Skip to content

Instantly share code, notes, and snippets.

@bersace
Last active March 13, 2017 11:32
Show Gist options
  • Save bersace/f2651a9b377905effd52 to your computer and use it in GitHub Desktop.
Save bersace/f2651a9b377905effd52 to your computer and use it in GitHub Desktop.
Utiliser dnsmasq comme aiguilleur
# note que ça peut être /etc/NetworkManager/dnsmasq.d/custom pour utiliser NetworkManager comme aiguilleur.
bind-interfaces
except-interface=docker0
except-interface=virbr*
except-interface=lxcbr*
log-queries
dns-forward-max=5
# 1h de TTL de base
max-ttl=3600
max-cache-ttl=3600
# Ne pas mettre en cache /etc/hosts
local-ttl=0
# En cas de NXDOMAIN, redemander dans les 10s
neg-ttl=10
# Aiguillage
server=/docker/192.168.7.254
server=/lxc/192.168.6.254
server=/lan.novapost.net/10.0.160.254
server=/serenity2.novapost.net/10.0.160.254
lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.mount.entry = /home/bersace/src usr/local/src none defaults,bind,uid=0,create=dir 0 0
bind-interfaces
except-interface=lo
dhcp-range=192.168.6.1,192.168.6.200,15m
dns-forward-max=5
domain=lxc
local=/lxc/
log-dhcp
log-queries
auto dockerports0
iface dockerports0 inet manual
pre-up ip link add $IFACE type dummy
pre-up ip link set dev $IFACE up
post-down ip link set dev $IFACE down || true
post-down ip link delete dev $IFACE type dummy || true
# dnsdock
iface dockerports0 inet static
netwask 255.255.255.0
address 192.168.7.254
# Ne pas oublier dans /etc/network/interfaces : source-directory interfaces.d
auto lxcbr0
iface lxcbr0 inet static
bridge_ports none
address 192.168.6.254
netmask 255.255.255.0
post-up iptables -A FORWARD -i $IFACE -s 192.168.6.0/24 -j ACCEPT
post-down iptables -D FORWARD -i $IFACE -s 192.168.6.0/24 -j ACCEPT
post-up iptables -A POSTROUTING -t nat -s 192.168.6.0/24 ! -d 192.168.6.0/24 -j MASQUERADE
post-down iptables -D POSTROUTING -t nat -s 192.168.6.0/24 ! -d 192.168.6.0/24 -j MASQUERADE
post-up iptables -A POSTROUTING -t mangle -p udp --dport bootpc -s 192.168.6.0/24 -j CHECKSUM --checksum-fill
post-down iptables -D POSTROUTING -t mangle -p udp --dport bootpc -s 192.168.6.0/24 -j CHECKSUM --checksum-fill
post-up dnsmasq --interface=$IFACE --conf-file=/etc/lxc/dnsmasq.$IFACE.conf --pid-file=/var/run/lxc-dnsmasq.$IFACE.pid
post-down kill $(cat /var/run/lxc-dnsmasq.$IFACE.pid)
@bersace
Copy link
Author

bersace commented Jul 5, 2016

J'ai implémenté ce gist en playbook ansible :

https://github.com/bersace/dotfiles/blob/master/virtualisation.yml

cc @wo0dyn @arkadefr @toopy

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment