[Lxc-users] lxc networking using nat

[Daniel Lezcano]

Serge E. Hallyn wrote:
> Hi Daniel,
>
> lxc at the moment (AFAICS) won't work for me on my laptop
> bc of bridges and macvlan not working with wireless
> devices.  (I have explicitly heard that bridging won't
> work with wireless, but I hadn't heard that about macvlan -
> but quick tests with modifying lxc-macvlan.conf did not
> succeed).
>
> However, I can manually create a networked container using
> veth devices and ip tables:
>
> on HOST:
> ip link add type veth
> ifconfig veth0 192.168.1.1 up
> ifconfig veth1 192.168.1.2 up
> route add -host 192.168.1.2 dev veth0
>
> on VM:
> ns_exec -cmpiun /bin/bash
> hostname vm1
> 517  mount --make-rslave /
> mount -t tmpfs tmp /tmp
> ifconfig veth1 192.168.1.2 up
> route add -net default gw 192.168.1.1
> mount --bind /etc/resolv.conf.vm1 /etc/resolv.conf
>
> back on HOST:
> ip link set veth1 netns 11741
> echo 1 > /proc/sys/net/ipv4/ip_forward
> iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE
> iptables --append FORWARD --in-interface veth0 -j ACCEPT
>
> Any idea of the best way to implement this in lxc?  Just add some
> code into setup_netdev() to recognize and handle a 'use_nat' option?
>
> Sure would be nice to be able to simply use lxc on my laptop  :)
>
> thanks,
> -serge
>   

Hi Serge,

You can setup your host with a bridge, ip_forwarding and a single 
iptables rule.

1 - create a bridge with an IP address used as the default gateway address

2 - use the lxc configuration:

lxc.network.type = veth
lxc.network.link = br0

3 - set on your host the ip forwarding:

echo 1 > /proc/sys/net/ipv4/ip_forward

4 - set the iptables rule

sudo /sbin/iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

This steps assume your container does dhcp and you have a dnsmasq setup 
running on your host and providing the ip addresses for the containers' 
network.

At present lxc does not provide route configuration, hence if dhcp is 
not used, your container has to set the network with the route etc ...