[lxc-users] LXD container with NIC in promiscuous mode
Felipe
fmbrieva at gmail.com
Thu May 26 16:25:26 UTC 2016
If nictype is bridged (see my "profile_br1"):
name: profile_br1
config: {}
description: Bridge br1
devices:
eth1:
name: eth1
nictype: bridged
parent: br1
type: nic
NIC eth1 in the container doesn't work in promiscuous mode.
So my solution is pass a physical interface (in promiscuous mode) to the
container (see my profile "mirror"):
name: mirror
config: {}
description: Mirror Port
devices:
eth1-mirror:
nictype: physical
parent: eth1-mirror
type: nic
and now container sees all traffic from mirror port.
if someone has a better solution I'm interested in knowing , thanks.
Now i can try to install SecurityOnion on a LXD conainer :)
2016-05-26 12:23 GMT+02:00 Felipe <fmbrieva at gmail.com>:
> I want to use a container with a NIC in promiscuous mode for capturing all
> the traffic from a mirror port.
>
> I have:
>
> - LXD server with two bridge "br0" and "br1". ("br1" configured as PROMISC
> with interface eth1 as PROMISC)
> - Container with two interfaces "eth0" and "eth1". ("eth1" configured as
> PROMISC)
>
> I can see all traffic from mirror port in LXD Server with "br1" and "eth1"
> but i cann´t see traffic in the container. Why?
>
> When container starts a new interface is created in LXD Server for bridge
> "br1" (new interface: veth4Q0L0U)
>
> bridge name bridge id STP enabled interfaces
> br1 ************** no
> eth1
>
> veth4Q0L0U
>
> Also i have setup veth4Q0L0U as PROMISC but i cann´t see traffic from
> mirror port in the container.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160526/f39c5845/attachment.html>
More information about the lxc-users
mailing list