Howto: LXD init 3.9, Hetzner, Single Public IP, MAC, Ubuntu 18.04

tomp · July 24, 2020, 8:50am

I’ve tweaked the original post to remove references to volatile and use instead:

lxc config override c1 eth0 hwaddr=00:AA:BB:CC:DD:FF

This will copy the profile’s macvlan eth0 interface settings into the container (the same as lxc config device add does) and then set it with a custom MAC address.

tomp · July 24, 2020, 8:54am

There is a guide on how to configure static IPs (including IPv6) in the Debian documentation:

https://wiki.debian.org/NetworkConfiguration

TomvB · July 24, 2020, 9:32am

macvlan works with IPv6 the same way it works with IPv4; either by the container doing DHCPv6/SLAAC auto configuration, or by you configuring a static network configuration inside the container.

It is not possible to assign 1 IPv6 address with macvlan. You get a whole /64 IPv6 subnet and you can link it to 1 specific MAC address. Not 1 IPv6 address, but a /64 subnet. If you want to assign single IPv6 addresses, routing is required @kpv

@tomp: In some cases, macvlan is possible for IPv6, but unfortunately not with many providers.

If you want to assign the /64 IPv6 subnet + IPv4 to 1 container with macvlan:

network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- IPv4Address/32
- IPv6Address::3/64
routes:
- on-link: true
to: 0.0.0.0/0
via: IPv4Gateway
gateway6: fe80::1
nameservers:
addresses:
- IPv4 DNS
- IPv6 DNS

tomp · July 24, 2020, 9:41am

Ah, ok I see, although this isn’t a restriction of macvlan (which works the same way for IPv4 as IPv6), but rather your ISP which forces a /64 per MAC rather than allowing a MAC per IP in that subnet.

In that case you’d be best of exploring the routed or ipvlan NIC types available in the LXD 4.x series, which will both use the host’s single MAC address.

TomvB · July 24, 2020, 9:56am

Yep, what @kpv can do is:

UFW Host config:

nano /etc/default/ufw
Check forward policy:
DEFAULT_FORWARD_POLICY=“DROP” to DEFAULT_FORWARD_POLICY=“ACCEPT”

Container config:

lxc init --profile default ubuntu:20.04 CT
lxc config device add CT eth0 nic nictype=routed ipv6.address=YourIPv6::3

You can also add ipv4.address.
Assign the IPv6 subnet and IPv4 address to your host MAC in your control panel.

With this solution you no longer need macvlan and you can use IPv4 and IPv6.

Edit: Don’t forget to add the config in your container!

network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- IPv6::3/64
gateway6: fe80::1
nameservers:
addresses:
- IPv6 Nameserver
- IPv6 Nameserver
- IPv6 Nameserver

tomp · July 24, 2020, 10:00am

Yes, would also need an IPv4 gateway set to 169.254.0.1 in the netplan config inside the container if used with IPv4 as well.

More info: https://linuxcontainers.org/lxd/docs/master/instances#nictype-routed