How about adding two NICs to the container: one for private networking (via lxdbridge) and one for public networking (via macvlan)?
> On May 31, 2017, at 10:31 PM, littlebat <dashing.m...@gmail.com> wrote: > > Hi, > Thanks for all of your help for building so cool thing - lxc. > > I have studied my question several days and searched many online resource, > but didn't resolve this. The detail is too long, I describe a brief version > below: > > I have a debian 9 host server installed lxc2 server, the host server has only > one pulic ipv4 address, suppose it is 8.8.8.8, and a public /64 subnet ipv6 > pool, suppose it is 8:8:8:8::/64, and the eth0 of host ipv6 is: > 8:8:8:8::1/64. > > My goal is building the lxc unprivileged container, with a private nat ipv4 > address, suppose it is 10.1.0.10, so I use ip forward to access container > from internet using public ipv4 plus port (suppose 8.8.8.8:2222 forward > to/from 10.1.0.10:22). And, at same time, I want assign container a public > ipv6 address or ipv6 subnet( /112, can it be public accessed? ), so I can > access container from internet using public ipv6(suppose 8:8:8:8::10/64 port > 22 or 8:8:8:8::10/112 port 22 ? ). For simplifing question, suppose only > assign a public ipv6 (not a public ipv6 subnet) address to the container. > > Util today, I can only setup both private nat ipv4(10.1.0.10) and private nat > ipv6(8:8:8:8::10/112) for the container, open ipv4 and ipv6 forward in > /etc/sysctl.conf, and using iptables and ip6tables to forward public traffic > to or from container(8.8.8.8:2222<->10.1.0.10:22, 8:8:8:8::1/64 port 2222 > <-> 8:8:8::10/112 port 22). This is done by create a "2. independent > bridge"(a different bridge out of thin air and link your containers together > on this bridge, but use forwarding to get it out on the internet or to get > traffic into it. debian wiki: https://wiki.debian.org/LXC/SimpleBridge). > reference: LXC host featuring IPv6 connectivity > https://blog.cepharum.de/en/post/lxc-host-featuring-ipv6-connectivity.html > > And, I can create a "1. host-shared bridge"(a bridge out of your main network > interface which will hold both the host's IP and the container's IP > addresses. debian wiki: https://wiki.debian.org/LXC/SimpleBridge). Then, I > can assign a public ipv6 address to the container. But, I can't assign a > private nat ipv4 address to the container now. So, it is no way to public > access container using ipv4 address(because the sole public ipv4 address only > avalable on host network card). > > My question is: > 1, Can I setup a private nat ipv4 and a public ipv6 address at same time for > a lxc2 container? > > 2, How to do it? > any idea or online resource link is welcome. > > thanks. > > ----- > > Dashing Meng > _______________________________________________ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users