On Fri, Jun 26, 2015 at 11:57 AM, Benoit GEORGELIN - Association Web4all <benoit.george...@web4all.fr> wrote: > Thanks for link. > > I'll try something like you discribed. I was expecting something built in > Lxc like you suggested later with lxc-user-nic. > I think the routing option is the only one available, like proxmox/openvz > is doing I guess. > > If was thinking of having a dedicated port with ovs switch configured to > only allow a specific mac address/ipv4 to use the port. Whatever the > container try setup, only one working configure will be allowed. > > Because I'm trying to think in a dynamic way including ipv4 and Mac address > allocation for a specific container. > You execute the container and the network configuration is slef secured.
Something like this also works on container config file for privileged container: lxc.network.type = veth lxc.network.flags = up lxc.network.hwaddr = 00:16:3e:2e:51:17 lxc.network.veth.pair = veth-cont1-0 lxc.network.ipv4 = 209.126.100.172/32 lxc.network.ipv4.gateway = 10.0.0.1 The benefit of this approach is that all settings is done from the host side. When specifying it like that (mac and ip on config file), the container OS should leave the active ip/routes as is (e.g. "iface eth0 inet manual" on container's /etc/network/interfaces). You still need to setup the host side of veth pair (veth-cont1-0 in the example) in hosts's network configuration (e.g. hosts's /etc/network/interfaces). -- Fajar _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
