1

eth0 is connected to cable router, sets fixed IP (192.168.1.30), it's used for internal LAN and for desktop applications, browsing...

eth1 is connected directly to another ISP in bridge mode, so it can get an external IP and should be used for lxc to serve (web, torrents, etc) in various containers.

route -n shows:

Dest Gateway Genmask Iface 0.0.0.0 192.168.1.1 0.0.0.0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 eth0 80.9.9.0 0.0.0.0 255.255.0.0 eth1

When I do: dhclient eth1, my Slackware system adds a second default route, now for eth1, and it's not possible to connect to the Internet. So I remove it, right?

In /etc/lxc/default.conf:

lxc.network.type = veth lxc.network.link = br0 lxc.network.flags = up

In one of the lxc containers (/var/lib/lxc/alpine/config):

lxc.network.type = veth lxc.network.link = br0 lxc.network.flags = up

So, that the container gets the external IP of the second ISP.

Added these rules to the firewall for transmission:

iptables -A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -p udp --dport 51413 -j ACCEPT iptables -A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -p tcp --dport 9091 -j ACCEPT iptables -A OUTPUT -o eth1 -p udp --sport 51413 -j ACCEPT

I have some questions:

  1. what is the right route setup?

  2. What is wrong so that it's not possible to connect to the container from the Internet?

  3. Is this bridged mode the best one to have some containers sharing the eth1 connection? If other, how to?

Improve this question

1 Answer 1

Reset to default
1

Try router mode for the lxc's virtual NIC.

lxc.net.0.veth.mode = router

I recommend giving ther virtual NIC a consistent name

lxc.net.0.veth.pair = vethlxc

Now you can drop the dridge br0 and route & firewall as if it were another normal physical NIC.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.