[lxc-users] Create bridge between LXC Container and Ethernet device

Patrick mailing.lists at mailbox.org
Thu Jan 7 17:55:51 UTC 2021 

Hi,

thanks to everyone for your answers. I was able to create a bridge so that my container gets it's own dedicated public IP, but it was a bit more complicated than expected.

> In your case, you may:
> * assign 1.2.3.4/24 to br0 instead of eth0, leave IP level of eth0 unconfigured
> * assign 5.6.7.8/32 to the inner side of veth0, i.e. eth0 inside the container. In the same way as on the LXC host, use 1.2.3.1 as the gateway to outbound "all other packets" to.
> * configure your external net that the packets to 5.6.7.8 are forwarded to the (MAC of) eth0 of the host.

That was basically the solution. But I had to set 1.2.3.4 as the gateway for the container, as my hoster has some restrictions. I found out that my hoster binds the IP addresses to specific MAC addresses, so if I try to set 1.2.3.1 as the gateway for the container, my packages just get dropped, as the MAC address of the container does not match the MAC address of the main interface. So I enabled IP forwarding, added a route for 5.6.7.8/32 on the host system, set 1.2.3.4 as the gateway and the container finally has WAN access.

There is only one problem left. The DNS doesn't work. I can ping 8.8.8.8, but I can't ping domain names. I tried it with Debian and Ubuntu, I configered my DNS using plain /etc/resolv.conf, Netplan and systemd-resolved, but I can't get it work. I tried several public DNS servers, they work on the host system, but not inside the container. I'm not sure if this is my fault or if it's because of a restriction from my hoster.

I have some "debug information" to share with you, maybe you can find a misconfiguration:
This is from the host system: https://paste.debian.net/1180073/
This if from inside the container: https://paste.debian.net/1180075/

As in my last e-mail, 1.2.3.4/24 and 5.6.7.8/32 are both public IP addresses and 1.2.3.1 is the gateway.

Thanks again to everyone.

Best Regards,
Patrick

> Patrick <mailing.lists at mailbox.org> hat am 01.01.2021 20:57 geschrieben:
> 
>  
> Hi,
> 
> I'm trying to create a bridge device between my LXC Container and my Ethernet Device, which has 2 public IPs. The bridge device creation fails, as you can see here: https://paste.debian.net/hidden/c81c8832/. I want to bridge the LXC Container with the secondary IP address of the Ethernet interface. Does somebody has an idea how to do that?
> 
> Best Regards,
> Patrick

More information about the lxc-users mailing list