Free Alpine Linux Shell Accounts

11112131517

Comments

  • From simple free Alpine shell accounts to the mind-boggling complexities of networking with LXC containers =)

    Thanked by (1)Not_Oles

    "A single swap file or partition may be up to 128 MB in size. [...] [I]f you need 256 MB of swap, you can create two 128-MB swap partitions." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 49)

  • @yoursunny

    ~/pri/pf/lxc_test $ lxc-start -n guest1 -f $HOME/.config/lxc/default.conf -F -P $(pwd)/container

    I make a mistake.I should remove "-f $HOME/.config/lxc/default.conf" from the command

    ~/pri/pf/lxc_test $ lxc-start -n guest1 -F -P $(pwd)/container
    Failed to look up module alias 'autofs4': Function not implemented
    Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted
    [!!!!!!] Failed to mount API filesystems.
    Exiting PID 1...
    

    The container guest1(ubuntu) fail to start up ,but Devuan container works fine =) !
    The network seems not ready yet !
    Going to find out how to make it work. =)

    ~/pri/pf/lxc_test $ lxc-start -n Devuan -P $(pwd)/container
    ~/pri/pf/lxc_test $ lxc-attach -n Devuan -P $(pwd)/container
    root@Devuan:/# uname -a
    Linux Devuan 6.1.7-0-lts #1-Alpine SMP PREEMPT_DYNAMIC Thu, 19 Jan 2023 08:05:57 +0000 x86_64 GNU/Linux
    root@Devuan:/# ip addr
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
        inet6 ::1/128 scope host 
           valid_lft forever preferred_lft forever
    2: eth0@if23: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
        link/ether 00:16:3e:5e:fe:c4 brd ff:ff:ff:ff:ff:ff link-netnsid 0
        inet6 fe80::216:3eff:fe5e:fec4/64 scope link 
           valid_lft forever preferred_lft forever
    
  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @yoursunny said: @Not_Oles said:
    ip addr add 192.168.188.1/24 dev lxcbr0
    iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT --to 192.168.5.188

    The 192.168.5.188 is a sample value in my test box.
    It's meant to be a public IPv4 address routed to the host machine, that is used for outgoing NAT traffic.

    IPv6 assignment is wrong too.
    Currently eth1 has 2602:fba1:999::2/48 and lxcbr0 has 2602:fba1:999::/48, so that the kernel thinks both interfaces are on the same subnet and would not forward traffic between them.
    You should reduce the subnet size on each, so that they don't overlap.
    For example, change eth1 to 2602:fba1:999::2/64 and change lxcbr0 to 2602:fba1:999:1c00::/56.

    Hi @yoursunny! Thanks for your comments and corrections! Please let me try again on the configuration. I haven't touched the server yet. If you say the newly revised configuration looks right, then I will reboot the server and run the revised lxc-up.sh. Other guys also welcome to comment.

    Let's start revising with the current eth1 and lxcbr0 IPv4 address assignments in mind:

    fmt:~# ip -4 addr show eth1
    3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
        inet 23.134.88.226/28 scope global eth1
           valid_lft forever preferred_lft forever
        inet 192.168.5.188/24 scope global deprecated eth1
           valid_lft forever preferred_lft forever
    fmt:~# ip -4 addr show dev lxcbr0
    6: lxcbr0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
        inet 192.168.188.1/24 scope global lxcbr0
           valid_lft forever preferred_lft forever
    fmt:~# 
    

    And also starting with the current lxc-up.sh:

    fmt:~# cat lxc-up.sh
    ip link add lxcbr0 type bridge
    ip addr add 192.168.188.1/24 dev lxcbr0 
    ip addr add 2602:fba1:999::/48 dev lxcbr0
    sysctl net.ipv4.ip_forward=1
    sysctl net.ipv6.conf.all.forwarding=1
    ip addr add 192.168.5.188/24 dev eth1 preferred_lft 0
    iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT --to 192.168.5.188
    fmt:~# 
    

    IPv4 Changes

    Change 192.168.5.188 to "a public IPv4 address routed to the host machine"

    fmt:~# cat lxc-up.sh
    ip link add lxcbr0 type bridge
    ~~ip addr add 192.168.188.1/24 dev lxcbr0~~ # Will be removed in reboot prior to rerunning lxc-up.sh or could be removed manually with `ip addr del`
    ip addr add 23.134.88.227/28 dev lxcbr0 # Add a public IPv4 address routed (?) to host machine 
    ip addr add 2602:fba1:999::/48 dev lxcbr0
    sysctl net.ipv4.ip_forward=1
    sysctl net.ipv6.conf.all.forwarding=1
    ~~ip addr add 192.168.5.188/24 dev eth1 preferred_lft 0~~
    ip addr add 23.134.88.227/28 dev eth1 preferred_lft 0
    ~~iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT --to 192.168.5.188~~
    iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT --to 23.134.88.227
    fmt:~# 
    

    IPv6 Changes

    Current IPv6 address assignments:

    fmt:~# ip -6 addr show eth1
    3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
        inet6 2602:fba1:999::2/48 scope global 
           valid_lft forever preferred_lft forever
        inet6 fe80::21e:67ff:fed4:dbbc/64 scope link 
           valid_lft forever preferred_lft forever
    fmt:~# ip -6 addr show dev lxcbr0
    6: lxcbr0: <BROADCAST,MULTICAST> mtu 1500 state DOWN qlen 1000
        inet6 2602:fba1:999::/48 scope global tentative 
           valid_lft forever preferred_lft forever
    fmt:~# 
    

    Change eth1 to 2602:fba1:999::2/64 and change lxcbr0 to 2602:fba1:999:1c00::/56.

    fmt:~# cat lxc-up.sh
    ip link add lxcbr0 type bridge
    ~~ip addr add 192.168.188.1/24 dev lxcbr0~~ # Will be removed in reboot prior to rerunning lxc-up.sh or could be removed manually with `ip addr del`
    ip addr add 23.134.88.227/28 dev lxcbr0 # Add a public IPv4 address routed (?) to host machine 
    ~~ip addr add 2602:fba1:999::/48 dev lxcbr0~~
    ip addr add 2602:fba1:999:1c00::/56 dev lxcbr0 # Are this and the following 2 ip addr commands in the right order?
    ip addr add 2602:fba1:999::2/64 dev eth1
    ip addr del 2602:fba1:999::2/48 dev eth1 # Needs manual removal unless /etc/network/interfaces is changed.
    sysctl net.ipv4.ip_forward=1
    sysctl net.ipv6.conf.all.forwarding=1
    ~~ip addr add 192.168.5.188/24 dev eth1 preferred_lft 0~~
    ip addr add 23.134.88.227/28 dev eth1 preferred_lft 0
    ~~iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT --to 192.168.5.188~~
    iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT --to 23.134.88.227
    fmt:~# 
    

    Proposed change

    So lxc-up.sh would become:

    fmt:~# cat lxc-up.sh
    ip link add lxcbr0 type bridge
    ip addr add 23.134.88.227/28 dev lxcbr0  
    ip addr add 2602:fba1:999:1c00::/56 dev lxcbr0 
    ip addr add 2602:fba1:999::2/64 dev eth1
    ip addr del 2602:fba1:999::2/48 dev eth1 
    sysctl net.ipv4.ip_forward=1
    sysctl net.ipv6.conf.all.forwarding=1
    ip addr add 23.134.88.227/28 dev eth1 preferred_lft 0
    iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT --to 23.134.88.227
    fmt:~# 
    
  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @subenhon said: The network seems not ready yet !

    That's right!

    Going to find out how to make it work. =)

    Yaaay! That's the true Low End Spirit! <3

  • @Not_Oles said:
    ip link add lxcbr0 type bridge

    You may need ip link set lxcbr0 up, just after this line.

    ip addr add 2602:fba1:999::2/64 dev eth1
    ip addr del 2602:fba1:999::2/48 dev eth1

    These two lines must be swapped.
    Otherwise you get RTNETLINK answers: File exists because the same address 2602:fba1:999::2 already exists on the netif even if the prefix length differs.

    Thanked by (1)Not_Oles

    Webhosting24 aff best VPS; ServerFactory aff best VDS; Cloudie best ASN; Huel aff best brotein.

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @yoursunny said:

    @Not_Oles said:
    ip link add lxcbr0 type bridge

    You may need ip link set lxcbr0 up, just after this line.

    ip addr add 2602:fba1:999::2/64 dev eth1
    ip addr del 2602:fba1:999::2/48 dev eth1

    These two lines must be swapped.
    Otherwise you get RTNETLINK answers: File exists because the same address 2602:fba1:999::2 already exists on the netif even if the prefix length differs.

    Thanks @yoursunny! I put the new lxc-up.sh on the server. Right now @subenhon is running lots of stuff, so I wanna let him know the reboot is coming. Except that I'm going to sleep soon, so, if @subenhon isn't around, maybe the reboot and test will wait until the morning.

  • @Not_Oles
    Thanks,I had saved my work,It is ok to reboot now

    Thanked by (1)Not_Oles
  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @subenhon said:
    @Not_Oles
    Thanks,I had saved my work,It is ok to reboot now

    Wow! LES is faster than the wall(1) command, from util-linux, which isn't installed on fmt.

    Thanks @subenhon! I'm off to reboot!

  • Not_OlesNot_Oles Hosting ProviderContent Writer
    chronos@penguin:~$ ssh f
    Welcome to Alpine!
    
    
    fmt:~# date -u
    Wed Jan 25 05:02:06 UTC 2023
    fmt:~# reboot
    fmt:~# Connection to fmt.metalvps.com closed by remote host.
    Connection to fmt.metalvps.com closed.
    chronos@penguin:~
    
  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @yoursunny After running all the commands except ip link set lxcbr0 up the ip link show command says lxcbr0 is DOWN. After running the ip link set lxcbr0 up lxcbr0 is UNKNOWN. Also 227 address on eth1 is "deprecated." Thanks!

    Wed Jan 25 05:06:35 UTC 2023
    fmt:~# # Test of revised lxc-up.sh
    fmt:~# # After reboot, before running any commands from lxc-up.sh
    fmt:~# ip link show
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
        link/ether 00:1e:67:d4:db:bb brd ff:ff:ff:ff:ff:ff
    3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
        link/ether 00:1e:67:d4:db:bc brd ff:ff:ff:ff:ff:ff
    4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
        link/ether 00:1e:67:d4:db:bd brd ff:ff:ff:ff:ff:ff
    5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
        link/ether 00:1e:67:d4:db:be brd ff:ff:ff:ff:ff:ff
    fmt:~# ip addr show
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
        inet6 ::1/128 scope host 
           valid_lft forever preferred_lft forever
    2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
        link/ether 00:1e:67:d4:db:bb brd ff:ff:ff:ff:ff:ff
    3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
        link/ether 00:1e:67:d4:db:bc brd ff:ff:ff:ff:ff:ff
        inet 23.134.88.226/28 scope global eth1
           valid_lft forever preferred_lft forever
        inet6 2602:fba1:999::2/48 scope global 
           valid_lft forever preferred_lft forever
        inet6 fe80::21e:67ff:fed4:dbbc/64 scope link 
           valid_lft forever preferred_lft forever
    4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
        link/ether 00:1e:67:d4:db:bd brd ff:ff:ff:ff:ff:ff
    5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
        link/ether 00:1e:67:d4:db:be brd ff:ff:ff:ff:ff:ff
    fmt:~# ip route show
    default via 23.134.88.225 dev eth1  metric 1 onlink 
    23.134.88.224/28 dev eth1 scope link  src 23.134.88.226 
    fmt:~# ip -6 route show
    2602:fba1:999::/48 dev eth1  metric 256 
    fe80::/64 dev eth1  metric 256 
    default via 2602:fba1:999::1 dev eth1  metric 1 onlink 
    multicast ff00::/8 dev eth1  metric 256 
    fmt:~# cat -n lxc-up.sh
         1  ip link add lxcbr0 type bridge
         2  # ip link set lxcbr0 up # Perhaps not needed
         3  ip addr add 23.134.88.227/28 dev lxcbr0  
         4  ip addr add 2602:fba1:999:1c00::/56 dev lxcbr0 
         5  ip addr del 2602:fba1:999::2/48 dev eth1 
         6  ip addr add 2602:fba1:999::2/64 dev eth1
         7  sysctl net.ipv4.ip_forward=1
         8  sysctl net.ipv6.conf.all.forwarding=1
         9  ip addr add 23.134.88.227/28 dev eth1 preferred_lft 0
        10  iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT --to 23.134.88.227
    fmt:~# ip link add lxcbr0 type bridge
    fmt:~# ip addr add 23.134.88.227/28 dev lxcbr0
    fmt:~# ip addr add 2602:fba1:999:1c00::/56 dev lxcbr0
    fmt:~# ip addr del 2602:fba1:999::2/48 dev eth1
    fmt:~# ip addr add 2602:fba1:999::2/64 dev eth1
    fmt:~# sysctl net.ipv4.ip_forward=1
    net.ipv4.ip_forward = 1
    fmt:~# sysctl net.ipv6.conf.all.forwarding=1
    net.ipv6.conf.all.forwarding = 1
    fmt:~# ip addr add 23.134.88.227/28 dev eth1 preferred_lft 0
    fmt:~# iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT --to 23.134.88.227
    fmt:~# # After
    fmt:~# ip link show
      [ . . . ]
    6: lxcbr0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
        link/ether e2:0b:8d:5a:0c:d6 brd ff:ff:ff:ff:ff:ff
    fmt:~# # Need to set lxcbr0 up
    fmt:~# ip link set lxcbr0 up
    fmt:~# ip link show
      [ . . . ]
    6: lxcbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000
        link/ether e2:0b:8d:5a:0c:d6 brd ff:ff:ff:ff:ff:ff
    fmt:~# ip addr show
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
        inet6 ::1/128 scope host 
           valid_lft forever preferred_lft forever
      [ . . . ]
    3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
        link/ether 00:1e:67:d4:db:bc brd ff:ff:ff:ff:ff:ff
        inet 23.134.88.226/28 scope global eth1
           valid_lft forever preferred_lft forever
        inet 23.134.88.227/28 scope global secondary deprecated eth1 
           valid_lft forever preferred_lft forever
        inet6 2602:fba1:999::2/64 scope global 
           valid_lft forever preferred_lft forever
        inet6 fe80::21e:67ff:fed4:dbbc/64 scope link 
           valid_lft forever preferred_lft forever
      [ . . . ]
    6: lxcbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000
        link/ether e2:0b:8d:5a:0c:d6 brd ff:ff:ff:ff:ff:ff
        inet 23.134.88.227/28 scope global lxcbr0
           valid_lft forever preferred_lft forever
        inet6 2602:fba1:999:1c00::/56 scope global 
           valid_lft forever preferred_lft forever
        inet6 fe80::e00b:8dff:fe5a:cd6/64 scope link 
           valid_lft forever preferred_lft forever
    fmt:~# ip route show
    default via 23.134.88.225 dev eth1  metric 1 onlink 
    23.134.88.224/28 dev eth1 scope link  src 23.134.88.226 
    23.134.88.224/28 dev lxcbr0 scope link  src 23.134.88.227 
    fmt:~# ip -6 route show
    2602:fba1:999::/64 dev eth1  metric 256 
    2602:fba1:999:1c00::/56 dev lxcbr0  metric 256 
    fe80::/64 dev eth1  metric 256 
    fe80::/64 dev lxcbr0  metric 256 
    default via 2602:fba1:999::1 dev eth1  metric 1 onlink 
    anycast 2602:fba1:999:: dev eth1  metric 0 
    anycast fe80:: dev eth1  metric 0 
    anycast fe80:: dev lxcbr0  metric 0 
    multicast ff00::/8 dev eth1  metric 256 
    multicast ff00::/8 dev lxcbr0  metric 256 
    fmt:~# 
    
  • @Not_Oles said:

    ip addr add 23.134.88.227/28 dev lxcbr0  
    ip addr add 23.134.88.227/28 dev eth1 preferred_lft 0
    

    You accidentally assigned the same IPv4 address on both netifs.
    lxcbr0 is meant to have an RFC1918 address such as 192.168.188.1.

    IPv6 assignments and routing are correct now.
    However, the server doesn't seem to have routed IPv6, but it is on-link IPv6.
    Hence, you would need to have ndpresponder listen on eth1 and respond to the IPv6 subnet of lxcbr0.

    Webhosting24 aff best VPS; ServerFactory aff best VDS; Cloudie best ASN; Huel aff best brotein.

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @yoursunny said: You accidentally assigned the same IPv4 address on both netifs.
    lxcbr0 is meant to have an RFC1918 address such as 192.168.188.1.

    fmt:~# cat lxc-up.sh
    ip link add lxcbr0 type bridge
    # ip link set lxcbr0 up
    ip addr add 23.134.88.227/28 dev lxcbr0  
    ip addr add 2602:fba1:999:1c00::/56 dev lxcbr0 
    ip addr del 2602:fba1:999::2/48 dev eth1 
    ip addr add 2602:fba1:999::2/64 dev eth1
    sysctl net.ipv4.ip_forward=1
    sysctl net.ipv6.conf.all.forwarding=1
    ip addr add 23.134.88.227/28 dev eth1 preferred_lft 0
    iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT --to 23.134.88.227
    fmt:~# cp -p lxc-up.sh lxc-up.sh~
    fmt:~# sed -i 's/23.134.88.227\/28 dev lxcbr0/192.168.188.1\/24 dev lxcbr0/' lxc-up.sh
    fmt:~# sed -i 's/\# //' lxc-up.sh
    fmt:~# cat lxc-up.sh
    ip link add lxcbr0 type bridge
    ip link set lxcbr0 up
    ip addr add 192.168.188.1/24 dev lxcbr0  
    ip addr add 2602:fba1:999:1c00::/56 dev lxcbr0 
    ip addr del 2602:fba1:999::2/48 dev eth1 
    ip addr add 2602:fba1:999::2/64 dev eth1
    sysctl net.ipv4.ip_forward=1
    sysctl net.ipv6.conf.all.forwarding=1
    ip addr add 23.134.88.227/28 dev eth1 preferred_lft 0
    iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT --to 23.134.88.227
    fmt:~# 
    

    I am going to reboot the server and run ipv6-up.sh just to see if anything interesting seems to happen.

    @yoursunny said: IPv6 assignments and routing are correct now.
    However, the server doesn't seem to have routed IPv6, but it is on-link IPv6.
    Hence, you would need to have ndpresponder listen on eth1 and respond to the IPv6 subnet of lxcbr0.

    From inside the server how does one easily determine whether the IPv4 and IPv6 allocations are on-link or routed?

    For ndpresponder, I remember installing on fmt Alpine some glibc compatability layer. Perhaps we might grab the ndpresponder binary that was compiled on the i9 Proxmox server and use it on Alpine via the glibc compatability layer. Alternatively, we perhaps could, on fmt Alpine, install go and again compile ndpresponder from sources against musl libc. Which route is grassy and in want of wear?

    As always, thanks very much @yoursunny and other guys on the server. :)

  • Not_OlesNot_Oles Hosting ProviderContent Writer
    edited January 2023
    fmt:~# date -u 
    Wed Jan 25 21:08:09 UTC 2023
    fmt:~# # Test of lxc-up.sh
    fmt:~# # Before
    fmt:~# ip link show
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
      [ . . . ]
    3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
        link/ether 00:1e:67:d4:db:bc brd ff:ff:ff:ff:ff:ff
      [ . . . ]
    fmt:~# ip addr show
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
        inet6 ::1/128 scope host 
           valid_lft forever preferred_lft forever
      [ . . . ]
    3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
        link/ether 00:1e:67:d4:db:bc brd ff:ff:ff:ff:ff:ff
        inet 23.134.88.226/28 scope global eth1
           valid_lft forever preferred_lft forever
        inet6 2602:fba1:999::2/48 scope global 
           valid_lft forever preferred_lft forever
        inet6 fe80::21e:67ff:fed4:dbbc/64 scope link 
           valid_lft forever preferred_lft forever
      [ . . . ]
    fmt:~# ip route show
    default via 23.134.88.225 dev eth1  metric 1 onlink 
    23.134.88.224/28 dev eth1 scope link  src 23.134.88.226 
    fmt:~# ip -6 route show
    2602:fba1:999::/48 dev eth1  metric 256 
    fe80::/64 dev eth1  metric 256 
    default via 2602:fba1:999::1 dev eth1  metric 1 onlink 
    multicast ff00::/8 dev eth1  metric 256 
    fmt:~# cat -n lxc-up.sh
         1  ip link add lxcbr0 type bridge
         2  ip link set lxcbr0 up
         3  ip addr add 192.168.188.1/24 dev lxcbr0  
         4  ip addr add 2602:fba1:999:1c00::/56 dev lxcbr0 
         5  ip addr del 2602:fba1:999::2/48 dev eth1 
         6  ip addr add 2602:fba1:999::2/64 dev eth1
         7  sysctl net.ipv4.ip_forward=1
         8  sysctl net.ipv6.conf.all.forwarding=1
         9  ip addr add 23.134.88.227/28 dev eth1 preferred_lft 0
        10  iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT --to 23.134.88.227
    fmt:~# ./lxc-up.sh
    net.ipv4.ip_forward = 1
    net.ipv6.conf.all.forwarding = 1
    fmt:~# # After
    fmt:~# ip link show
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
      [ . . . ]
    3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
        link/ether 00:1e:67:d4:db:bc brd ff:ff:ff:ff:ff:ff
      [ . . . ]
    6: lxcbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000
        link/ether 0a:ff:51:bf:5e:b0 brd ff:ff:ff:ff:ff:ff
    fmt:~# ip addr show
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
        inet6 ::1/128 scope host 
           valid_lft forever preferred_lft forever
      [ . . . ]
    3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
        link/ether 00:1e:67:d4:db:bc brd ff:ff:ff:ff:ff:ff
        inet 23.134.88.226/28 scope global eth1
           valid_lft forever preferred_lft forever
        inet 23.134.88.227/28 scope global secondary deprecated eth1
           valid_lft forever preferred_lft forever
        inet6 2602:fba1:999::2/64 scope global 
           valid_lft forever preferred_lft forever
        inet6 fe80::21e:67ff:fed4:dbbc/64 scope link 
           valid_lft forever preferred_lft forever
      [ . . . ]
    6: lxcbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000
        link/ether 0a:ff:51:bf:5e:b0 brd ff:ff:ff:ff:ff:ff
        inet 192.168.188.1/24 scope global lxcbr0
           valid_lft forever preferred_lft forever
        inet6 2602:fba1:999:1c00::/56 scope global 
           valid_lft forever preferred_lft forever
        inet6 fe80::8ff:51ff:febf:5eb0/64 scope link 
           valid_lft forever preferred_lft forever
    fmt:~# ip route show
    default via 23.134.88.225 dev eth1  metric 1 onlink 
    23.134.88.224/28 dev eth1 scope link  src 23.134.88.226 
    192.168.188.0/24 dev lxcbr0 scope link  src 192.168.188.1 
    fmt:~# ip -6 route show
    2602:fba1:999::/64 dev eth1  metric 256 
    2602:fba1:999:1c00::/56 dev lxcbr0  metric 256 
    fe80::/64 dev eth1  metric 256 
    fe80::/64 dev lxcbr0  metric 256 
    default via 2602:fba1:999::1 dev eth1  metric 1 onlink 
    anycast 2602:fba1:999:: dev eth1  metric 0 
    anycast fe80:: dev eth1  metric 0 
    anycast fe80:: dev lxcbr0  metric 0 
    multicast ff00::/8 dev eth1  metric 256 
    multicast ff00::/8 dev lxcbr0  metric 256 
    fmt:~# 
    
  • NAT IPv4 is fully working.
    IPv6 is not working due to missing NDP responder.

    @Not_Oles said:
    For ndpresponder, I remember installing on fmt Alpine some glibc compatability layer. Perhaps we might grab the ndpresponder binary that was compiled on the i9 Proxmox server and use it on Alpine via the glibc compatability layer. Alternatively, we perhaps could, on fmt Alpine, install go and again compile ndpresponder from sources against musl libc. Which route is grassy and in want of wear?

    You should recompile ndpresponder binary in a container that runs the same OS as the host, or on the host itself.
    fmt already has gcc and go compilers, but it lacks linux-headers package that supplies the kernel headers used by GoPacket library.

    Thanked by (1)Not_Oles

    Webhosting24 aff best VPS; ServerFactory aff best VDS; Cloudie best ASN; Huel aff best brotein.

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @yoursunny said: fmt already has gcc and go compilers, but it lacks linux-headers package

    chronos@penguin:~$ ssh f
    Welcome to Alpine!
    
    fmt:~# apk info linux-headers
    linux-headers-6.1.0-r0 description:
    Linux system headers
    
    linux-headers-6.1.0-r0 webpage:
    https://kernel.org/
    
    linux-headers-6.1.0-r0 installed size:
    8012 KiB
    
    fmt:~# apk -e info linux-headers
    fmt:~# apk info linux-headers-doc
    fmt:~# date -u
    Fri Jan 27 00:34:34 UTC 2023
    fmt:~# apk update
    fetch http://mirror.fcix.net/alpine/edge/main/x86_64/APKINDEX.tar.gz
    fetch http://mirror.fcix.net/alpine/edge/community/x86_64/APKINDEX.tar.gz
    fetch http://mirror.fcix.net/alpine/edge/testing/x86_64/APKINDEX.tar.gz
    v3.17.0-4609-gc56bea7591 [http://mirror.fcix.net/alpine/edge/main]
    v3.17.0-4613-g27b8c3b21b [http://mirror.fcix.net/alpine/edge/community]
    v3.17.0-4615-gf4b28347e5 [http://mirror.fcix.net/alpine/edge/testing]
    OK: 24221 distinct packages available
    fmt:~# apk upgrade
    (1/11) Upgrading busybox (1.36.0-r1 -> 1.36.0-r3)
    Executing busybox-1.36.0-r3.post-upgrade
    (2/11) Upgrading busybox-binsh (1.36.0-r1 -> 1.36.0-r3)
    (3/11) Upgrading busybox-mdev-openrc (1.36.0-r1 -> 1.36.0-r3)
    (4/11) Upgrading ssl_client (1.36.0-r1 -> 1.36.0-r3)
    (5/11) Upgrading busybox-openrc (1.36.0-r1 -> 1.36.0-r3)
    (6/11) Upgrading busybox-suid (1.36.0-r1 -> 1.36.0-r3)
    (7/11) Upgrading busybox-doc (1.36.0-r1 -> 1.36.0-r3)
    (8/11) Upgrading linux-lts (6.1.7-r0 -> 6.1.8-r0)
    (9/11) Upgrading linux-lts-doc (6.1.7-r0 -> 6.1.8-r0)
    (10/11) Upgrading wireshark-common (4.0.2-r0 -> 4.0.3-r0)
    Executing wireshark-common-4.0.3-r0.pre-upgrade
    (11/11) Upgrading tshark (4.0.2-r0 -> 4.0.3-r0)
    Executing busybox-1.36.0-r3.trigger
    Executing kmod-30-r1.trigger
    Executing mkinitfs-3.7.0-r1.trigger
    ==> initramfs: creating /boot/initramfs-lts
    Executing mandoc-apropos-1.14.6-r6.trigger
    Executing syslinux-6.04_pre1-r11.trigger
    /boot is device /dev/sdc1
    OK: 1572 MiB in 356 packages
    fmt:~# apk add linux-headers
    (1/1) Installing linux-headers (6.1.7-r0)
    OK: 1579 MiB in 357 packages
    fmt:~# 
    

    More soon. Thanks again @yoursunny!

  • Not_OlesNot_Oles Hosting ProviderContent Writer
    edited January 2023
    fmt:~# uname -r
    6.1.7-0-lts
    fmt:~# who
    root            pts/0           00:00   Jan 27 00:30:58  187.189.238.1 # Nobody here but me! 
    fmt:~# date -u
    Fri Jan 27 00:42:04 UTC 2023
    fmt:~# reboot
    fmt:~# Connection to fmt.metalvps.com closed by remote host.
    Connection to fmt.metalvps.com closed.
    chronos@penguin:~$ 
    
  • Not_OlesNot_Oles Hosting ProviderContent Writer
    fmt:~# date -u
    Fri Jan 27 00:46:26 UTC 2023
    fmt:~# uname -r
    6.1.8-0-lts
    fmt:~# apk update
    fetch http://mirror.fcix.net/alpine/edge/main/x86_64/APKINDEX.tar.gz
    fetch http://mirror.fcix.net/alpine/edge/community/x86_64/APKINDEX.tar.gz
    fetch http://mirror.fcix.net/alpine/edge/testing/x86_64/APKINDEX.tar.gz
    v3.17.0-4609-gc56bea7591 [http://mirror.fcix.net/alpine/edge/main]
    v3.17.0-4613-g27b8c3b21b [http://mirror.fcix.net/alpine/edge/community]
    v3.17.0-4615-gf4b28347e5 [http://mirror.fcix.net/alpine/edge/testing]
    OK: 24210 distinct packages available
    fmt:~# apk upgrade
    OK: 1579 MiB in 357 packages
    fmt:~# 
    
  • Not_OlesNot_Oles Hosting ProviderContent Writer
    edited January 2023

    Compile and install ndpresponder

    fmt:~# # Compile and install ndpresponder
    fmt:~# # https://github.com/yoursunny/ndpresponder
    fmt:~# date -u
    Fri Jan 27 00:58:51 UTC 2023
    fmt:~# go install github.com/yoursunny/ndpresponder@latest
    go: downloading github.com/yoursunny/ndpresponder v0.0.0-20221026012103-dac38c7df8bc
    go: downloading go.uber.org/zap v1.23.0
    go: downloading golang.org/x/sys v0.1.0
    go: downloading github.com/urfave/cli/v2 v2.20.3
    go: downloading github.com/google/gopacket v1.1.19
    go: downloading inet.af/netaddr v0.0.0-20220811202034-502d2d690317
    go: downloading golang.org/x/net v0.1.0
    go: downloading github.com/vishvananda/netlink v1.2.1-beta.2
    go: downloading github.com/fsouza/go-dockerclient v1.9.0
    go: downloading go4.org/intern v0.0.0-20211027215823-ae77deb06f29
    go: downloading github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f
    go: downloading go.uber.org/multierr v1.6.0
    go: downloading go.uber.org/atomic v1.7.0
    go: downloading go4.org/unsafe/assume-no-moving-gc v0.0.0-20220617031537-928513b29760
    go: downloading github.com/docker/docker v20.10.19+incompatible
    go: downloading github.com/docker/go-units v0.5.0
    go: downloading github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673
    go: downloading github.com/cpuguy83/go-md2man/v2 v2.0.2
    go: downloading github.com/russross/blackfriday/v2 v2.1.0
    go: downloading github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799
    go: downloading github.com/gogo/protobuf v1.3.2
    go: downloading github.com/docker/go-connections v0.4.0
    go: downloading github.com/morikuni/aec v1.0.0
    go: downloading github.com/sirupsen/logrus v1.8.1
    go: downloading github.com/pkg/errors v0.9.1
    go: downloading github.com/moby/sys/mount v0.3.3
    go: downloading github.com/containerd/containerd v1.6.6
    go: downloading github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6
    go: downloading github.com/opencontainers/runc v1.1.2
    go: downloading github.com/moby/sys/mountinfo v0.6.2
    go: downloading github.com/opencontainers/go-digest v1.0.0
    fmt:~# which ndpresponder
    fmt:~# 
    
    fmt:~/go/bin# ls -l
    total 13836
    -rwxr-xr-x    1 root     root      14167432 Jan 27 00:59 ndpresponder
    fmt:~/go/bin# 
    

    Might there be some go path or environment variable settings which were not made automagically when go was installed by apk?

    It's unclear to me whether the current location of the ndpresponder binary is okay.

    Also ndpresponder probably needs to be configured.

    Friendly greetings! :)

  • @Not_Oles said:
    It's unclear to me whether the current location of the ndpresponder binary is okay.

    Location doesn't matter, if you manually invokes it in a SCREEN session.

    Also ndpresponder probably needs to be configured.

    Everything is on the command line.

    -i eth1 -n 2602:fba1:999:1c00::/56

    Thanked by (1)Not_Oles

    Webhosting24 aff best VPS; ServerFactory aff best VDS; Cloudie best ASN; Huel aff best brotein.

  • Can I get a shell account?
    I assume you already have my key, and it looks I was missing all these while I was in LET

    Thanked by (1)Not_Oles
  • Not_OlesNot_Oles Hosting ProviderContent Writer

    Hi @FatGrizzly!

    Lovely to see you here!

    New fmt accounts are on pause because of router and network configuration issues. However, considering that you are one of the most important people in the ♒︎ Free VPS Movement ♒︎ how can I say no?

    Please try something like

    ssh [email protected] -p 42365

    It should work on both IPv4 and IPv6 with your ssh key. Password login has been disabled, but your account password is in a file in your home directory. You might need the password if/when we give you sudo. Please feel free to change your password.

    Please let us know what you plan to do with your shell account. Please let us know whether you get in.

    Again, welcome aboard!

    Tom

    Thanked by (1)FatGrizzly
  • @Not_Oles said:
    Hi @FatGrizzly!

    Lovely to see you here!

    New fmt accounts are on pause because of router and network configuration issues. However, considering that you are one of the most important people in the ♒︎ Free VPS Movement ♒︎ how can I say no?

    Please try something like

    ssh [email protected] -p 42365

    It should work on both IPv4 and IPv6 with your ssh key. Password login has been disabled, but your account password is in a file in your home directory. You might need the password if/when we give you sudo. Please feel free to change your password.

    Please let us know what you plan to do with your shell account. Please let us know whether you get in.

    Again, welcome aboard!

    Tom

    I'll get back home and I'll definitely try it out! Thanks!

    Maybe we should extend our project to LES too if administrators approve our offer?

    We'll discuss this later tonight/ early morning for you.

    Thanked by (1)Not_Oles
  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @yoursunny said:

    @Not_Oles said:
    It's unclear to me whether the current location of the ndpresponder binary is okay.

    Location doesn't matter, if you manually invokes it in a SCREEN session.

    Also ndpresponder probably needs to be configured.

    Everything is on the command line.

    -i eth1 -n 2602:fba1:999:1c00::/56

    fmt:~/go/bin# ./ndpresponder -i eth1 -n 2602:fba1:999:1c00::/56
    {"level":"info","ts":1674881236.0895073,"logger":"HostInfo","msg":"found MAC","mac":"00:1e:67:d4:db:bc"}
    {"level":"info","ts":1674881236.1033328,"logger":"HostInfo","msg":"found gateway","gateway":"2602:fba1:999::1"}
    {"level":"info","ts":1674881236.1034236,"logger":"HostInfo","msg":"netlink.NeighSet OK","lladdr":"32:45:84:2b:01:78"}
    
    
  • lxcbr0 bridge disappeared…

    Thanked by (1)Not_Oles

    Webhosting24 aff best VPS; ServerFactory aff best VDS; Cloudie best ASN; Huel aff best brotein.

  • Not_OlesNot_Oles Hosting ProviderContent Writer
    edited January 2023

    @yoursunny said:
    lxcbr0 bridge disappeared…

    I forgot to run lxc-up.sh when I last rebooted. :) So, I ran it. I also added it to /etc/local.d.

    fmt:/etc/local.d# cat README 
    This directory should contain programs or scripts which are to be run
    when the local service is started or stopped.
    
    If a file in this directory is executable and it has a .start extension,
    it will be run when the local service is started. If a file is
    executable and it has a .stop extension, it will be run when the local
    service is stopped.
    
    All files are processed in lexical order.
    
    Keep in mind that files in this directory are processed sequentially,
    and the local service is not considered started or stopped until
    everything is processed, so if you have a process which takes a long
    time to run, it can delay your boot or shutdown processing.
    fmt:/etc/local.d# cp -p /root/lxc-up.sh lxc.start
    fmt:/etc/local.d# ls -l
    total 8
    -rw-r--r--    1 root     root           652 Jan  7 07:34 README
    -rwx------    1 root     root           436 Jan 25 20:55 lxc.start
    fmt:/etc/local.d# 
    

    If it's a good idea, I probably could add a line something like

    nohup /root/go/bin/ndpresponder -i eth1 -n 2602:fba1:xxxx:xxxx::/56 &

    to lxc.start.

  • edited February 2023

    @yoursunny @Not_Oles
    NAT IPv4 and IPv6 is working .
    Now, I tring to run docker in LXC alpine container,but some error occurs.
    Is it able to run docker in the unprivileged LXC container?

    alpine:~# docker run --rm hello-world
    time="2023-02-03T01:46:28.788841772Z" level=info msg="starting signal loop" namespace=moby path=/run/docker/containerd/daemon/io.containerd.runtime.v2.task/moby/b14c8946789ce7eef82508628d5af341b8e5176e3cfe44904053a8639f20c988 pid=615
    INFO[2023-02-03T01:46:28.800773054Z] shim disconnected                             id=b14c8946789ce7eef82508628d5af341b8e5176e3cfe44904053a8639f20c988
    ERRO[2023-02-03T01:46:28.800847291Z] copy shim log                                 error="read /proc/self/fd/14: file already closed"
    ERRO[2023-02-03T01:46:28.801334879Z] stream copy error: reading from a closed fifo 
    ERRO[2023-02-03T01:46:28.801334871Z] stream copy error: reading from a closed fifo 
    ERRO[2023-02-03T01:46:28.892741764Z] b14c8946789ce7eef82508628d5af341b8e5176e3cfe44904053a8639f20c988 cleanup: failed to delete container from containerd: no such container 
    ERRO[2023-02-03T01:46:28.898990888Z] Handler for POST /v1.41/containers/b14c8946789ce7eef82508628d5af341b8e5176e3cfe44904053a8639f20c988/start returned error: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:385: applying cgroup configuration for process caused: no cgroup mount found in mountinfo: unknown 
    docker: Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:385: applying cgroup configuration for process caused: no cgroup mount found in mountinfo: unknown.
    
    Thanked by (1)Not_Oles
  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @subenhon

    Thanks for your report! Congrats on getting your container working! I don't know about the Docker error you mentioned, but I think @yoursunny uses Docker inside containers, so I bet he can tell us about the error.

    When you have time, could you please post the commands you used to configure, create, and start your Alpine LXC container?

    Thanks again!

  • @Not_Oles ,Here is how I create the Lxc container.

    ~ $ cat $HOME/.config/lxc/default.conf
    lxc.include = /etc/lxc/default.conf
    lxc.idmap = u 0 1022000000 65536
    lxc.idmap = g 0 1022000000 65536
    ~ $ lxc-create -n alpine -f $HOME/.config/lxc/default.conf -t download -- --dist alpine --release 3.17 --arch amd64
    Using image from local cache
    Unpacking the rootfs
    ---
    You just created an Alpinelinux 3.17 x86_64 (20230123_20:03) container.
    ~ $# change container root password and network setting frome dhcp to manual
    ~ $ lxc-attach -n alpine
    / # passwd
    Changing password for root
    New password: 
    Retype password: 
    passwd: password for root changed by root
    / # exit
    ~ $ # container ip config  
    ~ $ echo -e "lxc.net.0.ipv4.address = 192.168.188.58/24\nlxc.net.0.ipv4.gateway = auto" >> $HOME/.local/share/lxc/alpine/config
    ~ $ echo -e "lxc.net.0.ipv6.address = 2602:fba1:999:1c00:58::/64\nlxc.net.0.ipv6.gateway = auto" >> $HOME/.local/share/lxc/alpine/config
    ~ $ #restart container
    ~ $ lxc-stop -n alpine
    ~ $ lxc-start -n alpine
    ~ $ lxc-console -n alpine
    Connected to tty 1
    Type <Ctrl+a q> to exit the console, <Ctrl+a Ctrl+a> to enter Ctrl+a itself
    Welcome to Alpine Linux 3.17
    Kernel 6.1.8-0-lts on an x86_64 (/dev/tty1)
    
    alpine login: root
    Password: 
    Welcome to Alpine!
    
    The Alpine Wiki contains a large amount of how-to guides and general
    information about administrating Alpine systems.
    See <https://wiki.alpinelinux.org/>.
    
    You can setup the system with the command: setup-alpine
    
    You may change this message by editing /etc/motd.
    
    alpine:~# #add nameserver
    alpine:~# echo -e "nameserver 1.1.1.1\nnameserver 2001:470:20::2\n" >> /etc/resolv.conf
    alpine:~# ping -4 google.com
    PING google.com (142.251.46.238): 56 data bytes
    64 bytes from 142.251.46.238: seq=0 ttl=119 time=1.691 ms
    64 bytes from 142.251.46.238: seq=1 ttl=119 time=1.604 ms
    --- google.com ping statistics ---
    2 packets transmitted, 2 packets received, 0% packet loss
    round-trip min/avg/max = 1.604/1.647/1.691 ms
    alpine:~# ping -6 google.com
    PING google.com (2607:f8b0:4005:80b::200e): 56 data bytes
    64 bytes from 2607:f8b0:4005:80b::200e: seq=0 ttl=117 time=50.880 ms
    64 bytes from 2607:f8b0:4005:80b::200e: seq=1 ttl=117 time=1.773 ms
    
    Thanked by (2)Not_Oles terrorgen
  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @subenhon Very nice! Thanks so much!

    @terrorgen Did you try it too?

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    Hi guys! Sorry, but I just received an email from Hetrix saying that fmt ping monitor is down on IPv4 and on IPv6. Reported to @Cloudie. Will update when I know more. Thanks very much! Tom

Sign In or Register to comment.