Hello,
I have a LXD server with multiple IPs (aliases) and a number of containers. I need to set each container to connect to the Internet using a particular IP. Currently, I have no control on which IP is used by each container, as they all use using the “main” interface IP.
I think the reason for this behaviour is that I am masquerading all the traffic that leave the host trought the eth0 interface and I have to use SNAT instead. But, is there any other way to achieve this trought LXD instead of using iptables?
Here there is some info about my setup:
$ lxd --version
4.11
$ sudo ifconfig (edited)
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet publicIp1 netmask 255.255.255.0 broadcast xxx
eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet publicIp2 netmask 255.255.255.0 broadcast xxx
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet publicIp3 netmask 255.255.255.0 broadcast xxx
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.119 netmask 255.255.255.0 broadcast 10.0.0.255
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
lxdbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.236.142.1 netmask 255.255.255.0 broadcast 0.0.0.0
../..
$ sudo brctl show
bridge name bridge id STP enabled interfaces
lxdbr0 8000.00163e42760c no veth1a1899ef
veth1e58af76
veth58efcbcc
veth650d1da6
vethd29de20f
vethd7981757
$ sudo iptables -L -n -t nat -v
../..
Chain POSTROUTING (policy ACCEPT 1 packets, 84 bytes)
pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
0 0 MASQUERADE all -- * eth0 10.0.0.0/24 !10.0.0.0/24
../..
$ lxc network show lxdbr0
config:
ipv4.address: 10.236.142.1/24
ipv4.nat: "true"
ipv6.address: fd42:63e7:5dca:b480::1/64
ipv6.nat: "true"
description: ""
name: lxdbr0
type: bridge
used_by:
- /1.0/instances/call
- (more instances here)
managed: true
status: Created
locations:
- none
$ lxc list
+-------------------+---------+-----------------------+------+-----------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+-------------------+---------+-----------------------+------+-----------+-----------+
| call | RUNNING | 10.236.142.187 (eth0) | | CONTAINER | 0 |
+-------------------+---------+-----------------------+------+-----------+-----------+
../..
Currently, the “call” container is using publicIp1 to connect to the Internet, but I want to set it up so that it uses publicIp3:
root@call:~# dig +short myip.opendns.com @resolver1.opendns.com
publicIp1