does a container configured with a bridge can use a nat.?
Yes, take a look at the guide in our tutorials section Using proxy device to forward network connections from host to container in NAT mode
i will do it. thanks!
as seen as stupid, requesting help to configure defaut lxd bridge at NAT…
readed the doc linked, adn tryed to apply, but it’s like a sorcery book for me,
and trying using it always show error, or invalid parameters…
i think it’s pretty simple for you…
What errors are you seeing for which commands?
assuming host have:
ubuntu18.04
fixed ipv4=192.168.1.33
fixed ipv6=2a01:cb18:8063:7f00:a00:27ff:fefb:2e50
lxd 4.0.3
lxd init with all defaut values,
lxc launch ubuntu:20.04 store lxc list | grep store
| store | RUNNING | 10.153.130.10 (eth0) | fd42:a8b5:c116:e2cc:216:3eff:fea2:7902 (eth0) | CONTAINER | 0
lxc stop store
lxc config device override store eth0 ipv4.address=10.153.130.10 ipv6.address=fd42:dad8:c4ad:e744:216:3eff:fecf:5770
Error: Invalid devices: Device validation failed “eth0”: Cannot specify “ipv6.address” when DHCP or “ipv6.dhcp.stateful” are disabled on network “lxdbr0”
so , tryed to specify only ipv4,
lxc config device override store eth0 ipv4.address=10.153.130.10
Device eth0 overridden for store
lxc start store
// adding rule for port 2812 monit
lxc config device add store proxyv4 proxy nat=true listen=tcp:192.168.1.33:2812 connect=tcp:0.0.0.0:2812
Device proxyv4 added to store
lxc config device add store proxyv6 proxy nat=true listen=tcp:[2a01:cb18:8063:7f00:a00:27ff:fefb:2e50]:2812 connect=tcp:[::]:2812
Error: Failed to start device “proxyv6”: Proxy connect IP cannot be used with any of the instance NICs static IPs
errors come when trying to manage ipv6 or when trying to retry override config device…
to resolve ipv6 dynamic tostatic, if y try
lxc network set lxdbr0 ipv6.dhcp.stateful true
lxc stop store
lxc config device override store eth0 ipv4.address=10.153.130.114 ipv6.address=2a01:cb18:8063:7f00:a00:27ff:fefb:2e50
Error: The device already exists
returned error for ipv6, but starting container seem use static ipv6…
If you don’t need to use IPv6 proxy, then don’t worry about adding the proxyv6 device or setting a static IPv6 address. Its optional. All your examples you’ve provided at up to this point haven’t mentioned IPv6.
optionnal?
but in production,with host on barre metal server, ipv6 will be used, no?
error returned are false error when setting ipv6.?
In your post How to keep peer ip on lxd container you only setup an IPv4 proxy device, meaning your service would only be exposed on IPv4, therefore if you want to switch that to use NAT mode (or create another V4 only proxy device on a different port for monit) then you don’t need to also have an IPv6 proxy device. Its optional.
wow: ipv4 while run for a long time again…
i must manage this, so, when i fixe ipv6, error message returned,
is it normal.?
perhaps i should restart from the begining, to confirm.
I dont fully understand you to be honest.
But I would recommend you get IPv4 working the way you want first before trying to setup IPv6, otherwise it just makes things more complicated for you.
Suffice to say if you do actually want IPv6, then the error you mentioned with the override command is because you’ve already overriden the built in profile device once, so you cannot do it again.
Instead try:
lxc config device set store eth0 ipv4.address=10.153.130.114 ipv6.address=2a01:cb18:8063:7f00:a00:27ff:fefb:2e50
wow. important point. we can modify device just once.?
what ifis a mistake and must be modifyed again??
I’m afraid you misunderstand:
-
override= copy the contents of a device in the profile into the instance’s own config (at the same time modifying certain keys on the copy if specified). Cannot be run if an instance device exists already. I.e it can only be run once. -
set= modify a device on an instance, can be run multiple times.
not english native…
and if is a mistake or device config in the profile contain mistake, how to do.?
modify directly into instance device.?
You can do lxc profile device set <profile name> <device name> ... to modify a device in a profile.
well !! practical solution 
like it.
learning lxd, not so simple, many concepts…
1 Like
but the good thing coming.
after installed apache, i get correct connected peer client ip, in log,
and in monit too, with simple rule,
for apache
lxc config device add store proxyv4http80 proxy nat=true listen=tcp:192.168.1.33:80 connect=tcp:0.0.0.0:80
or for monit httpd 2812
lxc config device add store proxyv4monit proxy nat=true listen=tcp:192.168.1.33:2812 connect=tcp:0.0.0.0:2812
and now, i can manage it with fail2ban inthe container…
thanks A LOT for your understanding help !!!
1 Like