Diode Documentation 2017-09-01
LXC
Command Examples
Create new container
sudo lxc-create -n plug -t fedora -B btrfs sudo vi /etc/lxc/dnsmasq.conf # see config examples
List existing containers
sudo lxc-ls -f
Attach existing container
sudo lxc-attach -n plug
Config Examples
/etc/lxc/lxc.conf - set path for containers to be stored (default /var/lib/lxc)
lxc.lxcpath = "/lxc"
/etc/lxc/default.conf - config options for all newly created containers to inherit
lxc.network.type = veth lxc.network.link = lxcbr0 lxc.network.flags = up lxc.network.hwaddr = 00:16:3e:xx:xx:xx lxc.start.auto = 1 # address #lxc.network.ipv4 = 192.168.1.1xx lxc.network.ipv4.gateway = 192.168.1.1 # memory lxc.cgroup.memory.limit_in_bytes = 512M # memory + swap lxc.cgroup.memory.memsw.limit_in_bytes = 1G
/etc/default/lxc-net - it may be necessary to add /etc/lxc/dnsasq.conf to the apparmor profile (/etc/apparmor.d/dnsmasq) with read privileges
USE_LXC_BRIDGE="true" LXC_BRIDGE="lxcbr0" LXC_ADDR="192.168.1.1" LXC_NETMASK="255.255.255.0" LXC_NETWORK="192.168.1.0/24" LXC_DHCP_RANGE="192.168.1.100,192.168.1.199" LXC_DHCP_MAX="100" LXC_DHCP_CONFILE="/etc/lxc/dnsmasq.conf" LXC_DOMAIN=""
/etc/lxc/dnsmasq.conf
dhcp-host=evan,192.168.1.102
iptables config
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 | #!/bin/bash ## Evan Widloski - 2016-11-11 # Diode iptables rules # filter table: flush all chains, and delete all user added chains iptables -F iptables -X # nat table: flush all chains, and delete all user added chains iptables -t nat -F iptables -t nat -X # set default policies to DROP packets iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP # allow inbound outbound traffic on host iptables -A OUTPUT -o enp6s0f0 -d 0.0.0.0/0 -j ACCEPT iptables -A INPUT -i enp6s0f0 -m state --state ESTABLISHED,RELATED -j ACCEPT # set up chain for sshguard iptables -N sshguard iptables -A INPUT -p tcp --dport 22 -j sshguard # allow ssh iptables -A INPUT -i enp6s0f0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o enp6s0f0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT # allow mosh iptables -A INPUT -i enp6s0f0 -p udp --dport 60000:61000 -j ACCEPT iptables -A OUTPUT -o enp6s0f0 -p udp --sport 60000:61000 -j ACCEPT # allow connections to varnish service #iptables -A INPUT -i enp6s0f0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT #iptables -A OUTPUT -o enp6s0f0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT # allow host to access LXC targets via network iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -s 192.168.1.0/24 -j ACCEPT # allow outbound traffic for lxc containers iptables -A FORWARD -i lxcbr0 -j ACCEPT iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE # after incoming packets have been NAT'ed (see below), allow them to pass through # the forward chain to their intended LXC target iptables -A FORWARD -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT ##------------ evan -------------- ## ssh iptables -t nat -A PREROUTING -p tcp --dport 20022 -j DNAT --to-destination 192.168.1.102:22 |
Welcome 2017-09-01
Welcome!
Welcome to the Purdue Linux Users Group Wiki!
Tutorials
Here are some tutorials that you might find useful.
How to access BoilerCast on Linux
PLUG Documentation
Linux 101
Fall 2016
Spring 2016
Fall 2015
Fall 2014
- Linux101 Session 1 Fall 2014 Introduction to Linux
- Linux101 Session 2 Fall 2014 Package Managers
- Linux101 Session 3 Fall 2014 Introduction to Vim
- Linux101 Session 4 Fall 2014 Bash
- Linux101 Session 5 Fall 2014 IP Tables
- Linux101 Session 6 Fall 2014 Permissions
Spring 2014
- Linux201 Session 1 Spring 2014 Using Wine
- Linux201 Session 3 Spring 2014 GNU Screen
- Linux201 Session 4 Spring 2014 Regular Expressions 2
Fall 2013
Spring 2013
Fall 2012
- Linux101 Session 1 Fall 2012 Introduction to Linux
- Linux101 Session 2 Fall 2012 Package Managers and File Systems
- Linux101 Session 3 Fall 2012 Introduction to Bash
- Linux201 Session 1 Fall 2012 Building Your Own Linux Lab
- Linux201 Session 2 Fall 2012 Setting Up Your Own LAN
- Linux201 Session 3 Fall 2012 Useful Tools and Services
Spring 2012
- Linux201 Session 1 Spring 2012 Everything You Ever Wanted To Do in VIM
- Linux201 Session 2 Spring 2012 Learn and Discuss Python!
- Linux201 Session 3 Spring 2012 Configuring Apache
- Linux201 Session 4 Spring 2012 Using Wine
Fall 2011
- Linux101 Session 1 Fall 2011 Introduction to Linux
- Linux101 Session 2 Fall 2011 Package Managers and File Systems
- Linux101 Session 3 Fall 2011 Jobs, Scheduling, and Backups
- Linux101 Session 4 Fall 2011 Introduction to Bash Scripting
- Linux101 Session 5 Fall 2011 Mail Clients Using Mutt
- Linux101 Session 6 Fall 2011 Linux Networking
Spring 2011
- Linux201 Session 1 Spring 2011 Source Control: Fundamentals and Git
- Linux201 Session 2 Spring 2011 Perl: The Gem of Linux
- Linux201 Session 3 Spring 2011 Python: And Now For Something Completely Different...
Fall 2010
- Linux101 Session 1 Introduction to Linux
- Linux101 Session 2 Tweaks & Text: Monday, October 18th
- Linux101 Session 3 apt-get install knowledge: Monday, November 1st
- Linux101 Session 4 Administration Fundamentals: Monday, November 15th (last session of the semester)
Member Meetings
- Member Meeting #3 2016-07-03
- Member Meeting #2 2014-09-23
- Member Meeting #1 2014-09-09