On Tue, Apr 3, 2012 at 9:29 PM, Arun M <arunmahadevai...@gmail.com> wrote: > Hello, > > I am looking for a standard network config that can be used for running > multiple containers in the same physical host. There could be 100s of > containers running in a single host. > > What I am not clear is, what IP and ethernet address should I use while > invoking the container.
Depends on what you need. You should learn about bridge and NAT. It's not really lxc-specific. > > Should I just create a bridge device with a local IP (say 192.168.254.1) and > add this as the default gateway for all the containers. > > For access to external network, would a single NAT rule like this suffice? > > iptables -t nat -A POSTROUTING -s 192.168.254.0/24 -o eth0 -j MASQUERADE I think so. Look at what libvrt and lxc does with virbr0 and lxcbr0. It should be similar. > > > Also the containers should have limited network access. They should be able > to > 1. connect to a limited set of outside hosts in the intranet > 2. connect only to a few well known ports (say 80/443) in the internet. > Then create your own firewall rules. It's as simple as that. -- Fajar ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
