I have two sets of containers on a host, depicted as c1.* and c2.* below. Wondering what's the best way to connect them to the physical interface. Fill in the "?".
But I want to generally wall off the sets from each other. E.g., think of them as externally- and internally-visible servers, respectively. Also want to control traffic among each set. Generally, there may be a handful of sets, may be a dozen containers in a set. My approach would be to bridge them all together with the physical i/f, then separate them with ebtables (which I haven't used yet). Wondering if there's a more elegant approach, using...VLANs? multiple bridges? iptables? +-------------------------------+ | host | |+------+ | || |-----------+ | || c1.2 | eth0/.1.2 |----\ | || |-----------+ | | |+------+ | | |+------+ | | || |-----------+ | | || c1.3 | eth0/.1.3 |--\ | | || |-----------+ |-----------+ |+------+ ? --| eth0/.0.2 |----- |+------+ |-----------+ || |-----------+ | | | || c2.2 | eth0/.2.2 |--/ | | || |-----------+ | | |+------+ | | |+------+ | | || |-----------+ | | || c2.3 | eth0/.2.3 |----/ | || |-----------+ | |+------+ | +-------------------------------+ ------------------------------------------------------------------------------ Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
