medusa/the_information_nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

document updates

Browse Source
This commit is contained in:
Whisker Jones
2024-05-19 12:57:09 -06:00
parent 1475ab1d25
commit 6c42a83d73
1 changed files with 146 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

148
tech_docs/linux/linux_lxc_networking.md
View File

@@ -1,5 +1,3 @@
Got it, Jason. Let's take a more foundational approach to understanding Linux networking concepts, focusing on bridging your Cisco networking knowledge with Linux networking principles.
### Basic Concepts of Linux Networking ### Basic Concepts of Linux Networking
#### 1. **Network Interfaces** #### 1. **Network Interfaces**
@@ -129,3 +127,149 @@ sudo iptables -t nat -A POSTROUTING -j MASQUERADE
### Summary ### Summary
By understanding these core Linux networking concepts and commands, you can leverage your Cisco networking knowledge to effectively manage and configure Linux-based networks. This foundation will help you handle more advanced scenarios, like managing LXC containers and implementing complex port forwarding and NAT setups. By understanding these core Linux networking concepts and commands, you can leverage your Cisco networking knowledge to effectively manage and configure Linux-based networks. This foundation will help you handle more advanced scenarios, like managing LXC containers and implementing complex port forwarding and NAT setups.
---
To get a more advanced understanding of your setup, let's delve into the details and address the intricacies of port forwarding between different networks for LXC containers. We'll cover the concepts and provide a practical example to clarify the process.
### Advanced Port Forwarding with LXC Containers
#### Scenario Overview
- **LXC Container IP**: `192.168.1.10`
- **Apache2 Instance 1**: Running on `10.0.0.1:80`
- **Apache2 Instance 2**: Running on `10.0.0.2:80`
- **Ports on LXC Container**: Forward to `192.168.1.10:81` and `192.168.1.10:82`
- **Objective**: Expose the Apache instances running on `10.x.x.x` network to the `192.168.1.x` network via the LXC container.
### Network Diagram
```
+--------------------+ +--------------------+
| LXC Host | | External Network |
| | | |
| +----------------+ | | |
| | LXC Container | | | |
| | 192.168.1.10 | | | |
| +----------------+ | | |
| | | | | |
| | +-----------------> 192.168.1.10:81 |
| | | | |
| | +-----------------> 192.168.1.10:82 |
| | | | |
| | | | |
| 10.0.0.1:80 10.0.0.2:80 | |
| | | | |
+--------------------+ +--------------------+
```
### Steps for Advanced Port Forwarding
1. **Configure Networking on the LXC Host**:
- Ensure the LXC host has access to both the `10.x.x.x` and `192.168.1.x` networks.
2. **Create a Network Bridge**:
- If needed, create a bridge to connect the LXC container to the desired network.
```bash
# Create a new bridge (if not already created)
sudo ip link add name br0 type bridge
sudo ip addr add 192.168.1.1/24 dev br0
sudo ip link set br0 up
# Add the container's interface to the bridge
sudo ip link set veth0 master br0
sudo ip link set veth0 up
```
3. **Configure the LXC Container**:
- Ensure the LXC container is connected to the bridge `br0` and has the IP address `192.168.1.10`.
4. **Set Up Port Forwarding Using `iptables`**:
- Forward traffic from the LXC container's IP to the Apache instances.
```bash
# Forward traffic from 192.168.1.10:81 to 10.0.0.1:80
sudo iptables -t nat -A PREROUTING -d 192.168.1.10 -p tcp --dport 81 -j DNAT --to-destination 10.0.0.1:80
sudo iptables -A FORWARD -p tcp -d 10.0.0.1 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
# Forward traffic from 192.168.1.10:82 to 10.0.0.2:80
sudo iptables -t nat -A PREROUTING -d 192.168.1.10 -p tcp --dport 82 -j DNAT --to-destination 10.0.0.2:80
sudo iptables -A FORWARD -p tcp -d 10.0.0.2 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
# Masquerade outgoing packets to ensure proper return path
sudo iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
```
### Explanation
- **PREROUTING Chain**:
- `-t nat -A PREROUTING -d 192.168.1.10 -p tcp --dport 81 -j DNAT --to-destination 10.0.0.1:80`: This rule changes the destination of packets arriving at `192.168.1.10` on port `81` to `10.0.0.1:80`.
- `-t nat -A PREROUTING -d 192.168.1.10 -p tcp --dport 82 -j DNAT --to-destination 10.0.0.2:80`: This rule changes the destination of packets arriving at `192.168.1.10` on port `82` to `10.0.0.2:80`.
- **FORWARD Chain**:
- `-A FORWARD -p tcp -d 10.0.0.1 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT`: Allows forwarding of packets destined for `10.0.0.1` on port `80`.
- `-A FORWARD -p tcp -d 10.0.0.2 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT`: Allows forwarding of packets destined for `10.0.0.2` on port `80`.
- **POSTROUTING Chain**:
- `-t nat -A POSTROUTING -o br0 -j MASQUERADE`: Ensures that outgoing packets have the correct source IP address for return traffic.
### Persisting `iptables` Rules
To make sure the `iptables` rules persist across reboots, you can save them using the `iptables-save` command and restore them using the `iptables-restore` command during system startup.
```bash
# Save iptables rules
sudo iptables-save > /etc/iptables/rules.v4
```
On systemd-based systems, you can create a service to restore these rules at startup:
```bash
# Create a systemd service file
sudo nano /etc/systemd/system/iptables-restore.service
```
Add the following content to the service file:
```ini
[Unit]
Description=Restore iptables rules
After=network.target
[Service]
Type=oneshot
ExecStart=/sbin/iptables-restore < /etc/iptables/rules.v4
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
```
Enable and start the service:
```bash
sudo systemctl enable iptables-restore.service
sudo systemctl start iptables-restore.service
```
### Summary
By understanding and configuring the Linux networking components and `iptables` rules, you can achieve advanced port forwarding and ensure proper network communication between different networks and LXC containers. This setup effectively bridges the gap between your extensive Cisco networking knowledge and Linux networking principles.
---
Sure, here's the network diagram using Mermaid syntax.
```mermaid
graph TD;
A[External Network] --> |Access Apache Services| B(LXC Host)
B --> |Forward to 192.168.1.10:81| C(LXC Container 192.168.1.10)
B --> |Forward to 192.168.1.10:82| C
C --> |Forward to 10.0.0.1:80| D[Apache2 Instance 1 10.0.0.1:80]
C --> |Forward to 10.0.0.2:80| E[Apache2 Instance 2 10.0.0.2:80]
```
You can visualize this diagram using a Mermaid live editor, or any platform that supports Mermaid syntax, to see the graphical representation of the network setup.