Table of Contents
LXC - Profiles - Make your LXD containers get IP addresses from your LAN using macvlan
NOTE: Bridge profiles are often better than macvlan as they allow the host to be able to access the final Container, which macvlan profiles do not do with ease.
macvlan can be seen by the host, if the host is set to Promiscuous mode.
By default, all containers run hidden in a private network on the host.
- The containers are not accessible from the local network, nor from the Internet.
- They have network access to the Internet through the host; which is NAT networking.
An option is to configure containers to receive an IP address from the LAN and be accessible on the LAN using macvlan (L2) virtual network interfaces, a feature provided by the Linux kernel.
List Existing LXD Profiles
lxc profile list
returns:
+------------+---------+ | NAME | USED BY | +------------+---------+ | default | 3 | +------------+---------+
NOTE: This shows that there is a single profile, called default, the default profile.
It is used by 3 LXD containers on this system.
Create a new macvlan profile
lxc profile create macvlan
returns:
Profile macvlan created
List the profiles again
lxc profile list
returns:
+------------+---------+ | NAME | USED BY | +------------+---------+ | default | 3 | +------------+---------+ | macvlan | 0 | +------------+---------+
NOTE: This now shows the newly created macvlan profile as well.
Show default settings of the new profile
lxc profile show macvlan
returns:
config: {} description: "" devices: {} name: macvlan used_by: []
Determine Default Network Route
Determine the default IP network on the host.
ip route show default 0.0.0.0/0
returns:
default via 192.168.1.1 dev br0 proto static
NOTE: This shows the default Network Device is br0.
Add the Network Device to the macvlan LXD profile
lxc profile device add macvlan eth0 nic nictype=macvlan parent=br0
returns:
Device eth0 added to macvlan
NOTE: The changes are:
- eth0 is added as the network interface for LXC.
- nictype is set to macvlan
- parent is set to br0.
Display details of the new macvlan profile
lxc profile show macvlan
returns:
config: {} description: "" devices: eth0: nictype: macvlan parent: br0 type: nic name: macvlan used_by: []
All Done!
Any containers created using this new profile will get an IP address from the DHCP server of the LAN.
WARNING: By using macvlan, your computer’s network interface will appear on the network to have more than one MAC address.
This is fine for Ethernet networks.
However, if your interface is a Wireless interface (with security like WPA/WPA2), then the access point will reject any other MAC addresses coming from your computer.
Therefore, all these will not work in that specific case.
NOTE: If your host is in a virtual machine, then it is likely that the VM software will block the DHCP requests of the containers.
To overcome this, configure the host virtual machine to allow Promiscuous mode, usually found in Network settings.