1

I've been trying to achieve the following. I want to use LXC as a thin isolation layer inside our physical machines, meaning each machine will have only one container running.

For this container, I want to have an internal network IP to be assigned (statically, we don't have DHCP unfortunately).

Consider an example:

  1. I have a host system with an IP 192.168.1.2/24
  2. I want the container I start in it to use 192.168.1.3/24 and be accessible from the network.

Here's what I tried to do:

  1. At host system, create a bridge with eth0 with an address 192.168.1.3/24, then bind the container to it in veth mode. The internal IP of the container is, say, 10.0.0.2.
  2. Instead of a bridge above, create a macvlan network.
  3. Same as 2, but create a macvlan network in bridge mode.
  4. In the container, create a macvlan interface linked to hosts's eth0 and assign 192.168.1.3/24 to it.

Nothing of that works.

My guess is that I'm also supposed to add some routes or something, but I even have no idea which way of the above is correct.

demeshchuk
  • 111
  • 2
  • 1
    Bridging is the right way and easiest way to do this. I suggest spending some more time on it, and documenting what you do in detail. – Michael Hampton Apr 24 '14 at 01:25
  • I guess, my main question was about adding routes or iptables rules that properly handle all that. From what I've managed to find, the first 3 solutions I tried are all relevant but have different performance drawbacks. – demeshchuk Apr 24 '14 at 03:53

0 Answers0