On 05/09/2011 03:10 PM, Ulli Horlacher wrote: > > I have a lxc host (zoo 129.69.1.68) with a container (vmtest8 129.69.8.6). > > I want all host/container communication to be internal without network > traffic going via external router.
Maybe I misunderstood but why don't you setup a bridge for the container only without attaching the physical interface and making sure /proc/sys/net/ipv4/ip_forward is not set ? > I know I can setup host routes like: > > root@vms2:# route add -host 129.69.8.6 gw 129.69.1.68 > > root@vms2:# route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > 129.69.8.6 129.69.1.68 255.255.255.255 UGH 0 0 0 br0 > 129.69.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 > 0.0.0.0 129.69.1.254 0.0.0.0 UG 100 0 0 br0 > > root@vms2:# lxc -c vmtest8 > > Type<Ctrl+a q> to exit the console > > root@vmtest8:~# route add -host 129.69.1.68 gw 129.69.8.6 > > root@vmtest8:~# route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > 129.69.1.68 129.69.8.6 255.255.255.255 UGH 0 0 0 eth0 > 129.69.8.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 0.0.0.0 129.69.8.254 0.0.0.0 UG 0 0 0 eth0 > > > root@vms2:# ping 129.69.8.6 > PING 129.69.8.6 (129.69.8.6) 56(84) bytes of data. > 64 bytes from 129.69.8.6: icmp_seq=1 ttl=64 time=9.54 ms > 64 bytes from 129.69.8.6: icmp_seq=2 ttl=64 time=0.015 ms > 64 bytes from 129.69.8.6: icmp_seq=3 ttl=64 time=0.014 ms > 64 bytes from 129.69.8.6: icmp_seq=4 ttl=64 time=0.013 ms > 64 bytes from 129.69.8.6: icmp_seq=5 ttl=64 time=0.015 ms > 64 bytes from 129.69.8.6: icmp_seq=6 ttl=64 time=0.013 ms > ^C > --- 129.69.8.6 ping statistics --- > 6 packets transmitted, 6 received, 0% packet loss, time 4998ms > rtt min/avg/max/mdev = 0.013/1.602/9.547/3.553 ms > > But I do not want to set up such host routes manually, they should be > created some kind of automatic. > > With only 1 host/container pair it is not much trouble. But later I want > to have a dozen containers and they all should use internal routing. > > Modifying the host and each container VM routing table manually is nasty. > > ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Lxc-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lxc-users
