[lxc-users] Router inside LXC with "lxc.network.type = phys" to the WAN-port
Fajar A. Nugraha
list at fajar.net
Thu Jan 30 11:04:08 UTC 2014
On Thu, Jan 30, 2014 at 5:21 PM, Thomas Huber <miraculli at gmail.com> wrote:
> Hi out there,
>
> is it a good idea to setup a kind of virtual router inside a LXC?
> I got a server with dual 1Gbit Nic and the server should run several
> services.
> I also would like to use it as a router and a thought it would be quite
> nice to set it up inside a LXC by mapping the WAN-port with
> "lxc.network.type = phys" to the Container.
>
> first of all: is this a good idea?
>
>
I suggest you try it, and see if it works for your case.
In my case, I tested using phys for a while on a container for a somewhat
busy webserver. It worked fine initially, but the problem came when I
shutdown the container. The container is gone, but the interface was not
visible on the host again. Which makes it impossible to restart container.
I ended up reverting to veth instead. Using that same container, the veth
(on the host side) was not deleted when the container was destroyed, but I
can force-destroy it using "ip link del" and "lxc.network.script.down".
> second: is it possible
possible, yes. As long as the needed iptables modules are already loaded on
the host side.
> to do all the firewalling inside the LXC or is it better (more secure) to
> do this at the host?
>
>
That is what I usually do.
--
FAN
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140130/8c4ff9e3/attachment.html>
More information about the lxc-users
mailing list