[arch-general] Bridge interface with netctl

[Leonid Isaev]

On Tue, 25 Feb 2014 12:47:02 +0100
arnaud gaboury <arnaud.gaboury at gmail.com> wrote:

> Dear list,
> 
> I am messing with assigning a static IP on a systemd-nspawn container,
> on both sides (host,container).

You assign an IP address only inside the container.

> My idea is to first create a bridge (br0) on the host.
> [...]
> gabx at hortensia ➤➤ ~ % cat /etc/netctl/bridge-hortensia
> Description="Example Bridge connection"
> Interface=br0
> Connection=bridge
> BindsToInterfaces=enp7s0
> IP=no

This profile is wrong. Here is the right one:
---
$ cat /etc/netctl/lxc_lan_bridge
Description="LAN bridge for LXC containers"
Connection=bridge
Interface=br0
SkipNoCarrier="yes"
BindsToInterfaces=()
IP=static
Address=(10.137.0.1/24)
---
Also, since you are running systemd >= 209, you can use networkd. Here are the
config files:
---
$ cat /etc/systemd/network/lxc_bridge.netdev
[NetDev]
Name=br0
Kind=bridge
$ cat /etc/systemd/network/lxc_bridge.network 
[Match]
Name=br0

[Network]
Description=LAN bridge for LXC containers
DHCP=false

[Address]
Address=10.137.0.1/24
---

Now:
* Populate the iptables FORWARD chain to route traffic from your physical
interface to the bridge and back.
* Inside the container, get rid of dhcpcd, and use either networkd or netctl
to assign a static IP like you would do on a physical host.
* The simplest way to take care of DNS (that is without any additional host
configuration) is to use a static resolv.conf inside the container with a
public DNS service, e.g.
---
$ cat /var/lib/lxc/appserver1/rootfs/etc/resolv.conf 
nameserver 8.8.8.8
nameserver 8.8.4.4
---

Cheers,
-- 
Leonid Isaev
GPG key fingerprint: C0DF 20D0 C075 C3F1 E1BE  775A A7AE F6CB 164B 5A6D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20140225/7ed6a8e2/attachment.asc>