Like 0
Fork 0

Last active 1772136841

admin revised this gist 1772136841. Go to revision

1 file changed, 95 insertions

assign_static_ip_nspawn_container.md(file created)

@@ -0,0 +1,95 @@
1 + # Assign static IP address to systemd-nspawn container (private networking mode)
2 +
3 + *([Get from here](https://gist.github.com/lamafab/a626cfe7be5e3c1ecfe06251ddab4130))*
4 +
5 + ## On the host
6 +
7 + Configure the host interface which will be exposed to the container.
8 +
9 + ```
10 + $ sudo cp /lib/systemd/network/80-container-ve.network /etc/systemd/network/80-container-<MY_CONTAINER>.network
11 + ```
12 +
13 + Modify the new file as desired:
14 +
15 + ```
16 + $ cat /etc/systemd/network/80-container-<MY_CONTAINER>.network
17 + [Match]
18 + Name=ve-my-container
19 + Driver=veth
20 +
21 + [Network]
22 + Address=192.100.100.1/24
23 + LinkLocalAddressing=yes
24 + DHCPServer=yes
25 + IPMasquerade=yes
26 + LLDP=yes
27 + EmitLLDP=customer-bridge
28 + ```
29 +
30 + Note that `Name` in `[Match]` must match the container interface displayed to you by `ip link` (remove the `@if2` suffix):
31 +
32 + ```
33 + $ ip link
34 + 1: ...
35 + 2: ...
36 + 3: ...
37 + 4: ve-my-container@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
38 + link/ether f2:93:48:9b:99:8c brd ff:ff:ff:ff:ff:ff link-netnsid 0
39 + ```
40 +
41 + Then specify your desired, static IP address in `[Network]`, **which represents the GATEWAY exposed to the container, NOT the container itself**. I chose `192.100.100.1/24`. Some other fields could probably be removed, but I'm leaving it as is.
42 +
43 + Finally, restart the networking service:
44 +
45 + ```
46 + $ sudo systemctl restart systemd-networkd
47 + ```
48 +
49 + ## In the container
50 +
51 + Set the static IP address of the container, and specify the Host/Gateway IP.
52 +
53 + **NOTE**: Make sure that `host0` matches the network interface displayed by `ip link`.
54 +
55 + ```
56 + $ sudo cp /lib/systemd/network/80-container-host0.network /etc/systemd/network/80-container-host0.network
57 + ```
58 +
59 + Modify the new file as desired:
60 +
61 + ```
62 + $ cat /etc/systemd/network/80-container-host0.network
63 + [Match]
64 + Virtualization=container
65 + Name=host0
66 +
67 + [Network]
68 + DNS=1.1.1.1
69 + Address=192.100.100.10/24
70 + Gateway=192.100.100.1
71 + ```
72 +
73 + `Address` specifies the **static IP address of the container**, where I chose `192.100.100.10` (`*.10` is the container IP, `*.1` is the host/gateway IP). Set a custom `DNS`, such as `8.8.8.8` (Google) or `1.1.1.1` (Cloudflare). **Note** that `Gateway` MUST match the IP address as specified in the host, as described above. Now, exit the container and restart it (from the host):
74 +
75 + ```
76 + $ sudo machinectl reboot my-container
77 + ```
78 +
79 + The container should now have a static IP address. For convenience, add it to `/etc/hosts` (which simplifies SSH access, for example):
80 +
81 + ```
82 + 192.100.100.10 my-container
83 + ```
84 +
85 + ## Note about firewalls:
86 +
87 + If your host has a (passive) firewall enabled, an additional rule is required (compatible with `ufw`). [Make sure you persist that rule](https://unix.stackexchange.com/questions/52376/why-do-iptables-rules-disappear-when-restarting-my-debian-system):
88 +
89 + ```
90 + $ sudo iptables -A FORWARD -i ve-+ -o internet0 -j ACCEPT
91 + ```
92 +
93 + Note that `internet0` is the **interface to the internet, from the host**. In my case, it's `enp82s0`.
94 +
95 + More info: https://wiki.archlinux.org/index.php/Systemd-nspawn#Use_a_virtual_Ethernet_link
Newer Older

Powered by Opengist Load: 30ms

English