OnWorks Linux and Windows Online WorkStations


Free Hosting Online for WorkStations

< Previous | Contents | Next >

6.4. Networking

By default LXC creates a private network namespace for each container, which includes a layer 2 networking stack. Containers usually connect to the outside world by either having a physical NIC or a veth tunnel endpoint passed into the container. LXC creates a NATed bridge, lxcbr0, at host startup. Containers created using the default configuration will have one veth NIC with the remote end plugged into the lxcbr0 bridge. A NIC can only exist in one namespace at a time, so a physical NIC passed into the container is not usable on the host.

It is possible to create a container without a private network namespace. In this case, the container will have access to the host networking like any other application. Note that this is particularly dangerous if the

container is running a distribution with upstart, like Ubuntu, since programs which talk to init, like shutdown, will talk over the abstract Unix domain socket to the host's upstart, and shut down the host.

To give containers on lxcbr0 a persistent ip address based on domain name, you can write entries to /etc/ lxc/dnsmasq.conf like:

dhcp-host=lxcmail, dhcp-host=ttrss,

If it is desirable for the container to be publicly accessible, there are a few ways to go about it. One is to use

iptables to forward host ports to the container, for instance

iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 587 -j DNAT \


Another is to bridge the host's network interfaces (see the Ubuntu Server Guide's Network Configuration chapter, Section 1.4, “Bridging” [p. 46]). Then, specify the host's bridge in the container configuration file in place of lxcbr0, for instance

lxc.network.type = veth lxc.network.link = br0

Finally, you can ask LXC to use macvlan for the container's NIC. Note that this has limitations and depending on configuration may not allow the container to talk to the host itself. Therefore the other two options are preferred and more commonly used.

There are several ways to determine the ip address for a container. First, you can use lxc-ls --fancy which will print the ip addresses for all running containers, or lxc-info -i -H -n C1 which will print C1's ip address. If dnsmasq is installed on the host, you can also add an entry to /etc/dnsmasq.conf as follows


after which dnsmasq will resolve C1.lxc locally, so that you can do:

ping C1 ssh C1

For more information, see the lxc.conf manpage as well as the example network configurations under /usr/ share/doc/lxc/examples/.

Top OS Cloud Computing at OnWorks: