LXC Routed Setup 2019: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
V (Diskussion | Beiträge) Die Seite wurde neu angelegt: „ === Host === <source lang="bash"> </source> === Container === <source lang="bash"> </source> <source lang="bash"> </source> <source lang="bash">…“ |
F (Diskussion | Beiträge) |
||
| (3 dazwischenliegende Versionen von einem anderen Benutzer werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
== Warum dieses Setup== | |||
* Es soll nur über die MAC-Adresse(n) der Netzwerkkarte(n) gerouted werden. | |||
* Die virtuelen MAC sollen nicht am Interface auftauchen. | |||
* hetzner | |||
=== Host === | === Host === | ||
/etc/lxc/default.conf | |||
<source lang="bash"> | <source lang="bash"> | ||
lxc.net.0.type = veth | |||
lxc.net.0.flags = up | |||
lxc.net.0.hwaddr = 00:11:4a:xx:xx:xx | |||
</source> | |||
/etc/default/lxc-net | |||
<source lang="bash"> | |||
USE_LXC_BRIDGE="false" | |||
</source> | |||
/etc/network/interfaces | |||
<source lang="bash"> | |||
auto lo | |||
iface lo inet loopback | |||
iface lo inet6 loopback | |||
# Server Ip = 1.2.3.4 | |||
# netmask = 255.255.255.0 | |||
# Main Ip subnet = 2.2.3.1 (2.2.3.1 ,2.2.3.2,2.2.3.3...) | |||
# Single IP I =3.2.3.1 | |||
# Single IP II =4.2.3.1 | |||
# device: eth0 | |||
auto eth0 | |||
iface eth0 inet static | |||
address 1.2.3.4 | |||
netmask 255.255.255.0 | |||
gateway 1.2.3.5 | |||
pointopoint 1.2.3.5 | |||
# default route to access subnet | |||
up route add -net x.x.x.1 netmask 255.255.255.192 gw x.x.x.2 eth0 | |||
iface eth0 inet6 static | |||
address 3a02:5f4:172:11ce::1 | |||
netmask 64 | |||
gateway fe80::1 | |||
up sysctl -p | |||
# fuer Einzel-IPs | |||
auto vmbr0 | |||
iface vmbr0 inet static | |||
address 1.2.3.4 | |||
netmask 255.255.255.255 | |||
bridge_ports none | |||
bridge_stp off | |||
bridge_fd 0 | |||
up ip route add 3.2.3.1/32 dev vmbr0 | |||
up ip route add 4.2.3.1/32 dev vmbr0 | |||
# fuer ein Subnet | |||
auto vmbr1 | |||
iface vmbr1 inet static | |||
address 2.2.3.1 | |||
netmask 255.255.255.0 | |||
bridge_ports none | |||
bridge_stp off | |||
bridge_fd 0 | |||
</source> | |||
=== Container === | === Container === | ||
==== Subnet ==== | |||
/var/lib/lxc/CONTAINER/config | |||
<source lang="bash"> | <source lang="bash"> | ||
lxc.arch = linux64 | |||
lxc.rootfs.path = dir:/var/lib/lxc/CONTAINER/rootfs | |||
lxc.uts.name = CONTAINER | |||
lxc.net.0.type = veth | |||
lxc.net.0.link = vmbr1 | |||
lxc.net.0.flags = up | |||
lxc.net.0.ipv4.address = 2.2.3.2/32 | |||
lxc.net.0.ipv4.gateway = 2.2.3.1 | |||
</source> | </source> | ||
==== Single IP ==== | |||
<source lang="bash"> | <source lang="bash"> | ||
lxc.arch = linux64 | |||
lxc.rootfs.path = dir:/var/lib/lxc/CONTAINER/rootfs | |||
lxc.uts.name = CONTAINER | |||
lxc.net.0.type = veth | |||
lxc.net.0.link = vmbr0 | |||
lxc.net.0.flags = up | |||
lxc.net.0.ipv4.address = 3.2.3.1/32 | |||
lxc.net.0.ipv4.gateway = 1.2.3.4 | |||
... | |||
</source> | |||
=== Überprüfen === | |||
auf dem Host : | |||
<source lang="bash"> | <source lang="bash"> | ||
tcpdump -n -i eth0 -e |egrep '00:11:4a' | |||
darf nicht auftauchen | |||
</source> | </source> | ||
Aktuelle Version vom 25. November 2019, 19:27 Uhr
Warum dieses Setup
- Es soll nur über die MAC-Adresse(n) der Netzwerkkarte(n) gerouted werden.
- Die virtuelen MAC sollen nicht am Interface auftauchen.
- hetzner
Host
/etc/lxc/default.conf
lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:11:4a:xx:xx:xx
/etc/default/lxc-net
USE_LXC_BRIDGE="false"
/etc/network/interfaces
auto lo
iface lo inet loopback
iface lo inet6 loopback
# Server Ip = 1.2.3.4
# netmask = 255.255.255.0
# Main Ip subnet = 2.2.3.1 (2.2.3.1 ,2.2.3.2,2.2.3.3...)
# Single IP I =3.2.3.1
# Single IP II =4.2.3.1
# device: eth0
auto eth0
iface eth0 inet static
address 1.2.3.4
netmask 255.255.255.0
gateway 1.2.3.5
pointopoint 1.2.3.5
# default route to access subnet
up route add -net x.x.x.1 netmask 255.255.255.192 gw x.x.x.2 eth0
iface eth0 inet6 static
address 3a02:5f4:172:11ce::1
netmask 64
gateway fe80::1
up sysctl -p
# fuer Einzel-IPs
auto vmbr0
iface vmbr0 inet static
address 1.2.3.4
netmask 255.255.255.255
bridge_ports none
bridge_stp off
bridge_fd 0
up ip route add 3.2.3.1/32 dev vmbr0
up ip route add 4.2.3.1/32 dev vmbr0
# fuer ein Subnet
auto vmbr1
iface vmbr1 inet static
address 2.2.3.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
Container
Subnet
/var/lib/lxc/CONTAINER/config
lxc.arch = linux64
lxc.rootfs.path = dir:/var/lib/lxc/CONTAINER/rootfs
lxc.uts.name = CONTAINER
lxc.net.0.type = veth
lxc.net.0.link = vmbr1
lxc.net.0.flags = up
lxc.net.0.ipv4.address = 2.2.3.2/32
lxc.net.0.ipv4.gateway = 2.2.3.1
Single IP
lxc.arch = linux64
lxc.rootfs.path = dir:/var/lib/lxc/CONTAINER/rootfs
lxc.uts.name = CONTAINER
lxc.net.0.type = veth
lxc.net.0.link = vmbr0
lxc.net.0.flags = up
lxc.net.0.ipv4.address = 3.2.3.1/32
lxc.net.0.ipv4.gateway = 1.2.3.4
...
Überprüfen
auf dem Host :
tcpdump -n -i eth0 -e |egrep '00:11:4a'
darf nicht auftauchen