[lxc-users] Can I setup a private nat ipv4 and a public ipv6 address at same time for a lxc2 container?
Ron Kelley
rkelleyrtp at gmail.com
Thu Jun 1 14:25:31 UTC 2017
How about adding two NICs to the container: one for private networking (via lxdbridge) and one for public networking (via macvlan)?
> On May 31, 2017, at 10:31 PM, littlebat <dashing.meng at gmail.com> wrote:
>
> Hi,
> Thanks for all of your help for building so cool thing - lxc.
>
> I have studied my question several days and searched many online resource, but didn't resolve this. The detail is too long, I describe a brief version below:
>
> I have a debian 9 host server installed lxc2 server, the host server has only one pulic ipv4 address, suppose it is 8.8.8.8, and a public /64 subnet ipv6 pool, suppose it is 8:8:8:8::/64, and the eth0 of host ipv6 is: 8:8:8:8::1/64.
>
> My goal is building the lxc unprivileged container, with a private nat ipv4 address, suppose it is 10.1.0.10, so I use ip forward to access container from internet using public ipv4 plus port (suppose 8.8.8.8:2222 forward to/from 10.1.0.10:22). And, at same time, I want assign container a public ipv6 address or ipv6 subnet( /112, can it be public accessed? ), so I can access container from internet using public ipv6(suppose 8:8:8:8::10/64 port 22 or 8:8:8:8::10/112 port 22 ? ). For simplifing question, suppose only assign a public ipv6 (not a public ipv6 subnet) address to the container.
>
> Util today, I can only setup both private nat ipv4(10.1.0.10) and private nat ipv6(8:8:8:8::10/112) for the container, open ipv4 and ipv6 forward in /etc/sysctl.conf, and using iptables and ip6tables to forward public traffic to or from container(8.8.8.8:2222<->10.1.0.10:22, 8:8:8:8::1/64 port 2222 <-> 8:8:8::10/112 port 22). This is done by create a "2. independent bridge"(a different bridge out of thin air and link your containers together on this bridge, but use forwarding to get it out on the internet or to get traffic into it. debian wiki: https://wiki.debian.org/LXC/SimpleBridge). reference: LXC host featuring IPv6 connectivity https://blog.cepharum.de/en/post/lxc-host-featuring-ipv6-connectivity.html
>
> And, I can create a "1. host-shared bridge"(a bridge out of your main network interface which will hold both the host's IP and the container's IP addresses. debian wiki: https://wiki.debian.org/LXC/SimpleBridge). Then, I can assign a public ipv6 address to the container. But, I can't assign a private nat ipv4 address to the container now. So, it is no way to public access container using ipv4 address(because the sole public ipv4 address only avalable on host network card).
>
> My question is:
> 1, Can I setup a private nat ipv4 and a public ipv6 address at same time for a lxc2 container?
>
> 2, How to do it?
> any idea or online resource link is welcome.
>
> thanks.
>
> -----
>
> Dashing Meng
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
More information about the lxc-users
mailing list