ubuntu@ip-172-31-16-58:~$ brctl show
bridge name bridge id STP enabled interfaces
lxcbr0 8000.00163e000000 no vethRGKXHK
lxcbr0 is virtual bridg from LXC core model
LXC 預設 NAT (iptables) 檢查IP Table
ubuntu@ip-172-31-16-58:~$ sudo iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 10.0.3.0/24 !10.0.3.0/24
MASQUERADE=IP 偽裝(IP MAsquerading), 將內部VM private IP transfer成連結外部網路的IP address.
LXC 預設 DHCP Server and DNS Cache Server (dnsmasq)
ubuntu@ip-172-31-16-58:~$ ps aux | grep dnsmasq
lxc-dns+ 5679 0.0 0.0 49984 380 ? S 07:08 0:00 dnsmasq -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file=/run/lxc/dnsmasq.pid --listen-address 10.0.3.1 --dhcp-range 10.0.3.2,10.0.3.254 --dhcp-lease-max=253 --dhcp-no-override --except-interface=lo --interface=lxcbr0 --dhcp-leasefile=/var/lib/misc/dnsmasq.lxcbr0.leases --dhcp-authoritative
ubuntu 29294 0.0 0.0 12944 944 pts/0 S+ 08:39 0:00 grep --color=auto dnsmasq
ubuntu@ip-172-31-16-58:~$
內部VM private IP: 10.0.3.2 - 10.0.3.254
內部 Private Network Default Gateway:10.0.3.1
可修改預設虛擬網路架構Edit /etx/default/lxc-net
ubuntu@ip-172-31-16-58:~$ more /etc/default/lxc-net
:::
# bridge, or mavlan to your host's NIC.
USE_LXC_BRIDGE="true"
# If you change the LXC_BRIDGE to something other than lxcbr0, then
# you will also need to update your /etc/lxc/default.conf as well as the
# configuration (/var/lib/lxc/<container>/config) for any containers
# already created using the default config to reflect the new bridge
# name.
# If you have the dnsmasq daemon installed, you'll also have to update
# /etc/dnsmasq.d/lxc and restart the system wide dnsmasq daemon.
LXC_BRIDGE="lxcbr0"
LXC_ADDR="10.0.3.1"
LXC_NETMASK="255.255.255.0"
LXC_NETWORK="10.0.3.0/24"
LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
LXC_DHCP_MAX="253"
# Uncomment the next line if you'd like to use a conf-file for the lxcbr0
# dnsmasq. For instance, you can use 'dhcp-host=mail1,10.0.3.100' to have
# container 'mail1' always get ip address 10.0.3.100.
#LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf
可修改預設虛擬網路架構Edit /etx/default/lxc-net
ubuntu@ip-172-31-16-58:~$ more /etc/default/lxc-net
:::
# bridge, or mavlan to your host's NIC.
USE_LXC_BRIDGE="true"
# If you change the LXC_BRIDGE to something other than lxcbr0, then
# you will also need to update your /etc/lxc/default.conf as well as the
# configuration (/var/lib/lxc/<container>/config) for any containers
# already created using the default config to reflect the new bridge
# name.
# If you have the dnsmasq daemon installed, you'll also have to update
# /etc/dnsmasq.d/lxc and restart the system wide dnsmasq daemon.
LXC_BRIDGE="lxcbr0"
LXC_ADDR="10.0.3.1"
LXC_NETMASK="255.255.255.0"
LXC_NETWORK="10.0.3.0/24"
LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
LXC_DHCP_MAX="253"
# Uncomment the next line if you'd like to use a conf-file for the lxcbr0
# dnsmasq. For instance, you can use 'dhcp-host=mail1,10.0.3.100' to have
# container 'mail1' always get ip address 10.0.3.100.
#LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf
:::
可新建使用自訂的Virtual Bridge => skip
可讓LXC Virtual Machine獨佔實體網路卡 => skip AWS instance只有一張NIC,可加
可新建使用自訂的Virtual Bridge => skip
可讓LXC Virtual Machine獨佔實體網路卡 => skip AWS instance只有一張NIC,可加
沒有留言:
張貼留言