Differences between revisions 8 and 9
Revision 8 as of 2012-09-28 18:46:37
Size: 4070
Editor: ?BrettWuth
Comment:
Revision 9 as of 2012-09-28 18:48:33
Size: 4096
Editor: ?BrettWuth
Comment:
Deletions are marked like this. Additions are marked like this.
Line 9: Line 9:
Features:
Line 11: Line 12:
Line 69: Line 71:
Features:
Line 70: Line 73:
 * the container's {{{veth}}} virtual ethernet interface accesses the network via the bridge device created on the host. The container is not visable from outside the host by default  * the container's {{{veth}}} virtual ethernet interface accesses the network via the bridge device created on the host. By default, the container is not visable from outside the host.

Translation(s): none


Alternatives to this network setup for containers can be found on the LXC main page.

In case of bridged or routed network provided by the host, here are some examples.

Host device as bridge

Features:

  • persisted in host's /etc/network/interfaces

  • the container's veth virtual ethernet interface can share the network link on the physical interface of the host (eth0). So the container resides on the same ethernet segment and talks to the same dhcp server as the host does.

# The primary network interface
#allow-hotplug eth0
#iface eth0 inet dhcp

auto br0
iface br0 inet dhcp
        bridge_ports eth0
        bridge_fd 0
        bridge_maxwait 0

# uncomment the below and comment the above for static ip setup on the host
#iface br0 inet static
#       bridge_ports eth0
#       bridge_fd 0
#       address <host IP here, e.g. 192.168.1.20>
#       netmask 255.255.255.0
#       network <network IP here, e.g. 192.168.1.0>
#       broadcast <broadcast IP here, e.g. 192.168.1.255>
#       gateway <gateway IP address here, e.g. 192.168.1.1>
#       # dns-* options are implemented by the resolvconf package, if installed
#       dns-nameservers <name server IP address here, e.g. 192.168.1.1>
#       dns-search your.search.domain.here
  • The network section in the container's config may look like this

## Network
lxc.utsname = containershostname
lxc.network.type = veth
lxc.network.flags = up

# that's the interface defined above in host's interfaces file
lxc.network.link = br0

# name of network device inside the container,
# defaults to eth0, you could choose a name freely
lxc.network.name = lxcnet0 

lxc.network.hwaddr = 00:FF:AA:00:00:01

# the ip may be set to 0.0.0.0/24 or skip this line
# if you like to use a dhcp client inside the container
lxc.network.ipv4 = 192.168.1.110/24
  • Completing the example above, the containers /etc/network/interfaces may look like this

auto lxcnet0
iface lxcnet0 inet dhcp
#iface lxcnet0 inet static
#       address <container IP here, e.g. 192.168.1.110>
#       all other settings like those for the host

Additonal bridge device instead of changing a host device to br0

Features:

  • setup manually with brctl
  • the container's veth virtual ethernet interface accesses the network via the bridge device created on the host. By default, the container is not visable from outside the host.

# script to setup a natted network for lxc guests
CMD_BRCTL=/usr/sbin/brctl
CMD_IFCONFIG=/sbin/ifconfig
CMD_IPTABLES=/sbin/iptables
CMD_ROUTE=/sbin/route
NETWORK_BRIDGE_DEVICE_NAT=lxc-bridge-nat
HOST_NETDEVICE=wlan0
PRIVATE_GW_NAT=192.168.100.1
PRIVATE_NETMASK=255.255.255.0

${CMD_BRCTL} addbr ${NETWORK_BRIDGE_DEVICE_NAT}
${CMD_BRCTL} setfd ${NETWORK_BRIDGE_DEVICE_NAT} 0
${CMD_IFCONFIG} ${NETWORK_BRIDGE_DEVICE_NAT} ${PRIVATE_GW_NAT} netmask ${PRIVATE_NETMASK} promisc up
${CMD_IPTABLES} -t nat -A POSTROUTING -o ${HOST_NETDEVICE} -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
  • The containers /etc/network/interfaces is equal to the one proposed in "Host device as bridge"; if you don't put a dhcp server on the lxc-bridge-nat, the container should now use the static ip configuration

  • The containers config file now uses lxc-bridge-nat as link and another ip

lxc.network.link = lxc-bridge-nat
lxc.network.ipv4 = 192.168.100.10/24
  • The host can connect easily from his original network 192.168.1.0 to the natted one 192.168.100.0
  • if you want to access a containers port (e.g. putting an apache inside a container) from outside the host, you have to forward that port from the host to the containers IP

References