Container with Static IP from Router?

Hello everyone,

Details:
Host: Debian 12
Instance: debian-bookworm-amd64-default-20240901_05:24
Incus Version: 6.5

Main Goal: I am trying to have a container that can communicate with other devices on my network. Example: ping my laptop to check if it is still powered on. To that end I thought the easiest approach would be to have a container that acquires a static ip from my router using macvlan. But there are major problems…

I need my container to have a static ip on the network so that the different devices can also sometimes communicate with the container. I tried attaching the nic device using the settings below. If anyone can also help me to disable ipv6 from the incus configuration as well that would be great but I already know how to do that from within the container so it is not an absolute must.

Macvlan attempt:
devices:
eth0:
name: eth0
nictype: macvlan
parent: enp2s0
type: nic

Now, it works just fine and communicates with the network, but I cannot figure out how to assign a static ip address from here. Typically, in an ordinary host system I would assign static ips by modifying the /etc/network/interfaces file. But that file and directory does not exist in this container, apparently. I’m not familiar with any other ways to do this.

I also tried ipvlan and routed options to assign from within incus but I could not get them to work. They would never assign an ipv4 address but would still assign ipv6 addresses YET fail to connect to the internet regardless. I used the settings below for those…

devices:
eth0:
name: eth0
nictype: ipvlan
parent: enp2s0
type: nic
ipv4.address: 192.168.1.220
ipv6.gateway: none

OR

devices:
eth0:
name: eth0
nictype: routed
parent: enp2s0
type: nic
ipv4.address: 192.168.1.220
ipv6.gateway: none

In the case of routed I also added

net.ipv4.conf..forwarding=1

to my host sysctl.conf as the instructions state.

Any help you all can give would be greatly appreciated.

There are several ways for the container to get an IP address from the LAN, and you list a few of them. When the container gets an IP address from the LAN with DHCP, it will keep getting the same IP address as long as you configure your router to give the same IP address for that MAC address. This is a common configuration in routers.

The downside with macvlan is that your container will not be able to access the host over the network. Ideally, you can use a bridge instead.

Hello. Thank you for the response. If I were to use a bridge, how could I configure it so that the container can ping a device on my home LAN, like a laptop device for example? With a macvlan nictype, I can just ping the ip address of the device but I didn’t think that was possible with a bridge network.

(if you are happy with macvlan, then keep macvlan. As I said, the only major downside is that your container with macvlan cannot access the host through the network. If you are happy with that, keep macvlan).

See, for example, Incus Containers Step by Step - ScottiByte's Discussion Forum on how to create a bridge and then launch containers on that bridge.

Hi,

It’s very simple.

On your host machine, you must have the virtual network interface “lxbr0” visible from the command “ip addr show” AND the physical network interface “eno1” for example.

The transfer must be active; on your physical network card and on the virtual network card (bridge) so that the container network 172.16.0.0/24 and that of your local network 192.168.1.0/24 can communicate.

I’ll give you an example :

# IPv4 configuration default forward networks cards
root@lab3w:~ # sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1

root@lab3w:~ # sysctl net.ipv4.conf.eno1.forwarding
net.ipv4.conf.eno1.forwarding = 1

root@lab3w:~ # sysctl net.ipv4.conf.lxbr0.forwarding
net.ipv4.conf.lxbr0.forwarding = 1
# IPv6 configuration networks cards forward

# physic card IPv6 system conf
root@lab3w:~ # sysctl net.ipv6.conf.eno1.forwarding
net.ipv6.conf.eno1.forwarding = 1
# bridge card IPv6 system conf
root@lab3w:~ # sysctl net.ipv6.conf.eno1.lxbr0
net.ipv6.conf.lxbr0.forwarding = 1

If you have a firewall (iptables) you must also activate the forward between these 2 network cards.

Example :

iptables -A FORWARD -i eno2 -o lxbr0 -j ACCEPT
iptables -A FORWARD -o eno2 -i lxbr0 -j ACCEPT
iptables -P FORWARD -j DROP

Greets,
Romain

Hello.

Sorry about taking so long to respond.This should work for me :+1:

Thank you very much!

1 Like