[lxc-users] Setting up LXC on Ubuntu 14.04
Serge Hallyn
serge.hallyn at ubuntu.com
Tue Aug 12 03:47:13 UTC 2014
Ok, earlier you had said that you want a single ip address from
which you port forward to your containers. I do that on my server
in a much simpler way. My eth0 on the host is unmodified, a simple
nic using dhcp. My lxcbr0 is the stock lxcbr0 provided by the lxc
package in ubuntu. Then i use /etc/lxc/dnsmasq.conf to have dnsmasq
provide static ips to my containers, i.e.
dhcp-host=h1,10.0.3.50
dhcp-host=h2,10.0.3.51
(see https://help.ubuntu.com/14.04/serverguide/lxc.html)
Then I forward the ports from eth0 to the containers, using an upstart
job like:
description "serge's firewall"
author "Serge Hallyn <serge.hallyn at canonical.com>"
start on started lxc-net
stop on stopping lxc-net
#manual
task
script
iptables -t nat -L -n | grep -q "to:10.0.3.100:22" && exit 0
# mail.hallyn.com
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 25 -j DNAT --to-destination 10.0.3.50:25
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 465 -j DNAT --to-destination 10.0.3.50:465
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 993 -j DNAT --to-destination 10.0.3.50:993
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 587 -j DNAT --to-destination 10.0.3.50:587
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 9900 -j DNAT --to-destination 10.0.3.50:22
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 9980 -j DNAT --to-destination 10.0.3.51:80
end script
to forward port 9900 on the host to ssh on the mail container; the standard
imap/smtp ports to the mail container; and port 9980 to the web port on
the web container.
Quoting Kevin LaTona (lists at studiosola.com):
>
> On Aug 11, 2014, at 3:33 AM, Fajar A. Nugraha <list at fajar.net> wrote:
>
> > On Mon, Aug 11, 2014 at 5:12 PM, Kevin LaTona <lists at studiosola.com> wrote:
> >
> > If you use a new bridge you don't need lxcbr0.
> >
> >>
> >> If I create a config some thing like this on the Host.
> >>
> >>
> >> auto lo
> >> iface lo inet loopback
> >>
> >> auto eth0
> >> iface eth0 inet manual
> >>
> >>
> >> iface lxcbr0 inet static
> >
> > don't do that
>
>
> I found this setup along my google travels.
>
>
>
> >
> >> address 192.168.0.50
> >> netmask 255.255.255.0
> >> broadcast 192.168.0.255
> >> network 192.168.0.0
> >> gateway 192.168.0.1
> >> dns-nameservers 8.8.8.8 8.8.4.4
> >> bridge_ports eth0
> >> bridge_fd 9
> >> bridge_hello 2
> >> bridge_maxage 12
> >> bridge_stp off
> >>
> >>
> >> As soon as I bring it up I no longer am able to SSH in the host machine.
> >
> > Duh. You have no IP configured on eth0.
>
>
> Can any one fill in why not do it this way.
>
> And or how you might do it otherwise?
>
> I thought on a bridge set up like this that you assign the ip to the bridge iface?
>
>
>
> I've since added post up and pre-down rules and things are starting to come together now
>
> -------------------- host /etc/network/interfaces-----------------
> auto lo
> iface lo inet loopback
>
>
> auto eth0
> iface eth0 inet manual
>
>
> auto lxcbr0
> iface lxcbr0 inet static
> address 192.168.0.50
> netmask 255.255.255.0
> gateway 192.168.0.1
> network 192.168.0.0
> broadcast 192.168.0.255
>
> dns-nameservers 8.8.8.8
> bridge_ports eth0
> bridge_stp off
> bridge_fd 0
>
> post-up echo 1 > /proc/sys/net/ipv4/ip_forward
> post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
> pre-down echo 0 > /proc/sys/net/ipv4/ip_forward
> pre-down iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
>
>
>
>
>
> Then inside a container I assign a static ip address and for now it starting to work as I thought it might.
>
> ------------container --- var/lib/lxc/k2/rootfs/etc/network/interfaces ------------
>
> auto eth0
> iface eth0 inet static
> address 192.168.0.102
> netmask 255.255.255.0
> network 192.168.0.0
> broadcast 192.168.0.255
> gateway 192.168.0.1
> dns-nameservers 8.8.8.8 8.8.4.4
>
>
>
>
>
> -Kevin
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
More information about the lxc-users
mailing list