Introduction

This quick how-to will illustrate the necessary steps to take, when you intend to connect your LXC container with its own IP address to an outside network. Here, the “routed”-method is presented, where the host actively routes traffic to the respective container.

If you want to use a network bridge on the host, you can find a guide on the “bridged”-method here.

This how-to assumes that LXC/LXD is already installed on your a Ubuntu based system and is configured to use a static IP address.

Step 1: Create a template routing profile

Before we can create the LXC container itself, we have to make sure to create a template for the networking profile beforehand. This template will be the “prototype” from which all later profiles will be created from.

lxc profile create routed

Now open this profile with your editor of choice. I am using nano here.

EDITOR=nano lxc profile edit routed

And provide the template with following payload:

name: routed
description: Route container traffic to host interface
config:
  user.network-config: |
    version: 2
    ethernets:
      eth0:
        addresses:
        - <YOUR-HOST-IP>/32
        nameservers:
          addresses:
          - <YOUR-DNS-IP>
        routes:
        - to: 0.0.0.0/0
          via: 169.254.0.1
          on-link: true
devices:
  eth0:
    type: nic
    nictype: routed
    parent: <YOUR-HOST-INTERFACE-NAME (eth0, ens18, etc.)>
    ipv4.address: <INTENDED-IP-OF-LXC-CONTAINER>
used_by: []

Please make sure to adjust the marked placeholders with appropriate values for your system. Proceed by saving and exiting the configuration file.

Step 2: Create an adjusted routing profile from the template

Now, as the template routing profile is configured, proceed to create a copy from it, which will serve as the actual configuration profile for your LXC container. Again, adjust the placeholder with a value suitable for your scenario.

lxc profile copy routed routed_<INTENDED-IP-OF-LXC-CONTAINER>
EDITOR=nano lxc profile edit routed_<INTENDED-IP-OF-LXC-CONTAINER>
name: routed_<INTENDED-IP-OF-LXC-CONTAINER>
description: Route container traffic to host interface
config:
  user.network-config: |
    version: 2
    ethernets:
      eth0:
        addresses:
        - <INTENDED-IP-OF-LXC-CONTAINER>/32
        nameservers:
          addresses:
          - <YOUR-DNS-IP>
        routes:
        - to: 0.0.0.0/0
          via: 169.254.0.1
          on-link: true
devices:
  eth0:
    type: nic
    nictype: routed
    parent: <YOUR-HOST-INTERFACE-NAME (eth0, ens18, etc.)>
    ipv4.address: <INTENDED-IP-OF-LXC-CONTAINER>
used_by: []

Now it is as simple as adjusting this copy of the original “prototype” routed file with the correct values for the upcoming LXC container.

Proceed by saving and exiting the configuration file.

Step 3: Create a LXC container with the routing profile

As the actual routing profile stands, you can create the LXC container itself:

lxc launch <IMAGE-NAME> <INTENDED-NAME-OF-LXC-CONTAINER> --profile default --profile routed_<INTENDED-IP-OF-LXC-CONTAINER>

Step 4: Finished!

That’s it! Now your LXC container should be up and running with its traffic routed through the host’s interface to the outside physical network.

Eero Kaan

Leave a Reply

Your email address will not be published. Required fields are marked *

— Previous arcticle

Fix OpenWrt's WireGuard blocking other Zones

Next arcticle —

Install apcupsd within a LXC Container

You May Also Like