Container Private Network
Last updated
Last updated
The container can be configured to have a independent public IP address (fully bridged), a private internal IP (internal NAT) or both. All options have Pros/Cons and need to be considered for final deployment.
A common setup is to have the container entirely private using nginx as a proxy or iptables to port forward to the container.
Block diagram below shows Private only Network Topology
With external access using NGINX proxy such as below.
Or use iptables to port forward packets thru the NAT, such as below
To enable the NATed bridge between man0 (public) network and the fmad0 (private)network the following IPTables config needs to be set
Alternatively the following /opt/fmadio/etc/iptables.conf file can be used (requires a system reboot or iptables-restore) to take effect
The above is general setup, to forward a specific port from the Host IP to the LXC container IP run as follows.
NOTE: if using 10G management interface replace man0 with man10
1) Forwarding port 9000 on the host to port 3000 on the LXC
(in this case LXC is configured as 192.168.255.191)
Container network settings need to be the following
List of private container addresses
IP Address | Container | Description |
---|---|---|
192.168.255.2 | FMADIO Host | FMADIO Host IP Address |
192.168.255.10 | FShark | FMADIO Internal Wireshark Lite |
192.168.255.100 | Ubuntu Desktop | Ubuntu Desktop |
192.168.255.110 | Elastic Search 7.x | Elastic Search 7.x Container |
192.168.255.111 | Elastic Search 8.x | Elastic Search 8.x Container |
192.168.255.120 | Suricata 6.x | Suricata 6.x Container (CentOS) |
192.168.255.130 | Zeek | Zeek Container (CentOS) |