[lxc-users] Setting up LXC on Ubuntu 14.04

Kevin LaTona lists at studiosola.com
Tue Aug 12 05:16:43 UTC 2014 



This method does look like a much cleaner and simpler way to go.

Thanks I really appreciate everyone's input from the list with this matter.


-Kevin


On Aug 11, 2014, at 8:47 PM, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:

> Ok, earlier you had said that you want a single ip address from
> which you port forward to your containers.  I do that on my server
> in a much simpler way.  My eth0 on the host is unmodified, a simple
> nic using dhcp.  My lxcbr0 is the stock lxcbr0 provided by the lxc
> package in ubuntu.  Then i use /etc/lxc/dnsmasq.conf to have dnsmasq
> provide static ips to my containers, i.e.
> 
> dhcp-host=h1,10.0.3.50
> dhcp-host=h2,10.0.3.51
> 
> (see https://help.ubuntu.com/14.04/serverguide/lxc.html)
> 
> Then I forward the ports from eth0 to the containers, using an upstart
> job like:
> 
> description "serge's firewall"
> author "Serge Hallyn <serge.hallyn at canonical.com>"
> 
> start on started lxc-net
> stop on stopping lxc-net
> 
> #manual
> task
> 
> script
>    iptables -t nat -L -n | grep -q "to:10.0.3.100:22" && exit 0
>    # mail.hallyn.com
>    iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 25 -j DNAT --to-destination 10.0.3.50:25
>    iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 465 -j DNAT --to-destination 10.0.3.50:465
>    iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 993 -j DNAT --to-destination 10.0.3.50:993
>    iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 587 -j DNAT --to-destination 10.0.3.50:587
>    iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 9900 -j DNAT --to-destination 10.0.3.50:22
>    iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 9980 -j DNAT --to-destination 10.0.3.51:80
> end script
> 
> to forward port 9900 on the host to ssh on the mail container; the standard
> imap/smtp ports to the mail container;  and port 9980 to the web port on
> the web container.
> 
> Quoting Kevin LaTona (lists at studiosola.com):
>> 
>> On Aug 11, 2014, at 3:33 AM, Fajar A. Nugraha <list at fajar.net> wrote:
>> 
>>> On Mon, Aug 11, 2014 at 5:12 PM, Kevin LaTona <lists at studiosola.com> wrote:
>>> 
>>> If you use a new bridge you don't need lxcbr0.
>>> 
>>>> 
>>>> If I create a config some thing like this on the Host.
>>>> 
>>>> 
>>>> auto lo
>>>> iface lo inet loopback
>>>> 
>>>> auto eth0
>>>> iface eth0 inet manual
>>>> 
>>>> 
>>>> iface lxcbr0 inet static
>>> 
>>> don't do that
>> 
>> 
>> I found this setup along my google travels.
>> 
>> 
>> 
>>> 
>>>>  address 192.168.0.50
>>>>  netmask 255.255.255.0
>>>>  broadcast 192.168.0.255
>>>>  network 192.168.0.0
>>>>  gateway 192.168.0.1
>>>>  dns-nameservers 8.8.8.8 8.8.4.4
>>>>  bridge_ports eth0
>>>>  bridge_fd 9
>>>>  bridge_hello 2
>>>>  bridge_maxage 12
>>>>  bridge_stp off
>>>> 
>>>> 
>>>> As soon as I bring it up I no longer am able to SSH in the host machine.
>>> 
>>> Duh. You have no IP configured on eth0.
>> 
>> 
>> Can any one fill in why not do it this way.
>> 
>> And or how you might do it otherwise?
>> 
>> I thought on a bridge set up like this that you assign the ip to the bridge iface?
>> 
>> 
>> 
>> I've since added post up and pre-down rules and things are starting to come together now
>> 
>> -------------------- host /etc/network/interfaces-----------------
>> auto lo
>> iface lo inet loopback
>> 
>> 
>> auto eth0
>> iface eth0 inet manual
>> 
>> 
>> auto lxcbr0
>> iface lxcbr0 inet static
>>    address 192.168.0.50
>>    netmask 255.255.255.0
>>    gateway 192.168.0.1
>>    network 192.168.0.0
>>    broadcast 192.168.0.255
>> 
>>    dns-nameservers 8.8.8.8
>>   bridge_ports eth0
>>   bridge_stp off
>>   bridge_fd 0
>> 
>>   post-up echo 1 > /proc/sys/net/ipv4/ip_forward
>>   post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>> 
>>   pre-down echo 0 > /proc/sys/net/ipv4/ip_forward
>>   pre-down iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
>> 
>> 
>> 
>> 
>> 
>> Then inside a container I assign a static ip address and for now it starting to work as I thought it might.
>> 
>> ------------container --- var/lib/lxc/k2/rootfs/etc/network/interfaces ------------
>> 
>> auto eth0
>> iface eth0 inet static
>>        address 192.168.0.102
>>        netmask 255.255.255.0
>>        network 192.168.0.0
>>        broadcast 192.168.0.255
>>        gateway 192.168.0.1
>>        dns-nameservers 8.8.8.8 8.8.4.4
>> 
>> 
>> 
>> 
>> 
>> -Kevin
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

More information about the lxc-users mailing list