LXC Routed Setup 2019
Aus Vosp.info
Version vom 25. November 2019, 16:17 Uhr von V (Diskussion | Beiträge)
Inhaltsverzeichnis
Warum dieses Setup
Es soll nur über die MAC-Adresse(n) der Netzwerkkarte(n) gerouted werden. Die virtuelen MAC sollen nicht am Interface auftauchen.
Host
/etc/lxc/default.conf
lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:11:4a:xx:xx:xx
/etc/default/lxc-net
USE_LXC_BRIDGE="false"
/etc/network/interfaces
auto lo
iface lo inet loopback
iface lo inet6 loopback
# Server Ip = 1.2.3.4
# netmask = 255.255.255.0
# Main Ip subnet = 2.2.3.1 (2.2.3.1 ,2.2.3.2,2.2.3.3...)
# Single IP I =3.2.3.1
# Single IP II =4.2.3.1
# device: eth0
auto eth0
iface eth0 inet static
address 1.2.3.4
netmask 255.255.255.0
gateway 1.2.3.5
pointopoint 1.2.3.5
# default route to access subnet
up route add -net x.x.x.1 netmask 255.255.255.192 gw x.x.x.2 eth0
iface eth0 inet6 static
address 3a02:5f4:172:11ce::1
netmask 64
gateway fe80::1
up sysctl -p
# fuer Einzel-IPs
auto vmbr0
iface vmbr0 inet static
address 1.2.3.4
netmask 255.255.255.255
bridge_ports none
bridge_stp off
bridge_fd 0
up ip route add 3.2.3.1/32 dev vmbr0
up ip route add 4.2.3.1/32 dev vmbr0
# fuer ein Subnet
auto vmbr1
iface vmbr1 inet static
address 2.2.3.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
Container
Subnet
/var/lib/lxc/CONTAINER/config
lxc.arch = linux64
lxc.rootfs.path = dir:/var/lib/lxc/CONTAINER/rootfs
lxc.uts.name = CONTAINER
lxc.net.0.type = veth
lxc.net.0.link = vmbr1
lxc.net.0.flags = up
lxc.net.0.ipv4.address = 2.2.3.2/32
lxc.net.0.ipv4.gateway = 2.2.3.1
Single IP
lxc.arch = linux64
lxc.rootfs.path = dir:/var/lib/lxc/CONTAINER/rootfs
lxc.uts.name = CONTAINER
lxc.net.0.type = veth
lxc.net.0.link = vmbr0
lxc.net.0.flags = up
lxc.net.0.ipv4.address = 3.2.3.1/32
lxc.net.0.ipv4.gateway = 1.2.3.4
...
Überprüfen
auf dem Host :
tcpdump -n -i eth0 -e |egrep '00:11:4a'
darf nicht auftauchen
