Where to specify network/DHCP settings

I have some (unprivileged) containers working, they each get an IP-address in (a bridged network).

Now I have two issues with that:

  1. For work I need to use another virtualisation solution that also uses
  2. It annoys me that (some of) the guests get a new IP every time the container is started.

To solve the first I found a 6 year old post on askubuntu that says to modify


if I do that will the configuration of the interface on the host (which does not seem to be DHCP assigned) follow? And how is the netmask calculated? What if I only want to give out addresses with DHCP in a small part of the network that I want to work?

That leads directly into the second issue. What is the most sane way to get a static ip on a guest? Just let the dhcp thing assign the same address every time (an 8 year old post on serverfault says it can be done by putting lines in /etc/lxc/dnsmasq.conf, is that still the way?) or configure the guests with a static address outside the range DHCP uses, but within the network configured on the brdige?

DHCP in that case must be configured on client side, whitelist appropriate subnet.

That doesn’t make sense.

What range is used can’t be a client setting (clients can have conflicting settings).

Where do you believe the appropriate subnet should be whitelisted? I’ve made firewall rules for more than 20 years, so I don’t expect any problems making a simple setup like this should be work.

As nobody gave an answer that made sense, I looked a little deeper.
Seeing that the lxc-net systemd service executes /usr/libexec/lxc/lxc-net which is just a shell script I looked at that. And it says:

# These can be overridden in /etc/default/lxc
#   or in /etc/default/lxc-net


That’s all the settings I need to change (and more).
And a little thing more: LXC_DHCP_MAX affects the number of leases dnsmasq handles, it doesn’t affect the addresses given out in any way, so there’s no point in setting it when you just want to use a different range.

1 Like

I’m not sure if you’re using LXD, if you are, this post is for you:

What I do is to completely ignore LXD/LXC networking configurations and setup my own bridge and then manually create a unit inside the container’s /etc/systemd/network/ folder in order to handle networking. Here is a full example:

  1. Create the bridge manually, by adding this two units to your host’s network:
root@metal:~# cat /etc/systemd/network/20-cbr0.network


root@metal:~# cat /etc/systemd/network/20-cbr0.netdev

root@metal:~# systemctl restart systemd-networkd

Now you’ll have a bridge cbr0 that doesn’t do any DHCP and has the IP assigned to the host. I also configured the IPForward and IPMasquerade parameters for obvious reasons.

  1. Setup LXD/LXC to use that bridge:
||Would you like to use LXD clustering? (yes/no) [default=no]: no|
||Do you want to configure a new storage pool? (yes/no) [default=yes]: no|
||Would you like to connect to a MAAS server? (yes/no) [default=no]: no|
||Would you like to create a new local network bridge? (yes/no) [default=yes]: no|
||Would you like to configure LXD to use an existing bridge or host interface? (yes/no) [default=no]: yes|
||Name of the existing bridge or host interface: cbr0|
||Would you like the LXD server to be available over the network? (yes/no) [default=no]: no|
||Would you like stale cached images to be updated automatically? (yes/no) [default=yes] no|
||Would you like a YAML lxd init preseed to be printed? (yes/no) [default=no]: yes|
  1. Now create a network file inside a container:
$ cat /etc/systemd/network/10-eth0.network



And that’s about it. Your container will have controlled and predictable static IPs without the need for LXD/LXC networking.

Btw there are other options like this: LXD — Assigning static IP to containers | by Ali Oğuzhan Yıldız | Medium and a simpler approach that I might try soon LXD container with static IPv4 address? - Pieter Bakker

I’m not, but I don’t think there’s anything in your approach that wouldn’t work in a setup using only LXC.

Well… step 2 will be different for sure.

Anyways I’m upgrading very old setups to new things and what I described was my typical old solution. I’m about to test how lxc config device override web-server eth0 ipv4.address= can replace that manual setup…

Another thing I’m very interested is instead of using iptables to do port forwards use LXD’s proxy device in NAT mode (essentially writes iptables rules for us) to mange that. Type: proxy - LXD documentation