I have an entire /27 subnet which i’m trying to dedicate each public ip for a container. I’ve tried so many things with docker and nspawn that I’m completely open to suggestions. My ip setup is like this (dummy ips obviously):
My main ip that came with the server is 1.1.1.1
The /27 subnet i bought starts from 2.2.2.0
They’re all bound to the same interface eth0
I need each individual ip dedicated to a single container
In my various attemps of this, docker showed the correct ip, 2.2.2.3 for example, but it still used the main one 1.1.1.1 when i check the public ip with api.ipify.org. This is as far as I got
Another promising setup was creating a dummy interface and assigning the ip to it and passing the whole interface to systemd-nspawn. It still resulted in no connection.
So my question is rather ample, as i haven’t looked into lxd/lxc yet, how would you approach this situation? I appreciate any help.
If your hosting provider allows multiple MAC addresses on your external network interface, then you could use the macvlan NIC type (see Instances | LXD) with a parent set to the external interface. Then you would likely need to setup the IP addressing manually inside your container to the IP you want it to have. Macvlans do not allow the host <-> instance communication though (by design).
The other alternative is to connect your external interface to a manually configured bridge and move the host’s current IP address settings to the bridge interface (e.g. br0). See Netplan | Backend-agnostic network configuration in YAML.
This would then allow you to use the bridged NIC type (see Instances | LXD) with the parent set to the bridge interface and would then allow your instance to connect with both the external network and the host.
Finally, there’s the routed NIC type (see Instances | LXD) which allows host <-> instance communication, and allows an external IP to be assigned to the instance directly (without NAT), and doesn’t require the use of an additional MAC address (which means if your hosting provider only allows a single MAC per port this will still work unlike the other two solutions). But routed NIC doesn’t allow dynamic IP configuration or broadcast traffic (by design).