Ok... so this might not even be possible so this will be theoretical
speak only.  I don't have a configuration at the moment as the
progress I made before was wiped when I gave up before.  I found out
about some limitations from my host so I was wondering if this scheme
was possible.

Both IP1 and IP2 are on different subnets.  Statically assigned by provider.
Container1 will be a container that I want to expose to the world
bypassing iptables.

There is an additional issue here.  The container's mac address can't
be leaked over the bridge.  It must appear to be coming from the host.
 Reason is because switch security doesn't allow unauthorized mac
addresses to route.

Host has IP1 on br0
Host routes IP2 to Container1 but it isn't assigned to the interface?
(eg I don't want any services on the host to be able to bind to IP2 at
all)

Container1 handles IP2 on virtual eth0
Container2 (and so forth) are NAT routed for testing

Can this be done at all?  Any input will be extremely useful.

Robert Pendell
shi...@elite-systems.org
A perfect world is one of chaos.

------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Reply via email to