start networking
answered Apr 19 '17 at 20:59
pheuzoune
1
add a comment |
up vote
0
down vote
up vote
0
down vote
The checksum filling solved the same issue for me.
You can be more precise by specifying the bridge interface where your LXC is attached:
iptables -t mangle -A POSTROUTING -p udp -j CHECKSUM -i bridge --checksum-fill
As for the automatic dhclient
Configure your interface to use dhcp in /etc/network/interfaces :
auto eth0
iface eth0 inet dhcp
then enable networking service in your container :
systemctl enable networking
systemctl start networking
answered Apr 19 '17 at 20:59
pheuzoune
1
The checksum filling solved the same issue for me.
You can be more precise by specifying the bridge interface where your LXC is attached:
iptables -t mangle -A POSTROUTING -p udp -j CHECKSUM -i bridge --checksum-fill
As for the automatic dhclient
Configure your interface to use dhcp in /etc/network/interfaces :
auto eth0
iface eth0 inet dhcp
then enable networking service in your container :
systemctl enable networking
systemctl start networking
answered Apr 19 '17 at 20:59
pheuzoune
1
answered Apr 19 '17 at 20:59
pheuzoune
1
answered Apr 19 '17 at 20:59
pheuzoune
1
answered Apr 19 '17 at 20:59
pheuzoune
1
1
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f259655%2flxc-ip-allocation-using-dhcp%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
