Differences between revisions 1 and 23 (spanning 22 versions)
Revision 1 as of 2011-12-12 16:12:12
Size: 1748
Editor: ?MarcusOsdoba
Comment: lxc: split main page and possible network configurations into seperate subpages
Revision 23 as of 2015-02-21 16:40:37
Size: 5047
Editor: ?RamonFischer
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
Please find alternative network setups for containers on the [[LXC]] mainpage. #language en
~-[[DebianWiki/EditorGuide#translation|Translation(s)]]: none-~
----
This page includes examples of a
bridged or routed network provided by the host.
Line 3: Line 7:
In case of bridged or routed network provided by the host, here is an example. Alternatives to this network setup for containers can be found on the [[LXC]] main page.
Line 5: Line 9:
= Host device as bridge = == Host device as bridge ==
Features:
Line 7: Line 12:
 * the container's {{{veth}}} virtual ethernet interface can share the network link on the physical interface of the host (eth0).  * the container's {{{veth}}} virtual ethernet interface can share the network link on the physical interface of the host (eth0). So the container resides on the same ethernet segment and talks to the same dhcp server as the host does.

Requires {{{bridge-utils}}} package.

Edit the host's {{{/etc/network/interfaces}}} in this form:
Line 9: Line 18:
# Comment out the following:
Line 20: Line 30:
#auto br0
Line 23: Line 34:
# address <host IP here, e.g. 10.1.1.2> # address <host IP here, e.g. 192.168.1.20>
Line 25: Line 36:
# network <network IP here, e.g. 10.1.1.0>
# broadcast <broadcast IP here, e.g. 10.1.1.255>
# gateway <gateway IP address here, e.g. 10.1.1.1>
# network <network IP here, e.g. 192.168.1.0>
# broadcast <broadcast IP here, e.g. 192.168.1.255>
# gateway <gateway IP address here, e.g. 192.168.1.1>
Line 29: Line 40:
# dns-nameservers <name server IP address here, e.g. 10.1.1.1> # dns-nameservers <name server IP address here, e.g. 192.168.1.1>
Line 34: Line 45:
 * TODO: provide a sample of the network section in the containers config Restart networking:
{{{
/etc/init.d/networking restart
}}}
Line 36: Line 50:
= Additonal bridge device instead of changing a host device to br0 =  * The network section in the container's config (stored on the host in {{{/var/lib/lxc/containername/config}}}) may look like this
{{{
## Network
lxc.utsname = containershostname
lxc.network.type = veth
lxc.network.flags = up

# that's the interface defined above in host's interfaces file
lxc.network.link = br0

# name of network device inside the container,
# defaults to eth0, you could choose a name freely
# lxc.network.name = lxcnet0

lxc.network.hwaddr = 00:FF:AA:00:00:01

# the ip may be set to 0.0.0.0/24 or skip this line
# if you like to use a dhcp client inside the container
lxc.network.ipv4 = 192.168.1.110/24

# define a gateway to have access to the internet
lxc.network.ipv4.gateway = 192.168.1.1

}}}

 * Completing the example above, the container's {{{/etc/network/interfaces}}} may be edited to look like this
{{{
auto eth0
iface eth0 inet dhcp
#iface eth0 inet static
# address <container IP here, e.g. 192.168.1.110>
# all other settings like those for the host
}}}

== Additonal bridge device instead of changing a host device to br0 ==
Features:
Line 38: Line 87:
 * the container's {{{veth}}} virtual ethernet interface accesses the network via the bridge device created on the host.
== natted ==
 * TODO
== routed ==
 * TODO
 * the container's {{{veth}}} virtual ethernet interface accesses the network via the bridge device created on the host. By default, the container is not visable from outside the host.

{{{
# script to setup a natted network for lxc guests
CMD_BRCTL=/usr/sbin/brctl
CMD_IFCONFIG=/sbin/ifconfig
CMD_IPTABLES=/sbin/iptables
CMD_ROUTE=/sbin/route
NETWORK_BRIDGE_DEVICE_NAT=lxc-bridge-nat
HOST_NETDEVICE=wlan0
PRIVATE_GW_NAT=192.168.100.1
PRIVATE_NETMASK=255.255.255.0

${CMD_BRCTL} addbr ${NETWORK_BRIDGE_DEVICE_NAT}
${CMD_BRCTL} setfd ${NETWORK_BRIDGE_DEVICE_NAT} 0
${CMD_IFCONFIG} ${NETWORK_BRIDGE_DEVICE_NAT} ${PRIVATE_GW_NAT} netmask ${PRIVATE_NETMASK} promisc up
${CMD_IPTABLES} -t nat -A POSTROUTING -o ${HOST_NETDEVICE} -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

}}}

== Alternative: ==
Features:
 * persisted in sysctl.conf {{{/etc/sysctl.conf}}}
 * persisted in interfaces {{{/etc/network/interfaces}}}

Uncomment the following in {{{/etc/sysctl.conf}}}:
{{{
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
}}}

Insert the following in {{{/etc/network/interfaces}}}:

{{{
auto lxc-bridge-nat
iface lxc-bridge-nat inet static
 bridge_ports none
 bridge_fd 0
 bridge_maxwait 0
 address 192.168.100.1
 netmask 255.255.255.0
 up iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
}}}

 * The containers {{{/etc/network/interfaces}}} is equal to the one proposed in "Host device as bridge"; if you don't put a dhcp server on the {{{lxc-bridge-nat}}}, the container should now use the static ip configuration
 * The containers config file now uses {{{lxc-bridge-nat}}} as link and another ip
{{{
lxc.network.link = lxc-bridge-nat
lxc.network.ipv4 = 192.168.100.10/24
}}}
 * The host can connect easily from his original network 192.168.1.0 to the natted one 192.168.100.0
 * if you want to access a containers port (e.g. putting an apache inside a container) from outside the host, you have to forward that port from the host to the containers IP
Line 45: Line 142:
References : == References ==

Translation(s): none


This page includes examples of a bridged or routed network provided by the host.

Alternatives to this network setup for containers can be found on the LXC main page.

Host device as bridge

Features:

  • persisted in host's /etc/network/interfaces

  • the container's veth virtual ethernet interface can share the network link on the physical interface of the host (eth0). So the container resides on the same ethernet segment and talks to the same dhcp server as the host does.

Requires bridge-utils package.

Edit the host's /etc/network/interfaces in this form:

# Comment out the following:
# The primary network interface
#allow-hotplug eth0
#iface eth0 inet dhcp

auto br0
iface br0 inet dhcp
        bridge_ports eth0
        bridge_fd 0
        bridge_maxwait 0

# uncomment the below and comment the above for static ip setup on the host
#auto br0
#iface br0 inet static
#       bridge_ports eth0
#       bridge_fd 0
#       address <host IP here, e.g. 192.168.1.20>
#       netmask 255.255.255.0
#       network <network IP here, e.g. 192.168.1.0>
#       broadcast <broadcast IP here, e.g. 192.168.1.255>
#       gateway <gateway IP address here, e.g. 192.168.1.1>
#       # dns-* options are implemented by the resolvconf package, if installed
#       dns-nameservers <name server IP address here, e.g. 192.168.1.1>
#       dns-search your.search.domain.here

Restart networking:

/etc/init.d/networking restart
  • The network section in the container's config (stored on the host in /var/lib/lxc/containername/config) may look like this

## Network
lxc.utsname = containershostname
lxc.network.type = veth
lxc.network.flags = up

# that's the interface defined above in host's interfaces file
lxc.network.link = br0

# name of network device inside the container,
# defaults to eth0, you could choose a name freely
# lxc.network.name = lxcnet0 

lxc.network.hwaddr = 00:FF:AA:00:00:01

# the ip may be set to 0.0.0.0/24 or skip this line
# if you like to use a dhcp client inside the container
lxc.network.ipv4 = 192.168.1.110/24

# define a gateway to have access to the internet
lxc.network.ipv4.gateway = 192.168.1.1
  • Completing the example above, the container's /etc/network/interfaces may be edited to look like this

auto eth0
iface eth0 inet dhcp
#iface eth0 inet static
#       address <container IP here, e.g. 192.168.1.110>
#       all other settings like those for the host

Additonal bridge device instead of changing a host device to br0

Features:

  • setup manually with brctl
  • the container's veth virtual ethernet interface accesses the network via the bridge device created on the host. By default, the container is not visable from outside the host.

# script to setup a natted network for lxc guests
CMD_BRCTL=/usr/sbin/brctl
CMD_IFCONFIG=/sbin/ifconfig
CMD_IPTABLES=/sbin/iptables
CMD_ROUTE=/sbin/route
NETWORK_BRIDGE_DEVICE_NAT=lxc-bridge-nat
HOST_NETDEVICE=wlan0
PRIVATE_GW_NAT=192.168.100.1
PRIVATE_NETMASK=255.255.255.0

${CMD_BRCTL} addbr ${NETWORK_BRIDGE_DEVICE_NAT}
${CMD_BRCTL} setfd ${NETWORK_BRIDGE_DEVICE_NAT} 0
${CMD_IFCONFIG} ${NETWORK_BRIDGE_DEVICE_NAT} ${PRIVATE_GW_NAT} netmask ${PRIVATE_NETMASK} promisc up
${CMD_IPTABLES} -t nat -A POSTROUTING -o ${HOST_NETDEVICE} -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

Alternative:

Features:

  • persisted in sysctl.conf /etc/sysctl.conf

  • persisted in interfaces /etc/network/interfaces

Uncomment the following in /etc/sysctl.conf:

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

Insert the following in /etc/network/interfaces:

auto lxc-bridge-nat
iface lxc-bridge-nat inet static
        bridge_ports none
        bridge_fd 0
        bridge_maxwait 0
        address 192.168.100.1
        netmask 255.255.255.0
        up iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
  • The containers /etc/network/interfaces is equal to the one proposed in "Host device as bridge"; if you don't put a dhcp server on the lxc-bridge-nat, the container should now use the static ip configuration

  • The containers config file now uses lxc-bridge-nat as link and another ip

lxc.network.link = lxc-bridge-nat
lxc.network.ipv4 = 192.168.100.10/24
  • The host can connect easily from his original network 192.168.1.0 to the natted one 192.168.100.0
  • if you want to access a containers port (e.g. putting an apache inside a container) from outside the host, you have to forward that port from the host to the containers IP

References