<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hello gurus,<br>
<br>
I'm attempting to learn lxc/lxd. I have a host with the following
network setup:<br>
<br>
<blockquote>enp0s10 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
<br>
inet addr:XXX.XXX.XXX.161
Bcast:XXX.XXX.XXX.255 Mask:255.255.255.0<br>
inet6 addr: XX/64 Scope:Link<br>
UP BROADCAST RUNNING MULTICAST MTU:1500
Metric:1<br>
RX packets:72869 errors:0 dropped:0 overruns:0
frame:0<br>
TX packets:6546 errors:0 dropped:0 overruns:0
carrier:0<br>
collisions:0 txqueuelen:1000 <br>
RX bytes:7550181 (7.5 MB) TX bytes:918896
(918.8 KB)<br>
<br>
enp0s10:testvm1 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX <br>
inet addr:XXX.XXX.XXX.117
Bcast:XXX.XXX.XXX.255 Mask:255.255.255.0<br>
UP BROADCAST RUNNING MULTICAST MTU:1500
Metric:1<br>
<br>
lo Link encap:Local Loopback <br>
inet addr:127.0.0.1 Mask:255.0.0.0<br>
inet6 addr: ::1/128 Scope:Host<br>
UP LOOPBACK RUNNING MTU:65536 Metric:1<br>
RX packets:336 errors:0 dropped:0 overruns:0
frame:0<br>
TX packets:336 errors:0 dropped:0 overruns:0
carrier:0<br>
collisions:0 txqueuelen:1 <br>
RX bytes:69195 (69.1 KB) TX bytes:69195 (69.1
KB)<br>
<br>
lxdbr0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 <br>
inet addr:10.25.251.1 Bcast:0.0.0.0
Mask:255.255.255.0<br>
inet6 addr: XX/64 Scope:Global<br>
inet6 addr: XX/64 Scope:Link<br>
UP BROADCAST MULTICAST MTU:1500 Metric:1<br>
RX packets:73 errors:0 dropped:0 overruns:0
frame:0<br>
TX packets:185 errors:0 dropped:0 overruns:0
carrier:0<br>
collisions:0 txqueuelen:1000 <br>
RX bytes:6776 (6.7 KB) TX bytes:21534 (21.5
KB)<br>
</blockquote>
What I would like to do is create a container and attach it to the
*.117 address on enps10:testvm1, so that all traffic going in or out
of the container goes through the *.117 address. I will admit that
there is a lot about networking that is just straight up voodoo to
me, so there's probably something simple that I'm missing. I've used
IP aliases many times, but I'm new to containers.<br>
<br>
Attempt #1:<br>
<br>
I attempted to create a profile and attach enp0s10:testvm1 to the
profile:<br>
<blockquote># lxc profile copy default testvm1<br>
</blockquote>
<blockquote># lxc profile edit testvm1<br>
</blockquote>
Editing the text to read:<br>
<blockquote>[...]<br>
devices:<br>
eth0:<br>
name: eth0<br>
nictype: macvlan # <-- changed from
"bridged"<br>
parent: enp0s10:testvm1 # <-- changed from "lxdbr0"<br>
type: nic<br>
</blockquote>
Then I applied the profile to the container:<br>
<blockquote># lxc profile apply my-ubuntu-1 testvm1<br>
</blockquote>
But to no avail:<br>
<blockquote># lxc start my-ubuntu-1<br>
error: Missing parent 'enp0s10:testvm1' for nic 'eth0'<br>
</blockquote>
Attempt #2:<br>
<br>
I had partial success with the following iptables rule:<br>
<blockquote>iptables -t nat -A PREROUTING -d <outside-addr> -j
-DNAT --to-destination <container-addr><br>
</blockquote>
However, outgoing traffic from within the container still appears to
come from the *.161 address and not the *.117 address, so I've only
figured out half of it.<br>
<br>
There's probably something simple I'm doing wrong, and I'm hoping
someone here can school me on the proper way to do this. Also, it's
not clear to me that I won't run into some snag inside the container
with some service getting confused about the differing internal
(10.25.251.*) v.s. external (*.117) IP addresses. So I guess,
ideally, I'd like the container to have the *.117 address both
inside and out. That's probably a separate question though: How do
I give the container a specific internal address?<br>
<br>
I don't want to change lxdbr0 if I can help it, as there may be a
need to run other containers on the same host, containers for which
the default bridging setup works just fine.<br>
<br>
Thanks in advance for any help at all!<br>
<br>
Michael<br>
</body>
</html>