2

I'm trying to set up DHCP for my lxcontainers without using lxc-net. The reason for this decision is that I'd like to place my containers in different networks, such that they are unable to talk to each other by default. I have successfully created and run containers using static IPs assigned within the containers' config file before, but I'd like to use a DHCP server on the host this time.

I've installed dnsmasq on my host and configured it like this:

# /etc/dnsmasq.d/dnsmasq.lxcbr.conf domain=local.lxc,10.10.10.0/24 interface=lxcbr dhcp-range=lxcbr,10.10.10.1,10.10.10.200,24h dhcp-option=option:router,10.10.10.254

According to this the file is being loaded correctly:

root@host:~# service dnsmasq status ● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled) [...] Feb 03 19:06:39 host dnsmasq[4228]: dnsmasq: syntax check OK. Feb 03 19:06:39 host dnsmasq[4237]: started, version 2.72 cachesize 150 Feb 03 19:06:39 host dnsmasq[4237]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect Feb 03 19:06:39 host dnsmasq-dhcp[4237]: DHCP, IP range 10.10.10.1 -- 10.10.10.200, lease time 1d Feb 03 19:06:39 host dnsmasq[4237]: reading /etc/resolv.conf Feb 03 19:06:39 host dnsmasq[4237]: using nameserver upstream.nameserver.ip.here#53 Feb 03 19:06:39 host dnsmasq[4237]: using nameserver upstream.nameserver.ip.here#53 Feb 03 19:06:39 host dnsmasq[4237]: read /etc/hosts - 5 addresses

lxcbr is the host's interface in the container's network:

root@host:~# ifconfig [...] lxcbrBind Link encap:Ethernet HWaddr fe:60:7a:cc:56:64 inet addr:10.10.10.254 Bcast:10.10.10.255 Mask:255.255.255.0 inet6 addr: fe80::7a:56ff:fe82:921f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:92 errors:0 dropped:0 overruns:0 frame:0 TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:5688 (5.5 KiB) TX bytes:928 (928.0 B) veth0 Link encap:Ethernet HWaddr fe:60:7a:cc:56:64 inet6 addr: fe80::fc60:7aff:fecc:5664/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 B) TX bytes:648 (648.0 B)

veth0 is the container's veth interface:

# /var/lib/lxc/container lxc.network.type = veth lxc.network.name = veth0 lxc.network.flags = up lxc.network.link = lxcbr lxc.network.veth.pair = veth0

I assume I'm doing something very stupid but I've run out of ideas at this point.

I appreciate your help, Christopher

Improve this question

2 Answers 2

Reset to default
0

  1. Make sure UDP packets have checksums In virtual networks UDP checksums are not being computed. This causes dhclient to reject offers. You can fix this by telling the host to recompute missing checksums:

    iptables -t mangle -A POSTROUTING -p udp -j CHECKSUM --checksum-fill

  2. Execute dhclient on the container Because the containers /etc/network/interfaces is not used by LXC, you must execute dhclient manually.

Improve this answer
0

The checksum filling solved the same issue for me. You can be more precise by specifying the bridge interface where your LXC is attached: 

iptables -t mangle -A POSTROUTING -p udp -j CHECKSUM -i bridge --checksum-fill

As for the automatic dhclient

Configure your interface to use dhcp in /etc/network/interfaces : 

auto eth0 iface eth0 inet dhcp

then enable networking service in your container : 

systemctl enable networking systemctl start networking
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.