[lxc-users] Can I setup a private nat ipv4 and a public ipv6 address at same time for a lxc2 container?

Thu Jun 1 02:31:55 UTC 2017

Hi,
Thanks for all of your help for building so cool thing - lxc.

I have studied my question several days and searched many online resource,
but didn't resolve this. The detail is too long, I describe a brief version
below:

I have a debian 9 host server installed lxc2 server, the host server has
only one pulic ipv4 address, suppose it is 8.8.8.8, and a public /64 subnet
ipv6 pool, suppose it is 8:8:8:8::/64, and the eth0 of host ipv6 is:
8:8:8:8::1/64.

My goal is building the lxc unprivileged container, with a private nat ipv4
address, suppose it is 10.1.0.10, so I use ip forward to access container
from internet using public ipv4 plus port (suppose 8.8.8.8:2222 forward
to/from 10.1.0.10:22). And, at same time, I want assign container a public
ipv6 address or ipv6 subnet( /112, can it be public accessed? ), so I can
access container from internet using public ipv6(suppose 8:8:8:8::10/64
port 22 or 8:8:8:8::10/112 port 22 ? ). For simplifing question, suppose
only assign a public ipv6 (not a public ipv6 subnet) address to the
container.

Util today, I can only setup both private nat ipv4(10.1.0.10) and private
nat ipv6(8:8:8:8::10/112) for the container, open ipv4 and ipv6 forward in
/etc/sysctl.conf, and using iptables and ip6tables to forward public
traffic to or from container(8.8.8.8:2222<->10.1.0.10:22,  8:8:8:8::1/64
port 2222 <-> 8:8:8::10/112 port 22). This is done by create a "2.
independent bridge"(a different bridge out of thin air and link your
containers together on this bridge, but use forwarding to get it out on the
internet or to get traffic into it. debian wiki:
https://wiki.debian.org/LXC/SimpleBridge). reference: LXC host featuring
IPv6 connectivity
https://blog.cepharum.de/en/post/lxc-host-featuring-ipv6-connectivity.html

And, I can create a "1. host-shared bridge"(a bridge out of your main
network interface which will hold both the host's IP and the container's IP
addresses. debian wiki: https://wiki.debian.org/LXC/SimpleBridge). Then, I
can assign a public ipv6 address to the container. But, I can't assign a
private nat ipv4 address to the container now. So, it is no way to public
access container using ipv4 address(because the sole public ipv4 address
only avalable on host network card).

My question is:
1, Can I setup a private nat ipv4 and a public ipv6 address at same time
for a lxc2 container?

2, How to do it?
any idea or online resource link is welcome.

thanks.

-----

Dashing Meng
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170601/fe0375ce/attachment.html>