How to configure external IP addresses for LXC guests?
This is pretty much right—though you're missing a line like this:
lxc.network.ipv4.gateway = X.X.X.X
I have an LXC guest running on Debian. First, you set up the host bridge (the easy way), in /etc/network/interfaces
:
auto wan
iface wan inet static
address 72.X.X.X
netmask 255.255.255.0
gateway 72.X.X.1
bridge_ports wan_phy # this line is important.
bridge_stp off
bridge_fd 2
bridge_maxwait 20
In your case, you've called it br0
, and I've called it wan
. The bridge can be called anything you want. You get this working first—if it fails, investigate with (e.g.,) brctl
Then your LXC config is set up to join that bridge:
lxc.utsname = FOO
lxc.network.type = veth
lxc.network.link = wan # remember, this is what I call my bridge
lxc.network.flags = up
lxc.network.name = v-wan # optional, I believe
lxc.network.ipv4 = 72.X.X.Y/24 # different IP than the host
lxc.network.ipv4.gateway = 72.X.X.1 # same as on the host
As HoverHell notes, someone with root in the container can change the IP address. Yep. It's a bridge (aka Ethernet switch). If you want to prevent that, you can use firewall rules on the host—at least in my case, the packets need to go through the host's iptables.
I haven't gotten fully into LXC,
but i have setup multiple containers with there own static ip's in lan which provide internet services for some of my websites...
Maybe this can help, on what you want for yours.
I run multiple containers, like so,
ON HOST MACHINE I Edited The Host's File, Adding Each Container & Host Machine: vi /etc/hosts
lxc host machine: 192.168.1.100
container1: 192.168.1.101
container2: 192.168.1.102
container3: 192.168.56.102
container4: 192.166.56.103
after saving...
Again, On the host machine i set network & bridge to:
# /etc/network/interfaces
auto eth0
iface eth0 inet manual
auto br0
iface br0 inet static
bridge_ports eth0
bridge_stp off
bridge_fd 0
bridge_maxwait 0
**address** 192.168.1.100
netmask 255.255.255.0
**network 192.168.1.1**
**broadcast** 192.168.1.100
gateway 192.168.1.1
dns-nameservers 8.8.8.8 8.8.4.4
above the network is my router ip, for lan. (internal) address & broadcast is host machine, internal ip, which i later use a VHOST for internet access, webservers, ftp, etc.
FOR LXC CONTAINERS 1-4 I SETUP CONFIG LIKE SO:
LXC CONFIG
lxc.network.type=veth
lxc.network.link=br0
lxc.network.flags=up
lxc.network.hwaddr=00:16:3e:13:48:4e
**lxc.network.ipv4=192.168.1.101**
now Container 1 IP = 192.168.1.101
i repeat for additional containers to have there own static ip on the lan..
in container 1-4,
log in from the host:
lxc-console -n CONTAINERNAME,
& i set each containers network to static, eth0 to:
auto eth0
iface eth0 inet static
address 192.168.1.101
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.1.101
gateway 192.168.1.1
dns-nameservers 8.8.8.8 8.8.4.4
EACH OF THE CONTAINERS HAS IT OWN IP, (local) AVAILABLE ON THE LAN. U CAN SSH EACH INDIVIDUAL LOCAL IP, TO TEST USING PUTTY!
After that im pretty sure u should figure out how to run them via internet after, example, vhost to container ip / load balancers / proxy / etc..
Maybe this setup can help out in anyway.