initial content

2021-11-13 22:02:05 +01:00
commit 479cb90eac
12 changed files with 663 additions and 0 deletions
--- a/content/knowledge/lxc/lxc-networking.md
+++ b/content/knowledge/lxc/lxc-networking.md
@ -0,0 +1,83 @@
+---
+title: 'LXC Networking'
+date: 2021-11-13T15:06:57Z
+draft: false
+---
+
+# LXC network configurations
+
+## create network bridge
+```
+brctl add br0
+```
+
+## add virtual ethernet interface to container 
+
+Add the following lines to _/var/lib/lxc/container/config_
+```
+lxc.net.0.type  = veth
+lxc.net.0.link  = br0
+lxc.net.0.flags = up
+lxc.net.0.name  = eth0
+```
+
+## iptables
+### port forwarding
+iptables (IPv4) and ip6tables (IPv6) DNAT target to forward services to container.
+
+```
+iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8448 -j DNAT \
+        --to-destination 10.3.0.31:8448
+```
+
+### masquerading
+Translate outgoing traffic from container to public IP address
+
+```
+iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+```
+
+## IPv6
+### network configuration
+#### host 
+```
+ip addr add fd00::1/8 dev br0
+```
+```
+cat > /etc/sysctl.d/ipv6-forwarding.conf <<EOF
+net.ipv6.conf.eth0.accept_ra = 2
+net.ipv6.conf.br0.accept_ra = 2
+net.ipv6.conf.default.accept_ra = 2
+net.ipv6.conf.all.accept_ra = 2
+
+net.ipv6.conf.all.forwarding = 1
+net.ipv6.conf.default.forwarding = 1
+net.ipv6.conf.eth0.forwarding = 1
+net.ipv6.conf.br0.forwarding = 1
+EOF
+```
+
+#### container
+```
+ip addr add fd00::20:1/64 dev eth0
+ip route add default via fd00::1 dev eth0
+```
+
+### port forwarding
+```
+ip6tables \
+  -t nat \
+  -A PREROUTING \
+  -d 2a03:4000:15:68::20/128 \
+  -i eth0 \
+  -p tcp \
+  -m tcp \
+  --dport 587 \
+  -j DNAT \
+  --to-destination [fd00::20:1]:587
+```
+
+### masquerade
+```
+ip6tables -t nat -A POSTROUTING -s fd00::20:1/128 -o eth0 -j SNAT --to-source 2a03:4000:15:68::20
+```