[Gllug] LXC with NAT on Hetzner
Walter Stanish
walter.stanish at saffrondigital.com
Thu Mar 17 17:06:45 UTC 2011
Hi Axel,
A better place to ask these questions might be the lxc-users list.
However, I will try to point out some areas of your post where
you might need to provide more information. It's not clear really
what the problem is...
> I've been struggling to get LXC with NAT working on a Hetzner server as
> every time I set up a bridge it all stops working :(
What do you mean by "it all stops working"?
I assume you mean the network connectivity fails. There are various pages
online explaining the process of setting up a bridge, though the one I
usually use (and am part author of) @ en.gentoo-wiki.com/wiki/LXC is
currently unavailable (server down, it seems).
My advice would be to try getting a single bridge working before
working on any other aspects of your setup.
If you post the questions to lxc-users, I would suggest that you
provide the following information:
- the lxc.conf for the container in question
- "ifconfig -a" output (though feel free to block public IPs)
- iptables rules that you are using (eg: 'iptables-save' output)
> What I'm trying to archive is that all guests (LXC containers) get an
> internal IP assigned (eg. 192.168.1.x) and are accessible from the single
> public IP the host box has.
When you say "are accessible from", what exactly do you mean?
You can only have one website, for example, running on the default
HTTP port. While you can choose which container you'd like to
route this to (eg: using iptables port forwarding, or a frontend load
balancer such as nginx), you cannot route it to multiple containers
with different websites running (though nginx will let you
load-balance between multiple containers running the same site,
if you wish).
> I want to firewall all LXC guests and monitor their traffic too from the
> host.
Guests are only given the network connectivity that you grant them.
> Since I seem to be unable to get over the first hurdle I wonder whether you
> could help me out prettyplease :)
I tried. But I think you need to provide more information about your
setup, what you are trying to achieve, and the expected behaviour/
observed behaviour when you say "it all stops working". Also, post
to the right list ;)
- Walter
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list