Using LXD containers

2021-08-23
3 min read

Testing LXD containers

I’m creating my lab environment using the current technology available or that I know of:

  • FreeBSD jails
  • illumos zones (Using Omniosce)
  • Linux LXD

This writeup will be about how I managed to setup LXD for running the same workloads.

Installation

I' using voidlinux so lxd is already available as a package. Before running lxd init we will create a bridge so our containers have connectivity with the LAN. I have added this to rc.local

# Default rc.local for void; add your custom commands here.
#
# This is run by runit in stage 2 before the services are executed
# (see /etc/runit/2).
ip link add name br0 type bridge
ip link set dev br0 type bridge stp_state 1
ip link set dev br0 type bridge forward_delay 500
ip link set br0 up
ip link set dev eth0 up
ip link set eth0 master br0
ip addr add 192.168.1.15/24 brd + dev br0
ip route add default via 192.168.1.1

So when asked for a bridge pass this one (br0).

Creating a container

To create a container we just type :

lxc launch images:voidlinux <your container name>

I have an igb card with 4 ports, but I currently have available 2 so my intent is to pass 2 ports as I have done previously with FreeBSD jails and illumos zones to a container that will used to do nat.

Now we need to pass the physical device on the host (mine is igb2)

lxc config device add <your container name> eth1 nic nictype=physical parent=igb2 name=eth1

That’s all.

Services

I’m currently running minecraft bedrock, Neverwinter Nights and my blog, so I need to do nat and port forwarding on one container. These are my current rules to do part forwarding to the containers on the LAN.

bash-5.1# iptables-save
# Generated by iptables-save v1.8.7 on Tue Aug 24 13:22:07 2021
*filter
:INPUT ACCEPT [3874:228799]
:FORWARD ACCEPT [177548:67794102]
:OUTPUT ACCEPT [616:48871]
COMMIT
# Completed on Tue Aug 24 13:22:07 2021
# Generated by iptables-save v1.8.7 on Tue Aug 24 13:22:07 2021
*mangle
:PREROUTING ACCEPT [182900:68124031]
:INPUT ACCEPT [3874:228799]
:FORWARD ACCEPT [177548:67794102]
:OUTPUT ACCEPT [616:48871]
:POSTROUTING ACCEPT [178164:67842973]
COMMIT
# Completed on Tue Aug 24 13:22:07 2021
# Generated by iptables-save v1.8.7 on Tue Aug 24 13:22:07 2021
*raw
:PREROUTING ACCEPT [182900:68124031]
:OUTPUT ACCEPT [616:48871]
COMMIT
# Completed on Tue Aug 24 13:22:07 2021
# Generated by iptables-save v1.8.7 on Tue Aug 24 13:22:07 2021
*nat
:PREROUTING ACCEPT [2102:140353]
:INPUT ACCEPT [199:15769]
:OUTPUT ACCEPT [22:1364]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.151:80
-A PREROUTING -i eth1 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.1.151:443
-A PREROUTING -i eth1 -p tcp -m tcp --dport 9999 -j DNAT --to-destination 192.168.1.151:9999
-A PREROUTING -i eth1 -p udp -m udp --dport 5120:5300 -j DNAT --to-destination 192.168.1.150:5120-5300
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
# Completed on Tue Aug 24 13:22:07 2021

Packages installed

References

https://docs.voidlinux.org/config/containers-and-vms/lxc.html