On 06/05/2016 12:16 AM, Rainer Weikusat wrote:
Simon Walter <si...@gikaku.com> writes:
[...]
I am adding containers (LXC) and
virtual network to the box, I think I will add an tap and bridge
interface to an /etc/network/interface.d/ file. If I use something
like:
auto br0
iface br0 inet static
pre-up ip tuntap add dev tap0 mode tap
pre-up ip link set tap0 up
post-down ip link set tap0 down
post-down ip tuntap del dev tap0 mode tap
bridge_ports tap0
address 10.1.1.1
netmask 255.255.255.0
broadcast 10.1.1.255
And make sure there is the source /etc/network/interface.d/* line in
the interfaces file. Then route with iptables between the a physical
NIC (eth0 for example) and the virtual NIC (tap0) and have all the
containers connected to br0.
Are there any glaring problems with this setup?
This will create a bridge with one virtual network interface bridged to
a character device an application could use to talk 'ethernet' to the
network stack. That's certainly not inherently related to/ useful for
anything-lxc.
I will route the packets to the physical device using iptables, thereby
creating a firewalled private network. I have only tried it out and not
done much research and testing on whether this is actually secure or not.
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
