How to access Container via 10.xx subnet on 192.xx subnet

I hope I’m not adding an already discussed issue here (although I assume that I am!). I have searched for answers to my question, and have found some threads, but I’m not certain if they pertain to my issue or not.

So, I’m brand new to LXD and am trying to get it working on my new home server. I have it setup correctly, and I created my first container. The server is on the 192.xx subnet, and the containers are on the 10.xx subnet. I can obviously SSH and HTTP to everything on the 192.xx subnet, but not to the container on 10.xx.

What are my options to be able to hit a container’s 10.xx GUI from my desktop? Can macvlan help with this? Or, do I need to have an L3 switch/router and create a VLAN? I know there is a simple answer, but since I’m not a network guy and am new to Linux I don’t know the right questions to ask. Thanks for your help in advance!

There are a few options:

  1. Add a route for your 10.0.x.0/24 subnet in your main router, having it route traffic to that subnet through the 192.168.x.x IP of your LXD host. That’s the cleaner solution and works even on wifi.
  2. macvlan may be an option if you don’t care about network connections between your host and the container as those won’t work with macvlan
  3. Setup a Linux bridge on your host as your primary device, have that hold the 192.168.x.x IP and then bridge your containers directly into it (not using the LXD generated bridge). This will not work if you’re using wifi.

Sounds good, but I’m not sure how to do either of the 3 options. My router is an ASUS RT-AC68P, so I’m not sure if I can even do option 1. I’m not sure if I can access 10.xx subnet from my 192.xx. At this point, I’m not sure if I care whether or not the host can communicate with the containers. I may or may not find in the future that I want them to communicate. Option 3 sounds like the best options, although I’m not network savvy enough yet to know for sure.

A bit of background… When I originally setup LXD I chose the same 192.xx subnet for my containers, but the containers couldn’t access the internet and therefore couldn’t apt install anything. So, I reinstalled LXD and allowed it to choose the default 10.xx subnet. Now, the containers can access the internet, but I now don’t know how to access whatever web GUI those containers may offer ddue to the fact I’m on my router’s 192.xx subnet.

Which option do you think I should choose? This is simply a home server that will be running game servers in containers as well as some network storage, etc. And, I will have public access to some of these servers.

  1. I don’t know that particular router, but look for something like “static routes” or something along those lines in the web UI. It may look something like this:
    https://fatmin.com/2014/11/30/how-to-add-a-static-route-on-the-asus-rt-ac66u/

    In there you’d want to put 10.0.x.0 as the network IP, 255.255.255.0 as netmask and your server’s 192.168.x.x IP as the gateway.

    After that’s done, all machines on your LAN should be able to reach any of the 10.0.x.x IPs.

  2. For macvlan, you’d typically do something like this, assuming eth0 is your network interface on the host:

    lxc profile device delete default eth0
    lxc network delete lxdbr0
    lxc profile device add default eth0 nic nictype=macvlan parent=eth0 name=eth0
    
  3. That one is quite a bit more involved, typically you’ll need to install the bridge-utils package, then modify your /etc/network/interfaces, replacing the name of your main network interface with br0 in the two header lines, then adding an extra line to the interface section containing bridge-ports eth0 (again assuming the physical interface is called eth0).

    After that’s done, your should reboot and check that you still have working connectivity.
    At that point you could then do:

    lxc profile device delete default eth0
    lxc network delete lxdbr0
    lxc profile device add default eth0 nic nictype=bridged parent=br0 name=eth0
    

Those options are I think in order of preference and ease of configuration for you.

2 Likes

I have written posts that expand on 2 and 3.

Using macvlan on your containers

Using a bridge on your containers. Creating the bridge might be a bit involved. At http://ask.xmodulo.com/configure-linux-bridge-network-manager-ubuntu.html they do an excellent work to show using NetworkManager, instead of editor text files.

stgraber, thank you! Your #1 option worked for me. I’m in business.