Hi,
I would like to be able to define a source address used for outbound traffic from the bridge. Unfortunately, this option (“ipv4.nat.address”) doesn’t exist in LXD 3.0 (LTS).
Obviously, it is possible to reconfigure iptables every time when the LXD bridge is up.
Is there a better way to achieve the same result?
Thank you and Happy New Year,
Leonid
I am not sure if I understand the problem because I use LXC not LXD.
Case 1:
As I understand correctly LXD bridge has the same configuration (ip, mask, etc) everytime but containers get random ip addresses. If I am right then you can setup all ips manualy as static ips in /etc/network/interfaces file and in the result of this you don’t have to change your firewall forwardings.
Case 2:
If LXD bridge starts with different setup everytime… you can setup your own bridge, start it on boot and use it as container’s bridge.
Is it what are you looking for?
@wikan, I am trying to create a master/slave cluster of two LXD servers. Each server has its own private IP. On the currently Master node, a cluster IP is activated. I would like that all of the outbound IP messages will go out on behalf of this cluster IP.
The problem is that when a container’s process creates an outbound TCP connection, the host uses the private server IP that is configured as the first IP address on the network interface.
In the latest LXD versions, there is parameter "ipv4.nat.address” that allows configuring IP address for SNAT.
OK. I would suggest to setup internal bridge with two IPs - for example 192.168.0.1 and 192.168.1.1. Every group of containers should use its own ip route by setting up static ips inside of containers.
This configuration is easy to forward by iptables/nftables - 192.168.0.* -> 200.100.100.100, and 192.168.1.* -> 200.180.180.180. You don’t need to reconfigure anything later.