LXC Routed Setup 2019: Unterschied zwischen den Versionen
Aus Vosp.info
V (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „ === Host === <source lang="bash"> </source> === Container === <source lang="bash"> </source> <source lang="bash"> </source> <source lang="bash">…“) |
F (Diskussion | Beiträge) (→Warum dieses Setup) |
||
| (3 dazwischenliegende Versionen von einem anderen Benutzer werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
| + | == Warum dieses Setup== | ||
| + | * Es soll nur über die MAC-Adresse(n) der Netzwerkkarte(n) gerouted werden. | ||
| + | * Die virtuelen MAC sollen nicht am Interface auftauchen. | ||
| + | * hetzner | ||
=== Host === | === Host === | ||
| + | /etc/lxc/default.conf | ||
<source lang="bash"> | <source lang="bash"> | ||
| + | lxc.net.0.type = veth | ||
| + | lxc.net.0.flags = up | ||
| + | lxc.net.0.hwaddr = 00:11:4a:xx:xx:xx | ||
| + | </source> | ||
| + | |||
| + | |||
| + | /etc/default/lxc-net | ||
| + | <source lang="bash"> | ||
| + | USE_LXC_BRIDGE="false" | ||
| + | </source> | ||
| + | |||
| + | /etc/network/interfaces | ||
| + | <source lang="bash"> | ||
| + | auto lo | ||
| + | iface lo inet loopback | ||
| + | iface lo inet6 loopback | ||
| + | |||
| + | |||
| + | # Server Ip = 1.2.3.4 | ||
| + | # netmask = 255.255.255.0 | ||
| + | # Main Ip subnet = 2.2.3.1 (2.2.3.1 ,2.2.3.2,2.2.3.3...) | ||
| + | # Single IP I =3.2.3.1 | ||
| + | # Single IP II =4.2.3.1 | ||
| + | |||
| + | # device: eth0 | ||
| + | auto eth0 | ||
| + | iface eth0 inet static | ||
| + | address 1.2.3.4 | ||
| + | netmask 255.255.255.0 | ||
| + | gateway 1.2.3.5 | ||
| + | pointopoint 1.2.3.5 | ||
| + | # default route to access subnet | ||
| + | up route add -net x.x.x.1 netmask 255.255.255.192 gw x.x.x.2 eth0 | ||
| + | |||
| + | iface eth0 inet6 static | ||
| + | address 3a02:5f4:172:11ce::1 | ||
| + | netmask 64 | ||
| + | gateway fe80::1 | ||
| + | up sysctl -p | ||
| + | |||
| + | |||
| + | # fuer Einzel-IPs | ||
| + | auto vmbr0 | ||
| + | iface vmbr0 inet static | ||
| + | address 1.2.3.4 | ||
| + | netmask 255.255.255.255 | ||
| + | bridge_ports none | ||
| + | bridge_stp off | ||
| + | bridge_fd 0 | ||
| + | up ip route add 3.2.3.1/32 dev vmbr0 | ||
| + | up ip route add 4.2.3.1/32 dev vmbr0 | ||
| + | |||
| + | |||
| + | # fuer ein Subnet | ||
| − | |||
| + | auto vmbr1 | ||
| + | iface vmbr1 inet static | ||
| + | address 2.2.3.1 | ||
| + | netmask 255.255.255.0 | ||
| + | bridge_ports none | ||
| + | bridge_stp off | ||
| + | bridge_fd 0 | ||
| + | </source> | ||
=== Container === | === Container === | ||
| + | ==== Subnet ==== | ||
| + | /var/lib/lxc/CONTAINER/config | ||
<source lang="bash"> | <source lang="bash"> | ||
| + | lxc.arch = linux64 | ||
| + | lxc.rootfs.path = dir:/var/lib/lxc/CONTAINER/rootfs | ||
| + | lxc.uts.name = CONTAINER | ||
| + | lxc.net.0.type = veth | ||
| + | lxc.net.0.link = vmbr1 | ||
| + | lxc.net.0.flags = up | ||
| + | lxc.net.0.ipv4.address = 2.2.3.2/32 | ||
| + | lxc.net.0.ipv4.gateway = 2.2.3.1 | ||
</source> | </source> | ||
| + | ==== Single IP ==== | ||
<source lang="bash"> | <source lang="bash"> | ||
| + | lxc.arch = linux64 | ||
| + | lxc.rootfs.path = dir:/var/lib/lxc/CONTAINER/rootfs | ||
| + | lxc.uts.name = CONTAINER | ||
| + | lxc.net.0.type = veth | ||
| + | lxc.net.0.link = vmbr0 | ||
| + | lxc.net.0.flags = up | ||
| + | lxc.net.0.ipv4.address = 3.2.3.1/32 | ||
| + | lxc.net.0.ipv4.gateway = 1.2.3.4 | ||
| + | ... | ||
| + | </source> | ||
| + | |||
| − | |||
| + | === Überprüfen === | ||
| + | auf dem Host : | ||
<source lang="bash"> | <source lang="bash"> | ||
| − | + | tcpdump -n -i eth0 -e |egrep '00:11:4a' | |
| + | darf nicht auftauchen | ||
</source> | </source> | ||
Aktuelle Version vom 25. November 2019, 19:27 Uhr
Inhaltsverzeichnis
Warum dieses Setup
- Es soll nur über die MAC-Adresse(n) der Netzwerkkarte(n) gerouted werden.
- Die virtuelen MAC sollen nicht am Interface auftauchen.
- hetzner
Host
/etc/lxc/default.conf
lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:11:4a:xx:xx:xx
/etc/default/lxc-net
USE_LXC_BRIDGE="false"
/etc/network/interfaces
auto lo
iface lo inet loopback
iface lo inet6 loopback
# Server Ip = 1.2.3.4
# netmask = 255.255.255.0
# Main Ip subnet = 2.2.3.1 (2.2.3.1 ,2.2.3.2,2.2.3.3...)
# Single IP I =3.2.3.1
# Single IP II =4.2.3.1
# device: eth0
auto eth0
iface eth0 inet static
address 1.2.3.4
netmask 255.255.255.0
gateway 1.2.3.5
pointopoint 1.2.3.5
# default route to access subnet
up route add -net x.x.x.1 netmask 255.255.255.192 gw x.x.x.2 eth0
iface eth0 inet6 static
address 3a02:5f4:172:11ce::1
netmask 64
gateway fe80::1
up sysctl -p
# fuer Einzel-IPs
auto vmbr0
iface vmbr0 inet static
address 1.2.3.4
netmask 255.255.255.255
bridge_ports none
bridge_stp off
bridge_fd 0
up ip route add 3.2.3.1/32 dev vmbr0
up ip route add 4.2.3.1/32 dev vmbr0
# fuer ein Subnet
auto vmbr1
iface vmbr1 inet static
address 2.2.3.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
Container
Subnet
/var/lib/lxc/CONTAINER/config
lxc.arch = linux64
lxc.rootfs.path = dir:/var/lib/lxc/CONTAINER/rootfs
lxc.uts.name = CONTAINER
lxc.net.0.type = veth
lxc.net.0.link = vmbr1
lxc.net.0.flags = up
lxc.net.0.ipv4.address = 2.2.3.2/32
lxc.net.0.ipv4.gateway = 2.2.3.1
Single IP
lxc.arch = linux64
lxc.rootfs.path = dir:/var/lib/lxc/CONTAINER/rootfs
lxc.uts.name = CONTAINER
lxc.net.0.type = veth
lxc.net.0.link = vmbr0
lxc.net.0.flags = up
lxc.net.0.ipv4.address = 3.2.3.1/32
lxc.net.0.ipv4.gateway = 1.2.3.4
...
Überprüfen
auf dem Host :
tcpdump -n -i eth0 -e |egrep '00:11:4a'
darf nicht auftauchen
