I am setting up a dedicated LXD server to act as Internet frontend (and learning LXD in the process).
I am keeping notes of (almost) everything I did (I would attach current document, but I cannot find a way to do it).
general architecture is:
LXD server(v5.0.2) has two physical NICs and is connected to RED(enxa0cec887415e:192.168.1.99) and GREEN(enp1s0:192.168.7.99) and can be reached by"cinderella" (my workstation) without problems.
My current problem is creation of a completely separated ORANGE network.
I tried using standard “bridged” network, but that is still accessible from host, which, in turn, is surely accessible from GREEN and this makes it possible to access ORANGE (at least) from GREEN without going through Firewall.
I think solution is to use OVN net, but instruction on site say:
lxc network set <parent_network> ipv4.dhcp.ranges=<IP_range> ipv4.ovn.ranges=<IP_range>
lxc network create ovntest --type=ovn network=<parent_network>
Which seem to need a parent_network while I need a separated net.
I simply don’t (yet) understand semantic.
Can I simply leave out network=<parent_network>, adding ipv4.address=<cidr> instead?
Something like:
lxc network create ORANGE --type=ovn ipv4.address=192.168.9.0/24 ipv6.address=none
Are there other needed (or simply recommended) settings?
Is ovs-vsctl set open_vswitch . ... still needed?
Can I expect to be able to use ORANGE with normal lxc config device add firewall eth2 nic network=ORANGE?
Last question, just for confirmation, I need to transfer completely Physical NIC connected to RED to Firewall VM (no host access) for the same reasons above; I assume this can be accomplished with:
lxc config device add firewall eth0 nic nictype=physical parent=enxa0cec887415e
Many Thanks in Advance
Mauro
UPDATE: The tentative OVN network creation won’t work because Error: Option "network" is required