-
Notifications
You must be signed in to change notification settings - Fork 189
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
need special 'mangle' table rule for DHCP in LXC containers #184
Comments
hi. Add it exactly as-shown on your comment to your firehol.conf (do not add The (this is strange though - my lxc does not need it). |
Hi @ktsaou, does your LXC setup run on the same machine as the DHCP server? If not, that's probably why you don't need it. Also, just tried as you suggested, and that worked perfectly. Thanks! 👍 |
yes it does... check this: http://azure-west-eu.my-netdata.io/ - the lxc alpine container there works line that. |
@ktsaou May also have to do with what DHCP client it's using. does your LXC container use dhcpcd or dhclient, or something else? In any case, mine were using dhclient, and tried to DHCP but would drop the responses without valid checksums, and they'd never get IP addresses. 😞 |
I had the same Problem... i added the line in die firehol.conf when i try "firehol try" i get the error: iptables-restore v1.4.21: The -t option (seen in line 22) cannot be used in iptables-restore. Error occurred at line: 22 Offending line: |
try this:
It needs the table first. |
Looks like you need to disable fast activation. Set @ktsaou it looks like we will need to handle the |
We do, but it has to be the first parameter to |
Oh, OK I see it is, provided it comes first. |
I'll make a note in the docs this week. I need to update |
I think yes. All marks are now bit-mapped. |
thanks 👍 |
I recently moved my custom iptables config into a FireHOL config, but there's one rule that I can't seem to find a way to replace:
iptables -t mangle -A POSTROUTING -o br0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
This is a necessary rule for DHCP to work properly for LXC containers that are running on the same physical machine as the DHCP server.
Is there any way for FireHOL to support this kind of rule? If not, could support be added?
The text was updated successfully, but these errors were encountered: