Hi all, I have a couple of VPSes (Xen and KVM based), in which I run LXC containers.
Currently I have a bridge device set up on the host (not bridged to the external network), and iptables to do firewalling and NAT as required. Here's my bridge setup, if that helps: ---------------8<------------ auto br0 iface br0 inet static bridge_ports none bridge_fd 0 bridge_maxwait 0 address 192.168.123.1 netmask 255.255.255.0 iface br0 inet6 static address fd49:5bcf:0bed:5d9c::1/64 ---------------8<------------ What I think doesn't work so well is attempting to filter traffic either between containers, or between a container and the host. Also, ISTR people saying iptables shouldn't be used on a bridge at all. So before I set up my next VPS (and possibly reconfigure my older one(s)), is there a better way I should be considering? Do I need to use ebtables on the bridge? Will that work between containers? Would I be better off using multiple bridges? As an aside, if I get access to VLANs from my provider (I don't think I've ever (successfully) configured VLANs on Linux before), I assume I can include a VLAN in each bridge, and I guess leave the default one out? Thanks, Richard
signature.asc
Description: OpenPGP digital signature
