[Lxc-users] multiple containers network config
Fajar A. Nugraha
list at fajar.net
Tue Apr 3 14:33:55 UTC 2012
On Tue, Apr 3, 2012 at 9:29 PM, Arun M <arunmahadevaiyer at gmail.com> wrote:
> Hello,
>
> I am looking for a standard network config that can be used for running
> multiple containers in the same physical host. There could be 100s of
> containers running in a single host.
>
> What I am not clear is, what IP and ethernet address should I use while
> invoking the container.
Depends on what you need. You should learn about bridge and NAT. It's
not really lxc-specific.
>
> Should I just create a bridge device with a local IP (say 192.168.254.1) and
> add this as the default gateway for all the containers.
>
> For access to external network, would a single NAT rule like this suffice?
>
> iptables -t nat -A POSTROUTING -s 192.168.254.0/24 -o eth0 -j MASQUERADE
I think so.
Look at what libvrt and lxc does with virbr0 and lxcbr0. It should be similar.
>
>
> Also the containers should have limited network access. They should be able
> to
> 1. connect to a limited set of outside hosts in the intranet
> 2. connect only to a few well known ports (say 80/443) in the internet.
>
Then create your own firewall rules. It's as simple as that.
--
Fajar
More information about the lxc-users
mailing list