Re: [lxc-users] networking and permissions questions
On Mon, Apr 27, 2015 at 8:05 PM, Fajar A. Nugraha wrote: > On Tue, Apr 28, 2015 at 6:53 AM, Joe McDonald wrote: >> 1) Do I need to specify this IP in both the >> config file and the rootfs/etc/network/interfaces file? >> Is there a better way to do this? > > IMHO the best way is on container's interfaces file Ah! So I don't need to specify IP in config, just in containers network/interface. I tried that and the double IP went away, also, lag time for ssh disappeared as well, could ssh in as soon as container was up. Thanks! > Long version: > There's a workaround that I posted sometime ago, which in essence does > NOT use bridging, but use routing + proxy_arp. However it currently > ONLY works on priviledged container (since it needs persistent veth > name on the host side, which is currently not possible for > unpriviledged containers) Hopefully this will be possible with unprivileged containers in the future as it would be handy. thanks, -joe ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] networking and permissions questions
On Tue, Apr 28, 2015 at 6:53 AM, Joe McDonald wrote: > 1) Do I need to specify this IP in both the > config file and the rootfs/etc/network/interfaces file? > Is there a better way to do this? IMHO the best way is on container's interfaces file > > 2) why does one container (ubsharedweb) show the same IP address twice? > try lxc-attach to that container, and do "ip ad li". My guess is there's some misconfiguration there, which makes it assign the same IP to multiple interfaces (e.g. eth0 and eth0:1) > 3) How is user lxcuser able to just take whatever IP's it wants? > I have: "lxcuser veth lxcbr0 100" in /etc/lxc/lxc-usernet That's the way bridging works. The same way a computer on your LAN can use whatever IP it wants on that LAN > So I'm guessing that is how it can do it, but how can I > constrain lxcuser to only use IP's within a certain range? Short version: you can't. Long version: There's a workaround that I posted sometime ago, which in essence does NOT use bridging, but use routing + proxy_arp. However it currently ONLY works on priviledged container (since it needs persistent veth name on the host side, which is currently not possible for unpriviledged containers) -- Fajar ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users