Ok, earlier you had said that you want a single ip address from which you port forward to your containers. I do that on my server in a much simpler way. My eth0 on the host is unmodified, a simple nic using dhcp. My lxcbr0 is the stock lxcbr0 provided by the lxc package in ubuntu. Then i use /etc/lxc/dnsmasq.conf to have dnsmasq provide static ips to my containers, i.e.
dhcp-host=h1,10.0.3.50 dhcp-host=h2,10.0.3.51 (see https://help.ubuntu.com/14.04/serverguide/lxc.html) Then I forward the ports from eth0 to the containers, using an upstart job like: description "serge's firewall" author "Serge Hallyn <[email protected]>" start on started lxc-net stop on stopping lxc-net #manual task script iptables -t nat -L -n | grep -q "to:10.0.3.100:22" && exit 0 # mail.hallyn.com iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 25 -j DNAT --to-destination 10.0.3.50:25 iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 465 -j DNAT --to-destination 10.0.3.50:465 iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 993 -j DNAT --to-destination 10.0.3.50:993 iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 587 -j DNAT --to-destination 10.0.3.50:587 iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 9900 -j DNAT --to-destination 10.0.3.50:22 iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 9980 -j DNAT --to-destination 10.0.3.51:80 end script to forward port 9900 on the host to ssh on the mail container; the standard imap/smtp ports to the mail container; and port 9980 to the web port on the web container. Quoting Kevin LaTona ([email protected]): > > On Aug 11, 2014, at 3:33 AM, Fajar A. Nugraha <[email protected]> wrote: > > > On Mon, Aug 11, 2014 at 5:12 PM, Kevin LaTona <[email protected]> wrote: > > > > If you use a new bridge you don't need lxcbr0. > > > >> > >> If I create a config some thing like this on the Host. > >> > >> > >> auto lo > >> iface lo inet loopback > >> > >> auto eth0 > >> iface eth0 inet manual > >> > >> > >> iface lxcbr0 inet static > > > > don't do that > > > I found this setup along my google travels. > > > > > > >> address 192.168.0.50 > >> netmask 255.255.255.0 > >> broadcast 192.168.0.255 > >> network 192.168.0.0 > >> gateway 192.168.0.1 > >> dns-nameservers 8.8.8.8 8.8.4.4 > >> bridge_ports eth0 > >> bridge_fd 9 > >> bridge_hello 2 > >> bridge_maxage 12 > >> bridge_stp off > >> > >> > >> As soon as I bring it up I no longer am able to SSH in the host machine. > > > > Duh. You have no IP configured on eth0. > > > Can any one fill in why not do it this way. > > And or how you might do it otherwise? > > I thought on a bridge set up like this that you assign the ip to the bridge > iface? > > > > I've since added post up and pre-down rules and things are starting to come > together now > > -------------------- host /etc/network/interfaces----------------- > auto lo > iface lo inet loopback > > > auto eth0 > iface eth0 inet manual > > > auto lxcbr0 > iface lxcbr0 inet static > address 192.168.0.50 > netmask 255.255.255.0 > gateway 192.168.0.1 > network 192.168.0.0 > broadcast 192.168.0.255 > > dns-nameservers 8.8.8.8 > bridge_ports eth0 > bridge_stp off > bridge_fd 0 > > post-up echo 1 > /proc/sys/net/ipv4/ip_forward > post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE > > pre-down echo 0 > /proc/sys/net/ipv4/ip_forward > pre-down iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE > > > > > > Then inside a container I assign a static ip address and for now it starting > to work as I thought it might. > > ------------container --- var/lib/lxc/k2/rootfs/etc/network/interfaces > ------------ > > auto eth0 > iface eth0 inet static > address 192.168.0.102 > netmask 255.255.255.0 > network 192.168.0.0 > broadcast 192.168.0.255 > gateway 192.168.0.1 > dns-nameservers 8.8.8.8 8.8.4.4 > > > > > > -Kevin > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
