Need network on my lxc container

CodeForger · April 27, 2019, 11:17am

Hi everyone,
I’m new in this forum but I’m not new to using lxc. Previously i’ve used lxc with very basic command for test only, now i need to use it for production, Never had problems, i’ve always had network on my container but now i need to start a public service on every container. Service have to use single port to run but when i run it i can’t see it outside my VPS.

I use Ubuntu 18.04 on OVH VPS, i create Ubuntu 16.04 container with default profile and default lxd init settings (i just press Enter during init,k using “dir” option only)

My “lxc list” command return this:
(Run on default profile, It have network but i can’t use service outside)

±-----±--------±---------------------±----------------------------------------------±-----------±----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
±-----±--------±---------------------±----------------------------------------------±-----------±----------+
| TEST | RUNNING | 10.223.120.64 (eth0) | fd42:97e9:56da:d0c1:216:3eff:fe90:eef9 (eth0) | PERSISTENT | 0 |
±-----±--------±---------------------±----------------------------------------------±-----------±----------+

Then i’ve modified default profile:
(With this i don’t have network on my container. i can’t ping domain and i can’t ping ip address)

FROM

config: {}
description: Default LXD profile
devices:
eth0:
name: eth0
nictype: bridged
parent: lxdbr0
type: nic
root:
path: /
pool: default
type: disk
name: default
used_by:
containers/TEST

TO

config: {}
description: Default LXD profile
devices:
eth0:
name: eth0
nictype: macvlan #<--------------------MODIFIED
parent: ens3 #<--------------------MODIFIED
type: nic
root:
path: /
pool: default
type: disk
name: default
used_by:
containers/TEST

I’ve used macvlan and added ens3 (which uses the public ip of my vps in ifconfig:

ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet XX.XX.XX.XXX netmask 255.255.255.255 broadcast 0.0.0.0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
lxdbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.223.120.1 netmask 255.255.255.0 broadcast 0.0.0.0

I searched in the forum, on github and on google without results, i think the problem is in default setting on lxd init

I hope there is someone who can help me, if I have news I will update the post.

I would like to congratulate those who created and support this project, it is a holy hand.

gpatel-fr · April 27, 2019, 12:18pm

You don’t say if your hoster has attributed more than ONE public ip address to your vps. If there is only one, the physical network card will get it and no other interface on your VPS will be able tp get another.

CodeForger · April 27, 2019, 12:47pm

I’ve only one public ip, i want to use the same on container

gpatel-fr · April 27, 2019, 1:06pm

Macvlan creates another MAC on your physical network card, this new MAC should have its own IP address. If you have a single IP address, you can’t use macvlan.

So IMO you need another solution. You could use a proxy maybe, there are tons of posts about proxying (with haproxy or sometimes nginx) in this forum, mainly from @simos.

CodeForger · April 27, 2019, 2:11pm

Ok then i think i’ve done a bit of confusion, macvlan won’t help me.

So the only way to make a service public on a port is to use haproxy and nginx?
Take example I want to have multiple apache website on different ports and on different containers.

Default profile have internet access but if i install apache i can’t navigate on the website from outside.

I need to expose tcp and udp port like a normal vps, start apache website and maybe other service that use udp connection.
I hope there is someone who can link to some guide because I am very confused

I see haproxy as an alternative for other uses but I don’t understand for what. will try to get the best information on the matter, thanks

gpatel-fr · April 27, 2019, 4:24pm

one OR the other. I think that Apache can do the proxy thing too. Note that you can always (AFAIK) get another public IP from your hosting provider, but if what you want is to have several web sites either through
mysite1.mydomain.com mysite2.mydomain.com
or
mydomain1.com mydomain2.net …
using macvlan won’t really save you from proxying.

CodeForger · April 27, 2019, 7:08pm

Yes this is what i need.
Your reply made me change way going to the right one, thank you so much, the solution is the proxy.
I’ve spent several day on macvlan and it wasn’t the right thing

bmullan · April 27, 2019, 8:47pm

Can’t you use LXDs Device Proxy command to do what you want.

Containers X, Y, Z each run a different web application then on the Host incoming traffic for port 8509 is mapped to A’s port 80, port 8100 is mapped to B’s port 80 and 9111 is mapped to C’s port 80

CodeForger · April 28, 2019, 6:24pm

I don’t know this part of lxc, I believe that what I want to do is a simple thing and that it can come out and as soon as I have time I should study Haproxy or nginx (according to the documentation).

I just have 4 or more container running different app for example:
Container-1: apache2 website on port xxx1
Container-2: apache2 website on port xxx2
Container-3: Teamspeak (and different service that use UDP) on port xxx3
Container-4: Teamspeak (and different service that use UDP) on port xxx4

I’m headed for it using Nginx or Haproxy right?
The Ports are all free and I can change them

Yes, i want to map every port of my host to every port of my containers, for example:
Host xxx1 to Container-1 port 80 tcp
Host xxx2 to Container-1 port xxx1 udp

I will read your post soon, thanks for your reply!

CodeForger · May 1, 2019, 11:50am

I’ve used this command and it work very well for tcp connection

lxc config device add cn_x myport80 proxy listen=tcp:0.0.0.0:80 connect=tcp:localhost:80

For UDP connection i have to check other things, isn’t supported on my lxc version (3.0.3)

bmullan · May 1, 2019, 12:09pm

I’m using LXC v 3.12 and I haven’t checked when UDP support was added.
I did find this thread on adding UDP: https://github.com/lxc/lxd/issues/4566

But not sure if UDP support was/is in 3.0.3.

If it is I believe the command example would be (note: these are one-line not 2 lines each):

lxc config device add mycontainer myudp proxy listen=udp:0.0.0.0:10000 connect=udp:localhost:10000

or for a range of udp ports:

lxc config device add mycontainer myudp proxy listen=udp:0.0.0.0:10000-20000 connect=udp:localhost:10000-20000

CodeForger · May 1, 2019, 1:02pm

Very nice

I’m using ubuntu 18.04, i’ve installed LXD snap version, migrated all container and uninstalled LXD apt version.

Now both UDP and TCP works very well.

To help those who come to see this topic,these are the commands to do (work on ubuntu 18.04)

Install the snap version of lxd

sudo snap install lxd

Existing lxc containers can be migrated

/snap/bin/lxd.migrate

Remove lxc apt version

sudo apt remove lxc lxc-utils lxcfs liblxc1 liblxc-common lxd lxd-client
sudo apt autoremove

Mapped every port host-containers @bmullan provided commands.

This case is SOLVED, thank you very much guys!