Question for isolated LXD

lbg74 · April 6, 2020, 7:00pm

Hi.

I read the blog below and tested it.
[ URL: https://blog.simos.info/a-network-isolated-container-in-lxd/ ]

When testing, I configured a socket 5 proxy server with ss5 using docker.
The test of ss5 worked fine as shown below.

When I put a socket 5 device in a container, I wonder how to specify the username and password in lxc config device add.

Thank you.^^

simos · April 6, 2020, 8:10pm

Hi!

Thanks for picking up by tutorial.

The LXD proxy is a network connection proxy, and not a SOCKS5 proxy. Therefore,
it will link up the container with the host at the specified port, and there is no authentication possible.

To answer your question, you would need to get curl to specify properly the username/password of your actual SOCKS5 proxy.
With curl, you specify those as follows:

curl -x socks5h://myusername:mypassword@127.0.0.1:10080/ https://www.ubuntu.com

lbg74 · April 6, 2020, 8:33pm

Thanks Simons ^^

lbg74 · April 7, 2020, 3:08am

Hi

I am wondering when to use the network isolated conainer.

I would like to know an example applied in the production environment.

Thanks.

simos · April 9, 2020, 2:02pm

Here are some scenarios,

If you have a Web server or other network service that does not require access to the Internet.
That could be a Web server, either static, or dynamic like WordPress, where you install mysql/mariadb in the same container.
You want to examine software (as in forensics) or create a honeypot and you decide not to go for a VM. For the former, you use software like mitmproxy.
You want to give legitimate SSH access for some specific work that is limited within a container. But you want to be on the safe side if their credentials are compromised.

lbg74 · April 14, 2020, 5:23am

Thanks Simons for your answers. ˆˆ