Hello,
I have an Ubuntu 21.10 cloud instance which has several interfaces, one is connected to internet (ens3) and others connected to private networks.
I want to run lxc container with Ubuntu 22.04 which has internet access NAT through one nic and access to one of the private networks (ens13 - 192.168.1.0/24) through another nic.
If i create bridged network i am able to access all private networks.
I guess i should create routed 2 nic for lxc but how to configure them?
Please take a look at How to get LXD containers get IP from the LAN with routed network
Thank you for the reply.
The LXD host has WAN connection on ens3 and private network 192.168.1.0/24 on ens13
For accessing internet i need routed nic to ens3 and for accessing private net - a routed nic to ens13.
I created container with the settings from your tutorial:
lxc profile create garb_intranet
lxc profile edit garb_intranet << EOF
config:
user.network-config: |
version: 2
ethernets:
eth0:
addresses:
- 192.168.100.200/32
nameservers:
addresses:
- 8.8.8.8
search: []
routes:
- to: 0.0.0.0/0
via: 169.254.0.1
on-link: true
eth1:
addresses:
- 192.168.1.59/24
description: Galera Arbitrator Intranet (Production)
devices:
eth0:
ipv4.address: 192.168.100.200
nictype: routed
parent: ens3
type: nic
root:
path: /
pool: garb_intranet
type: disk
name: garb_intranet
used_by:
EOF
lxc launch ubuntu:22.04 garb-intranet -p garb_intranet
Now i have container with eth0 192.168.100.200/32 and gateway 169.254.0.1
Host has additional vethb5c9d2ad attached with IP 169.254.0.1/32
Still no internet, i added iptables rule:
iptables -t nat -A POSTROUTING -s 192.168.100.200/32 -o ens3 -j SNAT --to-source 51.210.186.123
Using SNAT instead of MASQUERADE because ens3 has multiple public IPs attached and not all of them may be attached on this host instance (it’s main purpose is load balancing). Internet started working.
How can i set the iptables rule permanent on reboot?
Is it possible to configure iptables in lxc profile? Or should i include it in Ubuntu netplan config for ens3?
How to configure second nic in lxc? If i add eth1 in profile devices
eth1:
ipv4.address: 192.168.1.59
nictype: routed
parent: ens13
type: nic
then launching lxc shows error:
Creating garb-intranet
Error: Failed instance creation: Failed creating instance record: Failed initialising instance: Invalid devices: Device validation failed for "eth0": Existing NIC "eth1" already uses "ipv4.gateway" in auto mode
I tried adding bridge br0 to ens13 and using nictype: bridged for the profile and it seems to be working good.
lxc profile edit garb_intranet << EOF
config:
user.network-config: |
version: 2
ethernets:
eth0:
addresses:
- 192.168.100.200/32
nameservers:
addresses:
- 8.8.8.8
search: []
routes:
- to: 0.0.0.0/0
via: 169.254.0.1
on-link: true
eth1:
addresses:
- 192.168.1.59/24
description: Galera Arbitrator Intranet (Production)
devices:
eth0:
ipv4.address: 192.168.100.200
nictype: routed
parent: ens3
type: nic
eth1:
nictype: bridged
parent: br0
type: nic
root:
path: /
pool: garb_intranet
type: disk
name: garb_intranet
used_by:
EOF