bersace · March 13, 2017 11:32 · bersace · Jul 5, 2016
diff --git a/etc dnsmasq.d custom b/etc dnsmasq.d custom
 # note que ça peut être /etc/NetworkManager/dnsmasq.d/custom pour utiliser NetworkManager comme aiguilleur.

 bind-interfaces
 except-interface=docker0
 except-interface=virbr*
 except-interface=lxcbr*

 log-queries
 dns-forward-max=5
 # 1h de TTL de base
 max-ttl=3600
 max-cache-ttl=3600
 # Ne pas mettre en cache /etc/hosts
 local-ttl=0
 # En cas de NXDOMAIN, redemander dans les 10s
 neg-ttl=10

 # Aiguillage
 server=/docker/192.168.7.254
 server=/lxc/192.168.6.254
 server=/lan.novapost.net/10.0.160.254
 server=/serenity2.novapost.net/10.0.160.254
diff --git a/etc lxc default.conf b/etc lxc default.conf
 lxc.network.type = veth
 lxc.network.link = lxcbr0

 lxc.mount.entry = /home/bersace/src usr/local/src none defaults,bind,uid=0,create=dir 0 0
diff --git a/etc lxc dnsmasq.lxcbr0.conf b/etc lxc dnsmasq.lxcbr0.conf
 bind-interfaces
 except-interface=lo
 dhcp-range=192.168.6.1,192.168.6.200,15m
 dns-forward-max=5
 domain=lxc
 local=/lxc/
 log-dhcp
 log-queries

diff --git a/etc network interfaces.d dockerports b/etc network interfaces.d dockerports
 auto dockerports0
 iface dockerports0 inet manual 
        pre-up ip link add $IFACE type dummy
        pre-up ip link set dev $IFACE up
        post-down ip link set dev $IFACE down || true
        post-down ip link delete dev $IFACE type dummy || true

 # dnsdock
 iface dockerports0 inet static
        netwask 255.255.255.0
        address 192.168.7.254
diff --git a/etc network interfaces.d lxcbr0 b/etc network interfaces.d lxcbr0
 # Ne pas oublier dans /etc/network/interfaces : source-directory interfaces.d

 auto lxcbr0
 iface lxcbr0 inet static
        bridge_ports none
        address 192.168.6.254
        netmask 255.255.255.0
        post-up iptables -A FORWARD -i $IFACE -s 192.168.6.0/24 -j ACCEPT
        post-down iptables -D FORWARD -i $IFACE -s 192.168.6.0/24 -j ACCEPT
        post-up iptables -A POSTROUTING -t nat -s 192.168.6.0/24 ! -d 192.168.6.0/24 -j MASQUERADE
        post-down iptables -D POSTROUTING -t nat -s 192.168.6.0/24 ! -d 192.168.6.0/24 -j MASQUERADE
        post-up iptables -A POSTROUTING -t mangle -p udp --dport bootpc -s 192.168.6.0/24 -j CHECKSUM --checksum-fill
        post-down iptables -D POSTROUTING -t mangle -p udp --dport bootpc -s 192.168.6.0/24 -j CHECKSUM --checksum-fill
        post-up dnsmasq --interface=$IFACE --conf-file=/etc/lxc/dnsmasq.$IFACE.conf --pid-file=/var/run/lxc-dnsmasq.$IFACE.pid
        post-down kill $(cat /var/run/lxc-dnsmasq.$IFACE.pid)
	# note que ça peut être /etc/NetworkManager/dnsmasq.d/custom pour utiliser NetworkManager comme aiguilleur.

	bind-interfaces
	except-interface=docker0
	except-interface=virbr*
	except-interface=lxcbr*

	log-queries
	dns-forward-max=5
	# 1h de TTL de base
	max-ttl=3600
	max-cache-ttl=3600
	# Ne pas mettre en cache /etc/hosts
	local-ttl=0
	# En cas de NXDOMAIN, redemander dans les 10s
	neg-ttl=10

	# Aiguillage
	server=/docker/192.168.7.254
	server=/lxc/192.168.6.254
	server=/lan.novapost.net/10.0.160.254
	server=/serenity2.novapost.net/10.0.160.254
	lxc.network.type = veth
	lxc.network.link = lxcbr0

	lxc.mount.entry = /home/bersace/src usr/local/src none defaults,bind,uid=0,create=dir 0 0
	bind-interfaces
	except-interface=lo
	dhcp-range=192.168.6.1,192.168.6.200,15m
	dns-forward-max=5
	domain=lxc
	local=/lxc/
	log-dhcp
	log-queries
	auto dockerports0
	iface dockerports0 inet manual
	pre-up ip link add $IFACE type dummy
	pre-up ip link set dev $IFACE up
	post-down ip link set dev $IFACE down \|\| true
	post-down ip link delete dev $IFACE type dummy \|\| true

	# dnsdock
	iface dockerports0 inet static
	netwask 255.255.255.0
	address 192.168.7.254
	# Ne pas oublier dans /etc/network/interfaces : source-directory interfaces.d

	auto lxcbr0
	iface lxcbr0 inet static
	bridge_ports none
	address 192.168.6.254
	netmask 255.255.255.0
	post-up iptables -A FORWARD -i $IFACE -s 192.168.6.0/24 -j ACCEPT
	post-down iptables -D FORWARD -i $IFACE -s 192.168.6.0/24 -j ACCEPT
	post-up iptables -A POSTROUTING -t nat -s 192.168.6.0/24 ! -d 192.168.6.0/24 -j MASQUERADE
	post-down iptables -D POSTROUTING -t nat -s 192.168.6.0/24 ! -d 192.168.6.0/24 -j MASQUERADE
	post-up iptables -A POSTROUTING -t mangle -p udp --dport bootpc -s 192.168.6.0/24 -j CHECKSUM --checksum-fill
	post-down iptables -D POSTROUTING -t mangle -p udp --dport bootpc -s 192.168.6.0/24 -j CHECKSUM --checksum-fill
	post-up dnsmasq --interface=$IFACE --conf-file=/etc/lxc/dnsmasq.$IFACE.conf --pid-file=/var/run/lxc-dnsmasq.$IFACE.pid
	post-down kill $(cat /var/run/lxc-dnsmasq.$IFACE.pid)