Routed (static) networking with lxc

Host configuration

We will call the veth interface veth0 for simplicity, although lxc names it vethXXXXX where XXXXX is a random string. It is assumed the primary network interface (WAN) on the host is eth0.

Once you have your container running, run the following commands

     ip addr add dev veth0 $HOSTIP/$HOSTNETMASK peer $GUESTIP/32

And finally you will need to enable ip forwarding on the host:

     echo 1 > /proc/sys/net/ipv4/ip_forward

or change the sysctl setting net.ipv4.ip_forward to 1 in sysctl.conf.

Guest configuration

All you need in the lxc configuration is

     lxc.network.type = veth

Don't set lxc.network.link

Then for routing

    ip addr add dev eth0 $GUESTIP/32 peer $HOSTIP/$HOSTNETMASK
    ip route add default via $HOSTIP

you will also probably need to set FORWARDing in iptables

Automating it all

Add to lxc configuration:

  lxc.network.script.up = /path/to/the/netup/script

create the script

  #!/bin/bash
  ip addr add dev $5 $HOSTIP/$HOSTNETMASK peer $GUESTIP

make the script executable
set the ip in your guest. For debian, netscripts seem to be buggy, so here is what I did in /etc/network/interfaces:

auto eth0
iface eth0 inet manual
    pre-up ip link set dev eth0 up
    up ip addr add dev eth0 $GUESTIP/32 peer $HOSTIP/$HOSTNETMASK
    post-up ip route add default via $HOSTIP
    pre-down ip addr del dev eth0 $GUESTIP/32
    down ip link set dev eth0 down

ipv6

first off you will need to enable forwarding ipv6 packets in the kernel:

    echo 1 > /proc/sys/net/ipv6/conf/all/forwarding

set up your ipv6 address on the host
get a routed ipv6 subnet
on the host:

  ip addr add dev $5 you:r:routed::1/64

and on the guest

  ip addr add you:r:routed::2/64 dev eth0
  ip route add default via you:r:routed::1/64 dev eth0

you will also need the ACCEPT the FORWARD chain in ip6tables

Random Rambling Earth: where poisoning the population is profitable