Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

setup lxc with a arch linux host and gentoo gest.... no net
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
jlm
n00b
n00b


Joined: 27 May 2018
Posts: 52
PostPosted: Tue Nov 05, 2024 10:38 pm    Post subject: setup lxc with a arch linux host and gentoo gest.... no net Reply with quote
Hi,
I run a small server, but the provider (gandi) only provide ubuntu, debian, arch and a few others images, but no gentoo :x
since I have really bad experiences with most debian/ubuntu, and none with arch, so I said myself "arch is popular, it's a source based distro... it's popular... lot of good reviews... (unlike gentoo...) let's give it a try!
even if it's systemd based, and that I don't like systemd...
ok... awfull... not as bad as debian/ubuntu... but all the package I need are in aur... this means that there is no automatic update, no dependency tracking... ok, each update is like a full install from scratch... I don't have time nor lust to do such work...
I asked several times the hosting service to provide gentoo, I use gentoo since years, it's not perfect, but the best linux distro I ever used, no need to wipe all configuration each XXX years because an update got bad, the doc is clear and ok, you have to read it and follow, but it works! I always found a way to recover if something goes bad, if there is some dependency issue...

so I got tired, and I said myself "ok let's run it in a container, like this I will have everything under gentoo and the arch will only be an useless shell"

I got my lxc container running stage3, but no network... since I want to run on gentoo openvpn, httpd, nextcloud, courrier-mta and bind I need to be able to forward the ports from the arch host to the gentoo guest.
so I think that a nat is no suitable (because of dnsmasq that will conflict with guest dhcpd for openvpn and bind... that will allow to assign names to my openvpn clients.... might be wrong) and gone to a bridge configuration

BUT.... last time I played with iptable, was... long ago... and now, I only get headaches... since I will also need to play with iptables for allowing openvpn clients to reach the internet, it will also help me finish my setup....

right now I have an eth0 with a static ip V4 and V6 connected to internet (not displaying it here) let's says it's 123.456.789.012/22 and abcd:ef12::5bb/64

on the host, the lxc container create
Code:

16: gentoo_server@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether fe:4e:9e:bf:05:bb brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::fc4e:9eff:febf:5bb/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever

on the guest
Code:

2: eth0@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 8a:7b:a4:8e:7c:73 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.3.99/24 brd 0.0.0.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::887b:a4ff:fe8e:7c73/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever

gentoo_server@if2 and eth0@if16 are the 2 ends of the tunnel

looks like there is no route beween gentoo_server@if2 and eth0, even if there is a default route going through it....

so my questions, because I'm old :( and don't know the new ways do do things (last time I played with iptable, ip command didn't exist, it was ifconfig, most things were done in sysV RC scripts...), is
- how I can NAT the guest to access internet through eth0?
- how can I forward 80 and 443 port from host to guest? (openvpn forward after the https to apache), will have to do the same wih courrier-mta and bind later
- when he openvpn server will run on the guest (at this time both httpd and openvpn are on the host) it will create a vpn inside the host that will looks the same at the one
Code:

4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500
    link/none
    inet 10.8.0.1/24 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::802:b8a2:8fe2:4222/64 scope link stable-privacy proto kernel_ll
       valid_lft forever preferred_lft forever

with 10.8.0.0/24 beeing the vpn network, I will then have same nat to do (so in fact it will be a NAT into a NAT : from 10.8.0.0/24 to 192.168.3.0/24 then 192.168.3.0/24 to the outside world through 123.456.789.012/22

- there are also some openvpn clients that I want to be accessible, is there ways to do like httpd virtual hosts and use the dns name of the connection to route the trafic to the client (some kind of reverse nat) I can of course use different ports (the clients I want to access will only be accessible through ssh... so I can assing port 22221 to first client 22222 to second and so on... ) but could be great if I can reach them using the same port but by rules based on name)

and by the way, of course, to make things simple, on host it's systemd (arch), on guest it's openrc (gentoo)
ok now my brain is definitly out...
thanks a lot for the help!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy