Confusion over linux host networking for lxc

darksky · May 25, 2018, 8:08pm

I currently use a lxc to connect to a VPN provider for anonymous browsing. My host os is using systemd-network bridges. I recently read about lxc-net but am confused about the differences. Does either method offer better separation/isolation for the protection of my host os? Are they the same from that regard?

Networking setup in the container:
lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.link = br0
lxc.net.0.name = eth0

Networking setup on the host OS:
/etc/systemd/network/br0.netdev
/etc/systemd/network/br0.network
/etc/systemd/network/uplink.network

/etc/systemd/network/br0.netdev
[NetDev]
Name=br0
Kind=bridge

/etc/systemd/network/br0.network
[Match]
Name=br0
[Network]
DHCP=v4

/etc/systemd/network/uplink.network
[Match]
Name=eno1
[Network]
Bridge=br0

brauner · May 28, 2018, 1:37pm

@stgraber, can you help out here?

stgraber · May 28, 2018, 2:21pm

lxc-net's main selling point here is that it can run dnsmasq for you to provide DHCP/DNS on an isolated bridge which is then NATed to your normal network.

As you seem to only really care about bridging a physical device here and having your containers connected to it, systemd-network should be perfectly fine for this use.

darksky · May 28, 2018, 2:27pm

Thanks for the replies, all.