LXC with bridged network

I usually show how to re-use libvirt’s bridge for lxc networking. And since generally I have libvirt installed anyway, it’s what I usually do. But if you don’t want to use libvirt, no big deal.

If you’re using a wired network, you can instead place that NIC on a bridge, and add your container NICs to the same bridge.

In this short post I’ll show how to bridge to a (non-wireless) NIC. In the next, longer post, I’ll show how to make your own NATed bridge to a wireless NIC.

If eth0 is the wired NIC and uses dhcp, you can use the following in /etc/network/interfaces to move it into a bridge:

auto eth0
iface eth0 inet static

auto br0
iface br0 inet dhcp
    bridge_ports eth0

Then your /etc/lxc.conf would read:


Now you can proceed with the usual container creation and management. Note that now the containers are not NATed or behind the host’s firewall (until you configure it so), which may be not as safe.

This entry was posted in Uncategorized and tagged , . Bookmark the permalink.

8 Responses to LXC with bridged network

  1. Roy Mathew says:

    Great concise writeup – thanks. nits: I think you mean “auto eth0” instead of “auto eth”. Also, you could use a Courier font for the lxc.conf stanza – it reads like bro on my browser..

  2. Ray Jender says:

    Did you ever write the “how to make your own NATed bridge to a wireless NIC”?.

    • s3hh says:

      Frankly I”m not sure whether I did that, but lxc in Ubuntu for years now automatically sets up lxcbr0 to be exactly that – a NATed bridge to your default route, including a wireless nic.

      So by default when you install lxc on a laptop and create a container with the default configuration, it will be networked and NATed over your wireless nic.

      • Ray Jender says:

        Thanks for that info. Maybe you can help with another routing issue I am having:
        I have created two containers. Each of the two containers
        can ping each other. Each of the containers can ping the host.
        The host can ping either container.

        The containers can ping other machines on the 192.168.1.x network.
        Both containes can ping http://www.yahoo.com.

        Here’s the difference: other machines on the 192.168.1.x network cannot ping either
        container, although they can ping the host.



  3. s3hh says:

    No, if you created both containers the same way, that’s pretty perplexing. Is this while both are up at the same time, or did you perchance shut one down before trying from the other to ping the host?

    I’d recommend sending an email to lxc-users@lists.linuxcontainers.org – what you describe shouldn’t happen.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s