Looking for guidance on how to setup SNAT’ing so containers can reach the outside world to do DNS lookups, OS updates etc, but they do not need to be accessible by the internet directly. We’re handling that at another proxy layer to it’s private IP. I don’t need DHCP either. Everything is statically assigned (mac and ip addresses).
Here’s my current setup:
- Physical host with 2 eth ports, one for public traffic (host_eth0), one for private (host_eth1).
- OpenVSwitch is running on the host with two bridges: br0pub (public traffic) br0pri (private traffic)
- host_eth* have both been attached the OVS bridge and their IP was moved from host_eth* interface to the bridge.
- Containers on the host are also attached to the OVS bridge. Each container is given a eth0 (public) and eth1 (private) nic.
- Static public and private IP addresses are assigned to each container. So far this is working great!
Here’s what I’d like to do now:
I’d like to spin up containers that do not have a dedicated public IP, but can still access the internet to do DNS, OS updates etc.
Trying to have two container networking types:
- Current: containers with eth0 (public) and eth1 (private) with statically assigned dedicated public and private IPs
- Want to add container with just eth1 (private network IP) but access the internet via Host’s IP somehow
What’s the best way to achieve a NAT setup given the above host/OVS setup (preferably without using the standard linux bridge in the mix if possible)?
Thank you in advance for any help or direction!