Setting up bridged LXC containers with static IPs

networking lxc bridge static-ip

I'm trying to setup multiple LXC containers on a host, each with public static IPs of their own.

My host is running the latest Ubuntu. It has a single network interface named eth0. The static IPs are pingable from the internet and are named eth0:210, eth0:211... The numbers after the colon are the least significant byte of the addresses. In addition to these interfaces I have br0 setup on the host's public IP. There are also the lo, veth2LPP9A, and lxcbr0 interfaces. The lxcbr0 has the address of a private IP.

The host /etc/network/interfaces looks like:

auto br0
iface br0 inet static
        bridge_ports eth0
        bridge_fd 0
        [...]

So far I've used various online sources, including Bridging LXC containers to host eth0 so they can have a public IP to help me set this up.

The container's config file has:

lxc.network.type = veth
lxc.network.link = br0

I've removed the static lxc.network.ipv4 configuration from this file since it caused problems. When I ran lxc-ls --fancy with this configuration, I'd see the same public IP twice in the output. Additionally, it would mess with the subnet configuration of the container's /etc/network/interfaces.

Speaking of the container's interfaces file, it looks a bit like:

auto eth0
iface eth0 inet static
        address [...]
        netmask 255.255.255.255
        #gateway [...]
        dns-nameservers 8.8.8.8

        post-up route add [...] dev eth0
        post-up route add default gw [...]
        post-down route del [...] dev eth0
        post-down route del default gw [...]

I had to comment out the gateway and add the route add commands to this file. Otherwise, the container would take minutes to boot.

The /proc/sys/net/bridge/bridge-nf-* files on the host are all set to 0. The /proc/sys/net/ipv4/ip_forward value is 1.

The problem is, even though the container's "route -n" looks like it should, I can't ping out of the container. SSHing to what should be the container's IP, connects me to the host.

EDIT: Removing the container's static IP from the host did help, but now I'm getting a new error. Trying to ping the container from the host results in Redirect HostFrom , New nexthop. The packets are just going from the gateway to the host, repeatedly. Running a traceroute from the host shows that the first stop is at the gateway. Then all of the other routes are * * *. I get the same problem regardless if the container is online or not.


Solution 1:

In fact you can set the address and gateway from within the host and configure the container not to touch the interface at all using the keyword manual.

Place this within the guests /etc/network/interfaces:

auto eth0
iface eth0 inet manual

Also leave it up to the container's config file to set up the interface:

lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = lxc-bridge-nat
lxc.network.ipv4 = 192.168.100.16/24
lxc.network.ipv4.gateway = auto

The guest will behave like it's BIOS already set up the interface and just use it.

Especially explore lxc.network.ipv4.gateway.

Solution 2:

Since you are bridging, you need to set the IP addresses in the container only, and not on the host. The host should only have its own IP address(es).

Solution 3:

The best way I find and the quickest is to use the lxc profiles

lxc profile list - command the list all the profiles you have Then

lxc profile copy default minecraft(this is the name of your new profile)

Then lxc profile edit minecraft

This will come up

devices:
  eth0:
    ipv4.address: 192.168.1.114/24  - add this line and enter any ip address you like
    name: eth0
    nictype: macvlan - this is my setting
    parent: enp0s25
    type: nic
  root:
    path: /
    pool: lxc_zfs
    type: disk
name: mine
used_by:

then save it

next assign the profile to your LXC container like this

lxc profile assign YOUR_CONTAINER_NAME YOUR_NEW_PROFILE_NAME

then just restart the container and your new ip address is set to that container

Solution 4:

I just did it the other day with Ubuntu 14.04. It is simple. You just have to edit the /etc/network/interfaces file inside your container, and set this:

auto eth0
iface eth0 inet static
 address $IP
 netmask $NETMASK
 gateway $GW
 dns-nameservers $DNS

Replace every variable with the desired value.

You DON'T have to do anything else!

PS: Notice the space before some lines. It is mandatory.

Related

Can't backup the mysql table with mysqldump. SELECT,LOCK TABL command denied for 'cond_instances' [closed]
How to Monitor Bandwidth usage in real terms
Windows DHCP Server - get notification when a non-AD joined device gets an IP address
Spamassassin flagged something as spam that is not spam. How do I tell it so?
List All Groups and Their Members with PowerShell on Win2008r2
How to allow RDP access based on client certificate
How GRO (generic receive offload) works on more advanced NICs?
Backing up data stored on Amazon S3
Can MS Certificate Services be a Subordinate to CA created with OpenSSL
Move windows between Spaces in Mac OS X using only the keyboard
Can I have 8 GB RAM on 32-bit Win 7? [duplicate]
USB-C Chargers: Is it safe to charge a phone with a laptop's power supply?