Running LXC Linux Containers on a laptop
Last updated: $Date: 2010-10-02 19:14:16 $
LXC Linux Containers provide operating system-level virtualisation right from a standard stock kernel.
LXC Linux Containers
LXC Linux Containers offer operating system-level virtualisation. This is a very lightweight and fast virtualisation solution. The great thing about LXC is that is part of the standard Linux kernel. So there is no need for patches. Another fine thing is that there is not very much needed to build a LXC host. The userspace utils are either small compiled C-programs or simple shellscripts.
This means you can run LXC containers without having to install Python or other stuff.
Setting up the network with br0 and wlan0
The containers connect to the network through a bridge. Most wifi interfaces have some problems becoming a network bridge. This is why we use NAT (network address translation).
Daniel Lezcano provided the small listing below, which makes setting up network for your containers very simple. Just put the following lines in your /etc/network/interfaces:
auto br0 iface br0 inet static address 172.20.0.1 netmask 255.255.255.0 bridge_stp off bridge_maxwait 5 pre-up /usr/sbin/brctl addbr br0 post-up /usr/sbin/brctl setfd br0 0 post-up /sbin/iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE post-up echo 1 > /proc/sys/net/ipv4/ip_forward
Restart the network with:
Give the LXC containers an address in the 172.20.0.xxx range and inside the container use 172.20.0.1 as the default gateway.
Because we use NAT the containers have to have their network addresses in a range that is different from your local network address range.
In the example above, the address range for the containers is 172.20.0.xxx , while for example the local network is on 192.168.1.xxx.
Connecting from a machine in your network
If you want to set up a connection from a different machine in your network than you have to add a route rule on that machine.
|the host (laptop)||192.168.1.3|
|the guest (lxc container)||172.20.0.2|
To set up a routing rule on the other machine, become root on the other machine and issue the routing rule:
route add -net 172.20.0.0 netmask 255.255.255.0 gw 192.168.1.3
This tells the other machine that in order to connect to machines in the 172.20.0.xxx range is has to use the laptop as a gateway.
The "normal" routing is not changed, so you can still connect to the internet from the other machine.