[lxc-users] Q: Connecting a container to a static IP alias?
Michael Peek
peek at nimbios.org
Tue Sep 27 14:47:22 UTC 2016
Hello gurus,
I'm attempting to learn lxc/lxd. I have a host with the following
network setup:
enp0s10 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inet addr:XXX.XXX.XXX.161
Bcast:XXX.XXX.XXX.255 Mask:255.255.255.0
inet6 addr: XX/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:72869 errors:0 dropped:0 overruns:0
frame:0
TX packets:6546 errors:0 dropped:0 overruns:0
carrier:0
collisions:0 txqueuelen:1000
RX bytes:7550181 (7.5 MB) TX bytes:918896
(918.8 KB)
enp0s10:testvm1 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inet addr:XXX.XXX.XXX.117
Bcast:XXX.XXX.XXX.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:336 errors:0 dropped:0 overruns:0 frame:0
TX packets:336 errors:0 dropped:0 overruns:0
carrier:0
collisions:0 txqueuelen:1
RX bytes:69195 (69.1 KB) TX bytes:69195 (69.1 KB)
lxdbr0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
inet addr:10.25.251.1 Bcast:0.0.0.0
Mask:255.255.255.0
inet6 addr: XX/64 Scope:Global
inet6 addr: XX/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:73 errors:0 dropped:0 overruns:0 frame:0
TX packets:185 errors:0 dropped:0 overruns:0
carrier:0
collisions:0 txqueuelen:1000
RX bytes:6776 (6.7 KB) TX bytes:21534 (21.5 KB)
What I would like to do is create a container and attach it to the *.117
address on enps10:testvm1, so that all traffic going in or out of the
container goes through the *.117 address. I will admit that there is a
lot about networking that is just straight up voodoo to me, so there's
probably something simple that I'm missing. I've used IP aliases many
times, but I'm new to containers.
Attempt #1:
I attempted to create a profile and attach enp0s10:testvm1 to the profile:
# lxc profile copy default testvm1
# lxc profile edit testvm1
Editing the text to read:
[...]
devices:
eth0:
name: eth0
nictype: macvlan # <-- changed from "bridged"
parent: enp0s10:testvm1 # <-- changed from "lxdbr0"
type: nic
Then I applied the profile to the container:
# lxc profile apply my-ubuntu-1 testvm1
But to no avail:
# lxc start my-ubuntu-1
error: Missing parent 'enp0s10:testvm1' for nic 'eth0'
Attempt #2:
I had partial success with the following iptables rule:
iptables -t nat -A PREROUTING -d <outside-addr> -j -DNAT
--to-destination <container-addr>
However, outgoing traffic from within the container still appears to
come from the *.161 address and not the *.117 address, so I've only
figured out half of it.
There's probably something simple I'm doing wrong, and I'm hoping
someone here can school me on the proper way to do this. Also, it's not
clear to me that I won't run into some snag inside the container with
some service getting confused about the differing internal (10.25.251.*)
v.s. external (*.117) IP addresses. So I guess, ideally, I'd like the
container to have the *.117 address both inside and out. That's
probably a separate question though: How do I give the container a
specific internal address?
I don't want to change lxdbr0 if I can help it, as there may be a need
to run other containers on the same host, containers for which the
default bridging setup works just fine.
Thanks in advance for any help at all!
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160927/01d14b48/attachment.html>
More information about the lxc-users
mailing list