On Wednesday 12 Mar 2014 15:20:01 arnaud gaboury wrote: > > Can I ask you both why you chose this route of creating a private network? > > As far as I can tell, by default systemd-spawn will allow the container > > to use the host's interface. I would have thought that would be adequate > > for most usecases? > > > > Paul > > My first tests with nspwan/networkd, with a very minimal configuration > (just one eth netcl profile) left me with a working network on > container, but as you said, the container was using host interface > (enp7s0 in my case). Thus, same IP for both and no container network > "isolation". > > From SYSTEMD-NSPAWN(1) > > --private-network > Disconnect networking of the container from the host. This > makes all network > interfaces unavailable in the container, with the exception > of the loopback device and > those specified with --network-interface= and configured > with --network-veth. > > That is exactly what I wanted. In my case, as the container is aimed > at hosting various web apps with a static IP, I wanted to isolate the > container network from the host one. OK, so in fact you did have an extra requirement that you wanted to use a separate IP address in this container? Is that an important requirement? Also, as I stated earlier, I think you should be using --network-bridge, not --private-network. Paul
