Greetings, Michael Peek! > I'm attempting to learn lxc/lxd. I have a host with the following network > setup:
> enp0s10 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX > inet addr:XXX.XXX.XXX.161 > Bcast:XXX.XXX.XXX.255 Mask:255.255.255.0 > inet6 addr: XX/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 > Metric:1 > RX packets:72869 errors:0 dropped:0 overruns:0 > frame:0 > TX packets:6546 errors:0 dropped:0 overruns:0 > carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:7550181 (7.5 MB) TX bytes:918896 > (918.8 KB) > > enp0s10:testvm1 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX > inet addr:XXX.XXX.XXX.117 > Bcast:XXX.XXX.XXX.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 > Metric:1 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > inet6 addr: ::1/128 Scope:Host > UP LOOPBACK RUNNING MTU:65536 Metric:1 > RX packets:336 errors:0 dropped:0 overruns:0 > frame:0 > TX packets:336 errors:0 dropped:0 overruns:0 > carrier:0 > collisions:0 txqueuelen:1 > RX bytes:69195 (69.1 KB) TX bytes:69195 (69.1 > KB) > > lxdbr0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 > inet addr:10.25.251.1 Bcast:0.0.0.0 > Mask:255.255.255.0 > inet6 addr: XX/64 Scope:Global > inet6 addr: XX/64 Scope:Link > UP BROADCAST MULTICAST MTU:1500 Metric:1 > RX packets:73 errors:0 dropped:0 overruns:0 > frame:0 > TX packets:185 errors:0 dropped:0 overruns:0 > carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:6776 (6.7 KB) TX bytes:21534 (21.5 > KB) > > What I would like to do is create a container and attach it to the > *.117 address on enps10:testvm1, so that all traffic going in or out of > the container goes through the *.117 address. I will admit that there is > a lot about networking that is just straight up voodoo to me, so there's > probably something simple that I'm missing. I've used IP aliases many times, > but I'm new to containers. Just remove alias from host and configure the address inside a VM. > Attempt #1: > > I attempted to create a profile and attach enp0s10:testvm1 to the > profile: > # lxc profile copy default testvm1 > > > # lxc profile edit testvm1 > > Editing the text to read: > > [...] > devices: > eth0: > name: eth0 > nictype: macvlan # <-- changed from "bridged" > parent: enp0s10:testvm1 # <-- changed from "lxdbr0" > type: nic > > Then I applied the profile to the container: > > # lxc profile apply my-ubuntu-1 testvm1 > > But to no avail: > > # lxc start my-ubuntu-1 > error: Missing parent 'enp0s10:testvm1' for nic 'eth0' The problem here is that "enp0s10:testvm1" is NOT a "network interface". It's just an additional address of the enp0s10. > > Attempt #2: > > I had partial success with the following iptables rule: > > iptables -t nat -A PREROUTING -d <outside-addr> -j -DNAT > --to-destination <container-addr> Worst solution possible. Don't use it unless you have no other ways to solve your task. > However, outgoing traffic from within the container still appears to > come from the *.161 address and not the *.117 address, so I've only > figured out half of it. > > There's probably something simple I'm doing wrong, and I'm hoping > someone here can school me on the proper way to do this. Also, it's not > clear to me that I won't run into some snag inside the container with > some service getting confused about the differing internal (10.25.251.*) > v.s. external (*.117) IP addresses. So I guess, ideally, I'd like the > container to have the *.117 address both inside and out. That's > probably a separate question though: How do I give the container a > specific internal address? > > I don't want to change lxdbr0 if I can help it, as there may be a > need to run other containers on the same host, containers for which the > default bridging setup works just fine. > > Thanks in advance for any help at all! > > Michael > -- With best regards, Andrey Repin Tuesday, September 27, 2016 18:57:28 Sorry for my terrible english... _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
