Linux – Setup public IP address on LXC container

iplinuxlxcnetworkingUbuntu

Can anyone tell me how to setup a network interface for each LXC container so that each container can have its own dedicated IP address?

Here's what the /etc/network/interfaces file on my host node looks like:

# Generated by SolusVM

 auto lo
  iface lo inet loopback

 auto eth0
  iface eth0 inet static
   address 160.201.10.167
   gateway 160.201.8.1
   netmask 255.255.252.0
   dns-nameservers 8.8.8.8 8.8.4.4

 auto eth0:0
  iface eth0:0 inet static
   address 160.201.8.32
   gateway 160.201.8.1
   netmask 255.255.252.0
   dns-nameservers 8.8.8.8 8.8.4.4

 auto eth0:1
  iface eth0:1 inet static
   address 160.201.8.36
   gateway 160.201.8.1
   netmask 255.255.252.0
   dns-nameservers 8.8.8.8 8.8.4.4

 auto eth0:2
  iface eth0:2 inet static
   address 160.201.8.37
   gateway 160.201.8.1
   netmask 255.255.252.0
   dns-nameservers 8.8.8.8 8.8.4.4

Here's what my LXC container config file looks like:

lxc.include = /usr/share/lxc/config/ubuntu.common.conf
lxc.rootfs = /var/lib/lxc/francis/rootfs
lxc.mount = /var/lib/lxc/francis/fstab
lxc.utsname = francis
lxc.arch = amd64
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = eth0
lxc.network.hwaddr = 00:16:3e:de:53:6f
lxc.network.ipv4 = 160.201.8.32
lxc.cgroup.memory.limit_in_bytes = 256M
lxc.cgroup.memory.memsw.limit_in_bytes = 256M

Can anyone show me how to give the container "francis" its own public IP address, like 160.201.8.32 for example?

My host node is running Ubuntu 14.04 Server.

Best Answer

It depends what you actually want to do.

If you simply wish to make your container to be fully autonomous with its IP or simply make it reachable for particular protocols on particular ports.

For the second case, you simply need to enable routing on eth0 and set up NAT rules to NAT/unNAT specific ports and protocols to/from the container private IP on LXC's bridge.

For the first case, you will need to add another bridge, enable proxy_arp on both eth0 and the new bridge interface and assign directly the public IP address to the container veth interface without using any IP aliasing on eth0. Then setup iptables rules to avoid exposing what's unecessary to your network.

Related Topic