Testing LXD containers
I’m creating my lab environment using the current technology available or that I know of:
- FreeBSD jails
- illumos zones (Using Omniosce)
- Linux LXD
This writeup will be about how I managed to setup LXD for running the same workloads.
Installation
I’ using voidlinux so lxd is already available as a package. Before running lxd init we will create a bridge so our containers have connectivity with the LAN. I have added this to rc.local
# Default rc.local for void; add your custom commands here.
#
# This is run by runit in stage 2 before the services are executed
# (see /etc/runit/2).
ip link add name br0 type bridge
ip link set dev br0 type bridge stp_state 1
ip link set dev br0 type bridge forward_delay 500
ip link set br0 up
ip link set dev eth0 up
ip link set eth0 master br0
ip addr add 192.168.1.15/24 brd + dev br0
ip route add default via 192.168.1.1
So when asked for a bridge pass this one (br0).
Creating a container
To create a container we just type :
lxc launch images:voidlinux <your container name>
I have an igb card with 4 ports, but I currently have available 2 so my intent is to pass 2 ports as I have done previously with FreeBSD jails and illumos zones to a container that will used to do nat.
Now we need to pass the physical device on the host (mine is igb2)
lxc config device add <your container name> eth1 nic nictype=physical parent=igb2 name=eth1
That’s all.
Services
I’m currently running minecraft bedrock, Neverwinter Nights and my blog, so I need to do nat and port forwarding on one container. These are my current rules to do part forwarding to the containers on the LAN.
bash-5.1# iptables-save
# Generated by iptables-save v1.8.7 on Tue Aug 24 13:22:07 2021
*filter
:INPUT ACCEPT [3874:228799]
:FORWARD ACCEPT [177548:67794102]
:OUTPUT ACCEPT [616:48871]
COMMIT
# Completed on Tue Aug 24 13:22:07 2021
# Generated by iptables-save v1.8.7 on Tue Aug 24 13:22:07 2021
*mangle
:PREROUTING ACCEPT [182900:68124031]
:INPUT ACCEPT [3874:228799]
:FORWARD ACCEPT [177548:67794102]
:OUTPUT ACCEPT [616:48871]
:POSTROUTING ACCEPT [178164:67842973]
COMMIT
# Completed on Tue Aug 24 13:22:07 2021
# Generated by iptables-save v1.8.7 on Tue Aug 24 13:22:07 2021
*raw
:PREROUTING ACCEPT [182900:68124031]
:OUTPUT ACCEPT [616:48871]
COMMIT
# Completed on Tue Aug 24 13:22:07 2021
# Generated by iptables-save v1.8.7 on Tue Aug 24 13:22:07 2021
*nat
:PREROUTING ACCEPT [2102:140353]
:INPUT ACCEPT [199:15769]
:OUTPUT ACCEPT [22:1364]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.151:80
-A PREROUTING -i eth1 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.1.151:443
-A PREROUTING -i eth1 -p tcp -m tcp --dport 9999 -j DNAT --to-destination 192.168.1.151:9999
-A PREROUTING -i eth1 -p udp -m udp --dport 5120:5300 -j DNAT --to-destination 192.168.1.150:5120-5300
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
# Completed on Tue Aug 24 13:22:07 2021
Packages installed
References
https://docs.voidlinux.org/config/containers-and-vms/lxc.html