How to use my local lan instead of incus network? Ipv4 and ipv6?

I am curios how to make my containers appear on my ‘local’ network instead of the default incus one, or a way to ‘allow’ my internal hosts to access incus ones?

I’m not very sure about what you want. But a host-shared bridge or a MACVLan network might help.

It depends on what you refer to as “local network” and “internal hosts”.

By default, incus instances are reachable within the host. However, if you are referring to other devices on your LAN, then you have a number of options.

  • network forwarding is an easy option if you only need few ports exposed, or the host has multiple IP addresses and you can afford to dedicate one to the incus instance.
  • macvlan can suffice if your network router supports it.
  • physical device can also be used for the incus instance if you have multiple network devices on your host.

There are several options to make your containers to appear as if they are separate computers on your LAN. These options have been implemented long time ago in the Linux kernel and in some way, the current options bring back a bit of legacy from the old times. Most of them are about virtual networking and it’s the bread and butter of using Linux. Apart from that, there’s even an option to attach an additional physical network device to a container!

Among those virtual networking options, the easiest to setup is macvlan (does not require additional configuration on your host). However, the legacy it has, is that you will not be able to get the Incus host to communicate with the macvlan containers over the network. This looks like a big disadvantage, and may be so for your case. For others it’s a big advantage when they want to really separate the containers from the host, so in terms of security, a bad container cannot access the host.

Prerequisite: you need to find the name of your network interface on the host. In my case, it’s enp5s0 and I show how to find it below. Then, we create a new virtual network, macvlan that has the parent of enp5s0.

$ ip route show default
default via 192.168.1.1 dev enp5s0 proto dhcp metric 425 
$ incus network create macvlan --type=macvlan parent=enp5s0
Network macvlan created
$ incus network show macvlan
config:
  parent: enp5s0
description: ""
name: macvlan
type: macvlan
used_by: []
managed: true
status: Created
locations:
- none
project: default

Finally, let’s create us some containers on macvlan.

$ incus launch images:ubuntu/24.04/cloud mycontainer1 --network=macvlan
Launching mycontainer1
$ incus launch images:ubuntu/24.04/cloud mycontainer2 --network=macvlan
Launching mycontainer2
$ incus list mycontainer -c ns4t
+--------------+---------+----------------------+-----------+
|     NAME     |  STATE  |         IPV4         |   TYPE    |
+--------------+---------+----------------------+-----------+
| mycontainer1 | RUNNING | 192.168.1.241 (eth0) | CONTAINER |
+--------------+---------+----------------------+-----------+
| mycontainer2 | RUNNING | 192.168.1.236 (eth0) | CONTAINER |
+--------------+---------+----------------------+-----------+
$ 

If you then connect on your router and view the list of devices of your LAN, you will see these two as well.

3 Likes

I use NetworkManager on my hosts. It comes with a nice tool called nmtui. It is a command line GUI for NetworkManger.

I use it to create a new bridge on each of my hosts. I then attach an Ethernet port to the bridge as a slave device. Then that port is connected directly to my router. I don’t cluster the hosts.

This solves the problem for me and it does not have the drawback that macvlan does.

I guess I should learn how to use nmcli or netplan to create and configure the bridges. That would make it easier to communicate and to script.

Indeed, the next option is to create such a bridge. In tutorials they commonly use the device name br0 (can be anything else, of course). The issue is how to create such a bridge in a foolproof way because if something goes wrong, you lose network connectivity and have to use your phone when you search for help.
This one (the bridge) is my preferred way as well. :clap:

You do not mention anything about your system, but here is a quick example for use with networkd (systemd-networkd). Adapt device name, Static IP Address, Gateway, DNS, CIDR as required for your network.

Learn more
man systemd-networkd
man systemd.netdev
man systemd.network

/etc/systemd/network/10-br0.netdev

[NetDev]
Name=br0
Kind=bridge

/etc/systemd/network/10-br0.network

[Match]
Name=br0

[Network]
DNS=1.1.1.1
Address=192.168.1.2/24
Gateway=192.168.1.1

/etc/systemd/network/20-br0-uplink.network

[Match]
Name=enp5s0

[Network]
Bridge=br0

For reference only, please learn about your environment and tools to properly understand and apply for your needs and security. For inspiration only.

1 Like

looks good!