Container Private Network
Last updated
Last updated
The container can be configured to have a independent public IP address (fully bridged), a private internal IP (internal NAT) or both. All options have Pros/Cons and need to be considered for final deployment.
A common setup is to have the container entirely private using nginx as a proxy or iptables to port forward to the container.
Block diagram below shows Private only Network Topology
With external access using NGINX proxy such as below.
Or use iptables to port forward packets thru the NAT, such as below
To enable the NATed bridge between man0 (public) network and the fmad0 (private)network the following IPTables config needs to be set
Alternatively the following /opt/fmadio/etc/iptables.conf file can be used (requires a system reboot or iptables-restore) to take effect
The above is general setup, to forward a specific port from the Host IP to the LXC container IP run as follows.
NOTE: if using 10G management interface replace man0 with man10
1) Forwarding port 9000 on the host to port 3000 on the LXC
(in this case LXC is configured as 192.168.255.191)
Container network settings need to be the following
List of private container addresses
192.168.255.2
FMADIO Host
FMADIO Host IP Address
192.168.255.10
FShark
FMADIO Internal Wireshark Lite
192.168.255.100
Ubuntu Desktop
Ubuntu Desktop
192.168.255.110
Elastic Search 7.x
Elastic Search 7.x Container
192.168.255.111
Elastic Search 8.x
Elastic Search 8.x Container
192.168.255.120
Suricata 6.x
Suricata 6.x Container (CentOS)
192.168.255.130
Zeek
Zeek Container (CentOS)