How to properly setup public IP aliases to containers?

Tried scouring the web and forums for how to handle IP aliases but there are many different ways to do the same thing and none of them seem to work. I’ve a VPS node that assigned multiple public IPs.

Couldn’t figure out how to get any of these to work:

The containers must be able to “curl” and show that its public IP is the one it’s assigned. Need to take care of both local and remote initiated internet connections.

What’s the cleanest way to do this without too many iptables routing or hacks. Preferably if there’s some way to get closer to the first strategy because then I can assign a pool of containers under one public IP.

I’m stumped. Seeking the gurus.

Ubuntu 22.04 LTS
Snap LXD 5.1

Great diagram, thanks! :slight_smile:

I was going to suggest using the proxy device for listening on the LXD host on specific public IPs and forwarding selected ports into the different instances. But the requirement for outbound requests to use their assigned external IP will rule this out (without manual iptables rules anyway). For that you would need something like this to be added to LXD.

Instead, if the external IPs for the instances are dedicated to the instance (i.e the host doesn’t need to use them), then the arguably cleaner approach is to use the routed NIC type which will allow the instance itself to have the external IP assigned inside the instance itself (so that it will both use it for outbound connections and see it assigned on its own NIC).

This will actually remove the need for the managed LXD bridges (lxdbrX) (although you can keep it around for local DNS resolution and other internal only instances perhaps).

The flow of packets would then be:

Internet → eth0 public IP (but not bound on the LXD host) → instance NIC (public IP bound inside the instance).

See How to get LXD containers get IP from the LAN with routed network for more details.