05.07.2010 22:07, Whit Blauvelt пишет: > The examples I have found are along the lines of: Here's how to start a > container, bridge it to a NIC which has a single IP assigned, ssh to it ... > and the examples stop there. What I'd like to achieve is a setup where, say, > a box with 6 IPs on an external network - on eth0 before bridging (or its > alternatives) - can have 5 of those IPs each dedicated to different single > container. I have a setup similar to that you describe. It's a bit hackish, but I like it's transparency and isolation capabilities (so I can leave CAP_NET_RAW and CAP_NET_ADMIN for containers). It looks like that: For the host: host # ip addr add 1.1.128.2/20 dev eth0 host # route add -net default gw 1.1.128.1 For lxc1: host # cat /etc/lxc/lxc1/config | grep net lxc.network.type = veth lxc.network.veth.pair = lxc1_veth0 lxc.network.flags = up host # arp -Ds 1.1.128.3 eth0 pub host # arp -Ds 1.1.128.4 eth0 pub host # arp -Ds 1.1.128.5 eth0 pub host # arp -Ds 1.1.128.6 eth0 pub host # sysctl -w net.ipv4.conf.lxc1_veth0.proxy_arp = 1 host # ip addr add 10.0.1.1/24 dev lxc1_veth0 host # route add -host 1.1.128.3 gw 10.0.1.2 host # route add -host 1.1.128.4 gw 10.0.1.2 host # route add -host 1.1.128.5 gw 10.0.1.2 host # route add -host 1.1.128.6 gw 10.0.1.2 lxc1 # ip addr add 10.0.1.2/24 dev lxc1_veth0 lxc1 # ip addr add 1.1.128.3/20 dev eth0 lxc1 # ip addr add 1.1.128.4/20 dev eth0 lxc1 # ip addr add 1.1.128.5/20 dev eth0 lxc1 # ip addr add 1.1.128.6/20 dev eth0 lxc1 # route add -net default gw 1.1.128.1 For lxc2: host # cat /etc/lxc/lxc2/config | grep net lxc.network.type = veth lxc.network.veth.pair = lxc2_veth0 lxc.network.flags = up host # arp -Ds 1.1.128.7 eth0 pub host # sysctl -w net.ipv4.conf.lxc2_veth0.proxy_arp = 1 host # ip addr add 10.0.2.1/24 dev lxc2_veth0 host # route add -host 1.1.128.7 gw 10.0.2.2 lxc2 # ip addr add 10.0.2.2/24 dev eth0 lxc2 # ip addr add 1.1.128.7/20 dev eth0 lxc2 # route add -net default gw 1.1.128.1 Hope it helps. Btw, I use custom udev scripts to do the host part, and stock init scripts inside the containers to do the lxc part. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers