Introduction

This quick how-to will illustrate the necessary steps to take, when you intend to connect your LXC Container with its own IP address to an outside network (i.e. how to bridge the container traffic to a physical network).

This how-to assumes that LXC/LXD is already installed on your a Ubuntu based system and is configured to use a static IP address.

Step 1: Create a Template Routing Profile

Before we can create the LXC container itself, we have to make sure to create a template for the networking profile beforehand. This template will be the “prototype” from which all later profiles will be created from.

lxc profile create routed

Now open this profile with your editor of choice. I am using nano here.

EDITOR=nano lxc profile edit routed

And provide the template with following payload:

name: routed
description: Route ContainerTraffic via HostInterface
config:
  user.network-config: |
    version: 2
    ethernets:
      eth0:
        addresses:
        - <YOUR-HOST-IP>/32
        nameservers:
          addresses:
          - <YOUR-GATEWAY-IP>
        routes:
        - to: 0.0.0.0/0
          via: 169.254.0.1
          on-link: true
devices:
  eth0:
    ipv4.address: <YOUR-HOST-IP>
    nictype: routed
    parent: <YOUR-HOST-INTERFACE-NAME (eth0, ens18, etc.)>
    type: nic
used_by: []

Please make sure to adjust the marked placeholders with appropriate values for your system. Proceed by saving and exiting the configuration file.

Step 2: Create an Adjusted Routing Profile from the Template

Now, as the template routing profile is configured, proceed to create a copy from it, which will serve as the actual configuration profile for your LXC container. Again, adjust the placeholder with a value suitable for your scenario.

lxc profile copy routed routed_<INTENDED-IP-OF-LXC-CONTAINER>
EDITOR=nano lxc profile edit routed_<INTENDED-IP-OF-LXC-CONTAINER>
name: routed_<INTENDED-IP-OF-LXC-CONTAINER>
description: Route ContainerTraffic via HostInterface
config:
  user.network-config: |
    version: 2
    ethernets:
      eth0:
        addresses:
        - <INTENDED-IP-OF-LXC-CONTAINER>/32
        nameservers:
          addresses:
          - <YOUR-GATEWAY-IP>
        routes:
        - to: 0.0.0.0/0
          via: 169.254.0.1
          on-link: true
devices:
  eth0:
    ipv4.address: <INTENDED-IP-OF-LXC-CONTAINER>
    nictype: routed
    parent: <YOUR-HOST-INTERFACE-NAME (eth0, ens18, etc.)>
    type: nic
used_by: []

Now it is as simple as adjusting this copy of the original “prototype” routed file with the correct values for the upcoming LXC container.

Proceed by saving and exiting the configuration file.

Step 3: Create a LXC Container with the Routing Profile supplied

As the actual routing profile stands, you can create the LXC container itself:

lxc launch <IMAGE-NAME> <INTENDED-NAME-OF-LXC-CONTAINER> --profile default --profile routed_<INTENDED-IP-OF-LXC-CONTAINER>

Step 4: Finished!

That’s it! Now your LXC container should be up and running with its traffic routed through the host’s interface to the outside physical network.

Eero Kaan

Leave a Reply

Your email address will not be published. Required fields are marked *

— Previous arcticle

Fix OpenWrt's WireGuard blocking other Zones

Next arcticle —

Install apcupsd within a LXC Container

You May Also Like