How do I connect a LXC container to an IP alias?
https://stackoverflow.com//questions/25042542
-
21-12-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian题
I currently have 3 IP addresses going to the same server. The /etc/network/interfaces file on the host is as follows:
auto eth0
iface eth0 inet static
address XXX.XXX.132.107
gateway XXX.XXX.132.1
netmask 255.255.255.0
auto eth0:0
iface eth0:0 inet static
address XXX.XXX.130.21
gateway XXX.XXX.130.1
netmask 255.255.255.0
auto eth0:1
iface eth0:1 inet static
address XXX.XXX.132.244
gateway XXX.XXX.132.1
netmask 255.255.255.0
auto lo
iface lo inet loopback
I would like the host to be accessible from XXX.XXX.132.107, one LXC container to be accessible from XXX.XXX.130.21, and another LXC container accessible from the XXX.XXX.132.244. I have tried a few bridging set ups, but have been unsuccessful. Has anybody done this before? Is it even possible? Thank you!
解决方案
I know of 2 ways to do what you would like.
- Network bridging
- IPTables Nat
We'll start out with IPTables NAT since your ifconfig output already has IP Aliases setup.
Typical Host server
My 'ifconfig' output shows 'eth0' as main interface with 2 IP Aliases setup, along with the LXC generated bridge interface.
# ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:d9:66:ac
inet addr:172.16.10.71 Bcast:172.16.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:578 (578.0 B)
eth0:1 Link encap:Ethernet HWaddr 08:00:27:d9:66:ac
inet addr:172.16.10.72 Bcast:172.16.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth0:2 Link encap:Ethernet HWaddr 08:00:27:d9:66:ac
inet addr:172.16.10.73 Bcast:172.16.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
lxcbr0 Link encap:Ethernet HWaddr de:45:c9:13:2b:74
inet addr:10.0.3.1 Bcast:10.0.3.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:508 (508.0 B)
The below command shows our 2 LXC containers and their IP addresses.
# lxc-ls -f<br>
NAME STATE IPV4 IPV6 AUTOSTART<br>
-------------------------------------------<br>
test1 RUNNING 10.0.3.247 - NO<br>
test2 RUNNING 10.0.3.124 - NO
Doing an 'ifconfig' will show your 2 new interfaces created for your LXC Containers. See below for mine.
# ifconfig
veth05DUGY Link encap:Ethernet HWaddr fe:4c:2c:df:1d:c3
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:39 errors:0 dropped:0 overruns:0 frame:0
TX packets:40 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3706 (3.7 KB) TX bytes:3822 (3.8 KB)
vethTUTFID Link encap:Ethernet HWaddr fe:58:4b:19:25:3e
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:42 errors:0 dropped:0 overruns:0 frame:0
TX packets:57 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3956 (3.9 KB) TX bytes:5580 (5.5 KB)
Below shows them being part of the bridge.
# brctl show lxcbr0
bridge name bridge id STP enabled interfaces
lxcbr0 8000.fe4c2cdf1dc3 no veth05DUGY
vethTUTFID
So now the actual work. We will be using IPTables to do the forwarding. Below is the default setup before our additions
# iptables -nL -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 10.0.3.0/24 !10.0.3.0/24
So Here we go do the following.
# iptables -t nat -A PREROUTING -d 172.16.10.72 -j DNAT --to-destination 10.0.3.247
# iptables -t nat -A PREROUTING -d 172.16.10.73 -j DNAT --to-destination 10.0.3.124
The 2 above commands add IPTables rules to forward all IP traffic from the eth0:* IP to the respective IP's on the LXC Containers.
You should see the below when verifying.
# iptables -nL -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT all -- 0.0.0.0/0 172.16.10.72 to:10.0.3.247
DNAT all -- 0.0.0.0/0 172.16.10.73 to:10.0.3.124
So at this point you now have those IP's forwarded to the Containers. To make this persistent you can create a /etc/iptables.rules file and from your /etc/network/interfaces file add a "post-up" for 'iptables-restore' to restore those rules at bootup. e.g. 'post-up iptables-restore < /etc/iptables.rules' could be added under your iface line in /etc/network/interfaces.
Below is an example of network bridging. You need to remove your IP Aliases for the below to work. See example output below for what you should start out with.
Host server
$ ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:d9:66:ac
inet addr:172.16.10.71 Bcast:172.16.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:578 (578.0 B)
lxcbr0 Link encap:Ethernet HWaddr de:45:c9:13:2b:74
inet addr:10.0.3.1 Bcast:10.0.3.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:508 (508.0 B)
We won't be using the lxcbr0 interface in this case.
Create a bridge interface for use for the LXC containers.
The below command will create a 'br0' interface for use with our bridge. You will need to add the eth0 interface to the bridge. See that command farther down. ** BE WARNED ** following the bellow commands will immediately brake remote connection with server and make the server not reachable via internet anymore. These instructions assume local connection.
# brctl addbr br0
# ip link set br0 up
# brctl addif br0 eth0
# brctl show br0<br>
bridge name bridge id STP enabled interfaces<br>
br0 8000.080027d966ac no eth0
So the above commands add 'eth0' to br0 bridge and shows it being there. Next we need to move the IP address from eth0 to br0.
# ip addr del 172.16.10.71/24 dev eth0
# ip addr add 172.16.10.71/24 dev br0
You should now have similar below.
# ifconfig
br0 Link encap:Ethernet HWaddr 08:00:27:d9:66:ac
inet addr:172.16.10.71 Bcast:172.16.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:77 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6281 (6.2 KB) TX bytes:648 (648.0 B)
eth0 Link encap:Ethernet HWaddr 08:00:27:d9:66:ac
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:87 errors:0 dropped:0 overruns:0 frame:0
TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:8183 (8.1 KB) TX bytes:1296 (1.2 KB)
Next we need to edit your LXC configuration file for your 2 containers. If your system is default, you should have the following.
ls -l /var/lib/lxc
total 12
drwxr-xr-x 3 root root 4096 Aug 10 11:23 test1
drwxr-xr-x 3 root root 4096 Aug 10 11:34 test2
The above output should show both of your LXC containers. Under each directory is a file named 'config' that we need to edit.
# vi /var/lib/lxc/test1/config
Replace the line that says 'lxc.network.link = lxcbr0' with 'lxc.network.link = br0'. Do this for both containers.
Next you need to edit both containers /etc/network/interfaces file and add the real IP address as eth0 for both.
So in my examples. I would put the 172.16.10.72 IP in test1 configuration file such as '/var/lib/lxc/test1/rootfs/etc/network/interfaces'. This is updating the file from the Host machine without being inside the container yet. You of course can boot up the container and edit /etc/network/interfaces. Either way works.
If you need any clarification or additional help just add a comment asking for help. -Frank
