[lxc-users] Q: Connecting a container to a static IP alias?
Andrey Repin
anrdaemon at yandex.ru
Tue Sep 27 16:01:02 UTC 2016
Greetings, Michael Peek!
> I'm attempting to learn lxc/lxd. I have a host with the following network setup:
> enp0s10 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
> inet addr:XXX.XXX.XXX.161
> Bcast:XXX.XXX.XXX.255 Mask:255.255.255.0
> inet6 addr: XX/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:72869 errors:0 dropped:0 overruns:0 frame:0
> TX packets:6546 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:7550181 (7.5 MB) TX bytes:918896 (918.8 KB)
>
> enp0s10:testvm1 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
> inet addr:XXX.XXX.XXX.117
> Bcast:XXX.XXX.XXX.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:65536 Metric:1
> RX packets:336 errors:0 dropped:0 overruns:0 frame:0
> TX packets:336 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1
> RX bytes:69195 (69.1 KB) TX bytes:69195 (69.1 KB)
>
> lxdbr0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
> inet addr:10.25.251.1 Bcast:0.0.0.0 Mask:255.255.255.0
> inet6 addr: XX/64 Scope:Global
> inet6 addr: XX/64 Scope:Link
> UP BROADCAST MULTICAST MTU:1500 Metric:1
> RX packets:73 errors:0 dropped:0 overruns:0 frame:0
> TX packets:185 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:6776 (6.7 KB) TX bytes:21534 (21.5 KB)
>
> What I would like to do is create a container and attach it to the
> *.117 address on enps10:testvm1, so that all traffic going in or out of
> the container goes through the *.117 address. I will admit that there is
> a lot about networking that is just straight up voodoo to me, so there's
> probably something simple that I'm missing. I've used IP aliases many times,
> but I'm new to containers.
Just remove alias from host and configure the address inside a VM.
> Attempt #1:
>
> I attempted to create a profile and attach enp0s10:testvm1 to the profile:
> # lxc profile copy default testvm1
>
>
> # lxc profile edit testvm1
>
> Editing the text to read:
>
> [...]
> devices:
> eth0:
> name: eth0
> nictype: macvlan # <-- changed from "bridged"
> parent: enp0s10:testvm1 # <-- changed from "lxdbr0"
> type: nic
>
> Then I applied the profile to the container:
>
> # lxc profile apply my-ubuntu-1 testvm1
>
> But to no avail:
>
> # lxc start my-ubuntu-1
> error: Missing parent 'enp0s10:testvm1' for nic 'eth0'
The problem here is that "enp0s10:testvm1" is NOT a "network interface".
It's just an additional address of the enp0s10.
>
> Attempt #2:
>
> I had partial success with the following iptables rule:
>
> iptables -t nat -A PREROUTING -d <outside-addr> -j -DNAT --to-destination <container-addr>
Worst solution possible. Don't use it unless you have no other ways to solve
your task.
> However, outgoing traffic from within the container still appears to
> come from the *.161 address and not the *.117 address, so I've only figured out half of it.
>
> There's probably something simple I'm doing wrong, and I'm hoping
> someone here can school me on the proper way to do this. Also, it's not
> clear to me that I won't run into some snag inside the container with
> some service getting confused about the differing internal (10.25.251.*)
> v.s. external (*.117) IP addresses. So I guess, ideally, I'd like the
> container to have the *.117 address both inside and out. That's
> probably a separate question though: How do I give the container a specific internal address?
>
> I don't want to change lxdbr0 if I can help it, as there may be a
> need to run other containers on the same host, containers for which the
> default bridging setup works just fine.
>
> Thanks in advance for any help at all!
>
> Michael
>
--
With best regards,
Andrey Repin
Tuesday, September 27, 2016 18:57:28
Sorry for my terrible english...
More information about the lxc-users
mailing list