Category Archives: En-Route

When I am on my way, I will post updates here and eventually sort them into better categories later…

Network setup for LXC to avoid loss of dedicated IPs in subnets

LXC uses bridges for communication between host and containers. To avoid losing IP addresses for network, gateway and broadcast address, you need to setup your containers using the pointopoint-option (not pointtopoint!!!). To be able to firewall your containers’ communication from the host, you will need to setup one bridge per virtual host.

Here is a working setup:

Your containers have IP addresses in the form of 11.22.33.ZZ .
You use a private point-to-point subnet in the form 172.16.ZZ.1 .

On the host:

/etc/network/interfaces
auto brZZ
iface brZZ inet static
address 172.16.ZZ.1
netmask 255.255.255.0
bridge_ports none
bridge_fd 0
bridge_maxwait 0
post-up ip route add 11.22.33.ZZ/32 dev brZZ

The LXC container configuration contains the following:
lxc.utsname = hostname
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = brZZ
lxc.network.name = eth0
.
.
.

On the container:

/etc/network/interfaces
auto eth0
iface eth0 inet static
address 11.22.33.ZZ
netmask 255.255.255.255
pointopoint 172.16.ZZ.1
gateway 172.16.ZZ.1

If you want to use services on the host computer, it will appear as the gateway IP, i.e. 172.16.ZZ.1 . Connect to the host computer with that IP address. Connects from there will appear as coming from that IP address, too.

pfSense – make tftpd work

In the file /usr/local/pkg/tftp.inc add -w and -s options so it looks like this:

/* add tftp daemon */
fwrite($inetd_fd, "tftp\t\tdgram\tudp\twait\t\troot\t/usr/libexec/tftpd\ttftpd -w -s /tftpboot\n");

and you will be able to write new files into the /tftpboot directory of the server!