[Lxc-users] LXC Support on Vagrant
Guido Jäkel
G.Jaekel at DNB.DE
Thu Mar 14 07:08:02 UTC 2013
Dear Fábio,
from a short look at the website i take the main goal of Vagrant as a super-tool is to automagical set up "complex" environments. And i put it in quotation marks, because the typical user should not to have deeper knowledge about mostly anything.
Said that, i don't think that it's a good decision that a container have no plain and direct IP connection to the providing network but needs some sort of special handling. A transparent proxy like your mentioned rined will need to be configured for every provided service and is limited to single cast TCP traffic on network layer 3. And this will cover neither UDP nor broad/multicast (or other L3 "lifted" L2 traffic).
That will a good simulation for a real world szenario for a DMZ, where the containers are protected by a firewall from the internet. But that isn't a "just work" situation.
I would suggest to use a direct layer 2 wiring model by a bridge on the host and and for the ip adresses of the containers the same subnet as for the host -- then you may reach the services provided on the containers from outside directly. Or an private ip range -- then you need to set a route to use the lxc host as a gateway on the other clients on the network.
with greetings
Guido
On 2013-03-13 20:00, Fábio Rehm wrote:
> The only
> "Vagrant core feature" that I am missing right now is the ability to
> redirect ports from the host to the guest container. I've heard that it is
> possible to handle that with just iptables but my "iptables skills" are not
> that great and I didn't manage to get it working. For now I'm manually
> configuring rinetd (http://www.boutell.com/rinetd/) to handle that
More information about the lxc-users
mailing list