Pauperized

Fedora Lxc Host Network

Posted on Dec 29, 2023

Setting up Fedora Server to host linux containers that are exposed to the server’s network through bridging:

  • Bridge setup
  • LXC default configuration
  • Launching/editing the containers

Bridge setup

For enabling the containers to use the host’s network address (LAN), it is required to create a bridge to make the containers to use that.

In my existing server setup I was using a network interface directly connecting to my home router using the interface eno1 with the IP address 192.168.1.100

In Fedora, NetworkManager is used (primaraly I guess) for managing the network interfaces and links.

To create the bridge run the following:

nmcli con add ifname br0 type bridge con-name br0

This will create a br0 interface named br0 as well. To add the original network interface to the bridge run:

nmcli con add type bridge-slave ifname eno1 master br0

Then it comes the tricky part: to startup the new br0 by replacing the existing connection from a remote session. To do this, I’ve done it inside a tmux session so that if the connection is broken, the command isn’t interrupted:

nmcli con down wire; nmcli con up br0 || nmcli con up wire;

In my case, my original connection was called wire. So the commands above stops the original wire connection and then it tries to bring up the new bridge br0, if the later fails, it will restore back the wire connection.

If that was successful, not only the connection wasn’t broken but the server is connected through the new bridge:

$ nmcli con show --active
NAME                 UUID                                  TYPE      DEVICE
br0                  8fdbdcaf-0d1e-4730-95c8-3456fc7735e2  bridge    br0
bridge-slave-eno1-1  5995daaf-c82d-4081-98d3-71fd740a4c41  ethernet  eno1
$ ip a s br0
140: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether a8:a1:59:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.100/24 brd 192.168.1.255 scope global dynamic noprefixroute br0
       valid_lft 38323sec preferred_lft 38323sec
    inet6 fe80::e5c:6ea8:608c:6114/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

Finally to keep using the bridge as the default connection, the wire connection is disabled:

nmcli con modify wire connection.autoconnect no

LXC default configuration

LXC configuration is to be found in /etc/lxc/default.conf (use lxc-config lxc.default_config to find it).

Set the default network interface to use the bridge recently created

lxc.net.0.type = veth
lxc.net.0.link = br0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx

With this, every new container created shall use the same interface unless otherwise stated.

Launching/editing the containers

A small example:

lxc-create -n debian -t download -- -d debian
lxc-start -n debian
lxc-attach -n debian

To edit the container configuration:

lxc-stop debian
cd $(lxc-config lxc.lxcpath)/debian/
vim config