Jelenlegi hely

Linux bridge interface (LXC, KVM)

Linux bridge network interface for LXC, KVM

https://serverfault.com/questions/612021/lxc-container-networking
https://www.linux-kvm.org/page/Networking


#> cat /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
TYPE=Bridge
BOOTPROTO=dhcp
ONBOOT=yes

#> cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
TYPE=Ethernet
IPV6INIT=no
USERCTL=no
BRIDGE=br0

Container config:

#> cat /usr/local/var/lib/lxc/cn-01/config
# Template used to create this container: /usr/local/share/lxc/templates/lxc-download
# Parameters passed to the template:
# For additional config options, please look at lxc.container.conf(5)

# Distribution configuration
lxc.include = /usr/local/share/lxc/config/ubuntu.common.conf
lxc.arch = x86_64

# Container specific configuration
lxc.rootfs = /usr/local/var/lib/lxc/cn-01/rootfs
lxc.utsname = cn-01

# Network configuration
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0

LXC default.confu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:12:30:f2 brd ff:ff:ff:ff:f

#> cat /usr/local/etc/lxc/default.conf
lxc.network.type = veth
lxc.network.link = br0
lxc.network.flags = up

Beállítások:

# hoszt:
sysctl -w net.ipv4.ip_forward=1 # allow forwarding of IPv4
route add -host < ip-of-client > dev < tap-device > # add route to the client

# guest:
# If the host is not on the same subnet as the guest, then you must manually add the route to the host before you create the default route:
#route add -host < ip-of-host > dev < network-interface >
route add default gw < ip-of-host >

Egy kis extra (talán működik?):
Ha a hoszt is egy virtuális gépben fut (pl. Virtualbox bridgelt nic!), akkor ott is kell:
route add -host < ip-of-vbox-vm > dev < if-of-lan > # add route

(https://wiki.linuxfoundation.org/networking/bridge)

Firewalld beállítás a hoszton:
https://superuser.com/questions/990855/configure-firewalld-to-allow-bridged-virtual-machine-network-access

firewall-cmd --permanent --direct --passthrough ipv4 -I FORWARD -i bridge0 -j ACCEPT
firewall-cmd --permanent --direct --passthrough ipv4 -I FORWARD -o bridge0 -j ACCEPT
firewall-cmd --reload

Theme by me