[config for network] --- https://www.pld-linux.org/docs/lxc?rev=1403789106 +++ https://www.pld-linux.org/docs/lxc?rev=1404291384 @@ -123,16 +123,17 @@ ===== Sample configs ===== ==== config for network ==== - static networking, set ''VSERVER=yes'' and ''VSERVER_ISOLATION_NET=yes'' in guest ''/etc/sysconfig/system'' to disable all network configuration by guest. + static networking, set ''VSERVER=yes'' and ''VSERVER_ISOLATION_NET=yes'' in guest ''/etc/sysconfig/system'' to disable all network configuration by guest, set RC_PROMPT=no to avoid hanging startaup scripts, in general it's good idea to turn off there most of things - - uses ''macvlan'' - - that interface is NOT visible on host - - you can't filter it from host's firewall + ===== network using macvlan in bridge mode ===== + - traffic from host to guest (and vice-versa) is NOT passed. external trafic works + - guest interface is NOT visible on host + - you can't filter guest straffic from host's firewall + - host can use seme default interface with and without guests running. - you HAVE to set mac. If not - on every container start you'll have different one (your router will not pass the traffic). - iptables is initialized from lxc.hook.pre-mount hook (ran in the container's namespace and having macvlan interface visible) - first boot with ''hwaddr'' line disabled, look what the random address was assigned, set it in config. also you may use some generation techniques like these: using last three ip numbers and [[http://xenbits.xen.org/docs/4.3-testing/misc/xl-network-configuration.html|Xen's OUI (00:16:3e)]] address space. If IP is ''192.168.2.160'', then: @@ -154,8 +155,10 @@ lxc.hook.pre-mount = /sbin/service iptables start lxc.cap.drop = net_admin </file> + + ===== network using bridged veth interfaces ===== ==== full config ==== <code bash>
Diff URL: https://www.pld-linux.org/docs/lxc?do=diff&r1=1403789106&r2=1404291384 -- This mail was generated by DokuWiki at https://www.pld-linux.org/ _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
