...
| Warning |
|---|
Make sure to change the password or better remove the default ubuntu account generated by the lxc creation script before making the container accessible to the Internet. |
UFW
UFW in the Host
UFW is a great simple firewall, but at this point I do not recommend installing on your host if you intend to use port forwarding as there may be conflicts. Second, port forwarding using UFW is overly complex and seems like a hack versus it being very simple with IP Tables.
...
Notice that the MAC address is locally generated. This interface is actually not directly used and the MAC address will not actually register with anything. I am uncertain if it mattermatters, so I have put in a static rather than generated MAC address out of preference (I don't like the idea of it changing on every boot). Not using a MAC address at all here might work . Let too. If you the reader has time, let me know.
This macvlan0 is a placeholder on the host that will be used by a container interface. I have only purchased one additional static IP address so not all scenarios are tested.
If somebody gets to step 2 in below chart, please fill out for me. Otherwise, I'll try myself using my home network which is not exactly the same thing.
| # | Host | container1 | container2 | Results |
|---|---|---|---|---|
| 1 | mvlan0 | connect to mvlan0 with static-IP-1 with container2 off | connect to mvlan0 with static-IP-1 with container1 off | success |
| 2 | mvlan0 | connect to mvlan0 with static-IP-1 with container2 on | connect to mvlan0 with static-IP-2 with container1 on | Not sure... I need to buy another static IP to test |
Scenario 1 basically shows that a macvlan in the host may be used by multiple containers as long as only one host is on at a time.
...