84 lines
1.5 KiB
Markdown
84 lines
1.5 KiB
Markdown
---
|
|
title: 'LXC Networking'
|
|
date: 2021-11-13T15:06:57Z
|
|
draft: false
|
|
---
|
|
|
|
# LXC network configurations
|
|
|
|
## create network bridge
|
|
```
|
|
brctl add br0
|
|
```
|
|
|
|
## add virtual ethernet interface to container
|
|
|
|
Add the following lines to _/var/lib/lxc/container/config_
|
|
```
|
|
lxc.net.0.type = veth
|
|
lxc.net.0.link = br0
|
|
lxc.net.0.flags = up
|
|
lxc.net.0.name = eth0
|
|
```
|
|
|
|
## iptables
|
|
### port forwarding
|
|
iptables (IPv4) and ip6tables (IPv6) DNAT target to forward services to container.
|
|
|
|
```
|
|
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8448 -j DNAT \
|
|
--to-destination 10.3.0.31:8448
|
|
```
|
|
|
|
### masquerading
|
|
Translate outgoing traffic from container to public IP address
|
|
|
|
```
|
|
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
|
```
|
|
|
|
## IPv6
|
|
### network configuration
|
|
#### host
|
|
```
|
|
ip addr add fd00::1/8 dev br0
|
|
```
|
|
```
|
|
cat > /etc/sysctl.d/ipv6-forwarding.conf <<EOF
|
|
net.ipv6.conf.eth0.accept_ra = 2
|
|
net.ipv6.conf.br0.accept_ra = 2
|
|
net.ipv6.conf.default.accept_ra = 2
|
|
net.ipv6.conf.all.accept_ra = 2
|
|
|
|
net.ipv6.conf.all.forwarding = 1
|
|
net.ipv6.conf.default.forwarding = 1
|
|
net.ipv6.conf.eth0.forwarding = 1
|
|
net.ipv6.conf.br0.forwarding = 1
|
|
EOF
|
|
```
|
|
|
|
#### container
|
|
```
|
|
ip addr add fd00::20:1/64 dev eth0
|
|
ip route add default via fd00::1 dev eth0
|
|
```
|
|
|
|
### port forwarding
|
|
```
|
|
ip6tables \
|
|
-t nat \
|
|
-A PREROUTING \
|
|
-d 2a03:4000:15:68::20/128 \
|
|
-i eth0 \
|
|
-p tcp \
|
|
-m tcp \
|
|
--dport 587 \
|
|
-j DNAT \
|
|
--to-destination [fd00::20:1]:587
|
|
```
|
|
|
|
### masquerade
|
|
```
|
|
ip6tables -t nat -A POSTROUTING -s fd00::20:1/128 -o eth0 -j SNAT --to-source 2a03:4000:15:68::20
|
|
```
|