---
title: 'LXC Networking'
date: 2021-11-13T15:06:57Z
draft: false
---

# LXC network configurations

## create network bridge
```
brctl add br0
```

## add virtual ethernet interface to container 

Add the following lines to _/var/lib/lxc/container/config_
```
lxc.net.0.type  = veth
lxc.net.0.link  = br0
lxc.net.0.flags = up
lxc.net.0.name  = eth0
```

## iptables
### port forwarding
iptables (IPv4) and ip6tables (IPv6) DNAT target to forward services to container.

```
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8448 -j DNAT \
        --to-destination 10.3.0.31:8448
```

### masquerading
Translate outgoing traffic from container to public IP address

```
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
```

## IPv6
### network configuration
#### host 
```
ip addr add fd00::1/8 dev br0
```
```
cat > /etc/sysctl.d/ipv6-forwarding.conf <<EOF
net.ipv6.conf.eth0.accept_ra = 2
net.ipv6.conf.br0.accept_ra = 2
net.ipv6.conf.default.accept_ra = 2
net.ipv6.conf.all.accept_ra = 2

net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.eth0.forwarding = 1
net.ipv6.conf.br0.forwarding = 1
EOF
```

#### container
```
ip addr add fd00::20:1/64 dev eth0
ip route add default via fd00::1 dev eth0
```

### port forwarding
```
ip6tables \
  -t nat \
  -A PREROUTING \
  -d 2a03:4000:15:68::20/128 \
  -i eth0 \
  -p tcp \
  -m tcp \
  --dport 587 \
  -j DNAT \
  --to-destination [fd00::20:1]:587
```

### masquerade
```
ip6tables -t nat -A POSTROUTING -s fd00::20:1/128 -o eth0 -j SNAT --to-source 2a03:4000:15:68::20
```