- & create a bridge
brctl addbr br0
( new method: ip link add br0 type bridge ) #iproute2
A DHCP server like Dnsmasq is run on the host to provide DHCP services and IPs from a preselected subnet range ie 10.0.3.0/24 to any connecting devices.
This is required so containers and VMs can get IPs on startup.
Without this you would need to setup networking manually for each container or VM.
IPtables rule to enable NAT masquerading (in > out)
- containers and VMs can access the Internet
iptables -t nat -A POSTROUTING -s 10.0.3.0/24 ! -d 10.0.3.0/24 -j MASQUERADE
Port forwarding traffic from a host port to a specific container port (PAT)
Typical example of a port forwarding command:
iptables -t nat -A PREROUTING -p TCP -i eth0 --dport 80 -j DNAT \
--to-destination 10.0.3.10:80
Host Bridge (Layer 2)
Instead of using the private NAT you can directly bridge one of your hosts physical network interfaces with a bridge to connect containers to it.(Assuming you have a Private IP range allocated. Or many IPv4 addresses...)
In case you don't have physical interface - you can bridge a tap device
with a DUMMY0 interface //see below
...(i knew there will be an usage for it@!)....
brctl addbr br0
brctl addif br0 eth0
#to list all active bridges
brctl showbr
with DHCP the /etc/networking/interfaces file of a container looks like this
auto eth0 iface eth0 inet dhcp
Ntwork interface is eth0. To set a static IP simply specify the IP address+mask+gw
and change dhcp to static as shown below
auto eth0 iface eth0 inet static address 10.0.4.10 gateway 10.0.4.1 netmask 255.255.255.0
==================================
To be continued...
No comments:
Post a Comment
Thank you for your comment. Will try to react as soon as possible.
Regards,
Networ King