LXC network configurations
create network bridge
add virtual ethernet interface to container
Add the following lines to /var/lib/lxc/container/config
1
2
3
4
|
lxc.net.0.type = veth
lxc.net.0.link = br0
lxc.net.0.flags = up
lxc.net.0.name = eth0
|
iptables
port forwarding
iptables (IPv4) and ip6tables (IPv6) DNAT target to forward services to container.
1
2
|
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8448 -j DNAT \
--to-destination 10.3.0.31:8448
|
masquerading
Translate outgoing traffic from container to public IP address
1
|
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
IPv6
network configuration
host
1
|
ip addr add fd00::1/8 dev br0
|
1
2
3
4
5
6
7
8
9
10
11
|
cat > /etc/sysctl.d/ipv6-forwarding.conf <<EOF
net.ipv6.conf.eth0.accept_ra = 2
net.ipv6.conf.br0.accept_ra = 2
net.ipv6.conf.default.accept_ra = 2
net.ipv6.conf.all.accept_ra = 2
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.eth0.forwarding = 1
net.ipv6.conf.br0.forwarding = 1
EOF
|
container
1
2
|
ip addr add fd00::20:1/64 dev eth0
ip route add default via fd00::1 dev eth0
|
port forwarding
1
2
3
4
5
6
7
8
9
10
|
ip6tables \
-t nat \
-A PREROUTING \
-d 2a03:4000:15:68::20/128 \
-i eth0 \
-p tcp \
-m tcp \
--dport 587 \
-j DNAT \
--to-destination [fd00::20:1]:587
|
masquerade
1
|
ip6tables -t nat -A POSTROUTING -s fd00::20:1/128 -o eth0 -j SNAT --to-source 2a03:4000:15:68::20
|
