[Lxc-users] Mixing public and private IPs for guests - network configuration?

Marc Haber mh+lxc-users at zugschlus.de
Sun May 22 05:39:04 UTC 2011 

On Sun, May 22, 2011 at 01:48:12AM +0200, Benjamin Kiessling wrote:
> Indeed this is not a virtualization specific problem. You want your host to operate as a router for
> the other two IP addresses and, depending on the configuration of OVH, ARP-Proxy the whole stuff.

Since the hoster is thankfully routing the second and third IP address
to the first, Proxy ARP is not needed. I would use "simple" routing
like this:

Be the official addresse 192.0.2.4/28, 192.0.2.200 and 192.0.2.220.
This is deliberately chosen so that the second and third addresses are
not in the same IP network as the first.

The host has eth0 to connect to the outside, and br0 to connect to the
guests. eth0 and br0 are _NOT_ bridged together. This is what, for
example, VMware, calls "host only networking". The guests are
configured to have their local eth0 bridged to the hosts's br0.

Configure the host:

ip addr add dev eth0 192.0.2.4/28 brd +
ip route add default via <defaultgw>
ip addr add dev br0 172.16.0.1/24 brd +
ip route add to 192.0.2.200 via 172.16.0.2
ip route add to 192.0.2.220 via 172.16.0.3
echo 1 > /proc/sys/net/ipv4/ip_forward

Configure guest1:

ip addr add dev eth0 172.16.0.2/4 brd +
ip addr add dev eth0 192.0.2.200/32
ip route add default via 172.16.0.1

Configure guest2:

ip addr add dev eth0 172.16.0.3/4 brd +
ip addr add dev eth0 192.0.2.220/32
ip route add default via 172.16.0.1

This basically builds an RFC1918-numbered transfer network between the
host and the guests (thus saving an IP address which would be needed
for the host's "internal" interface otherwise) and instructs the host
to forward packets for the guest's "official" IPs to their site local
IP addresses. The second "ip addr add" statement on the guests tells
them that they need to accept packets for their official IP addresses
as well.

Have you considered IPv6?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190

More information about the lxc-users mailing list