add linux lxc networking
This commit is contained in:
131
tech_docs/linux/linux_lxc_networking.md
Normal file
131
tech_docs/linux/linux_lxc_networking.md
Normal file
@@ -0,0 +1,131 @@
|
||||
Got it, Jason. Let's take a more foundational approach to understanding Linux networking concepts, focusing on bridging your Cisco networking knowledge with Linux networking principles.
|
||||
|
||||
### Basic Concepts of Linux Networking
|
||||
|
||||
#### 1. **Network Interfaces**
|
||||
Linux systems have multiple network interfaces, similar to physical and virtual interfaces on Cisco devices. These interfaces can be physical (e.g., `eth0`, `wlan0`) or virtual (e.g., `lo` for loopback, `veth` for virtual Ethernet).
|
||||
|
||||
- **Physical Interface**: Represents a physical network card (NIC).
|
||||
- **Virtual Interface**: Used for virtual networking (e.g., `br0` for a bridge, `tun0` for a tunnel).
|
||||
|
||||
#### 2. **IP Addressing**
|
||||
IP addresses are assigned to interfaces, just like in Cisco devices. You can use the `ip` command (or older `ifconfig` command) to view and configure IP addresses.
|
||||
|
||||
```bash
|
||||
# View IP addresses
|
||||
ip addr show
|
||||
|
||||
# Assign IP address
|
||||
sudo ip addr add 192.168.1.10/24 dev eth0
|
||||
|
||||
# Bring up the interface
|
||||
sudo ip link set dev eth0 up
|
||||
```
|
||||
|
||||
#### 3. **Routing**
|
||||
Routing in Linux can be managed using the `ip` command. The routing table determines where packets are forwarded.
|
||||
|
||||
```bash
|
||||
# View routing table
|
||||
ip route show
|
||||
|
||||
# Add a static route
|
||||
sudo ip route add 10.0.0.0/24 via 192.168.1.1 dev eth0
|
||||
```
|
||||
|
||||
#### 4. **Firewall and NAT**
|
||||
Linux uses `iptables` (or `nftables` in newer systems) for firewall rules and Network Address Translation (NAT). This is akin to ACLs and NAT rules on Cisco devices.
|
||||
|
||||
```bash
|
||||
# View current firewall rules
|
||||
sudo iptables -L
|
||||
|
||||
# Add a simple firewall rule
|
||||
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
|
||||
|
||||
# Save iptables rules
|
||||
sudo iptables-save > /etc/iptables/rules.v4
|
||||
```
|
||||
|
||||
### Bridging and Virtual Networks
|
||||
|
||||
For LXC (Linux Containers) or any containerization, you often deal with bridging, similar to VLANs and sub-interfaces on Cisco devices.
|
||||
|
||||
#### 1. **Creating a Network Bridge**
|
||||
A bridge allows you to connect multiple network segments at the data link layer.
|
||||
|
||||
```bash
|
||||
# Create a new bridge
|
||||
sudo ip link add name br0 type bridge
|
||||
|
||||
# Add an interface to the bridge
|
||||
sudo ip link set eth0 master br0
|
||||
|
||||
# Bring up the bridge
|
||||
sudo ip link set dev br0 up
|
||||
```
|
||||
|
||||
#### 2. **Using Bridge for Containers**
|
||||
You can attach containers to this bridge, so they communicate as if they are on the same network segment.
|
||||
|
||||
```bash
|
||||
# Assign the bridge to a container (example using LXC config file)
|
||||
lxc.network.type = veth
|
||||
lxc.network.link = br0
|
||||
lxc.network.flags = up
|
||||
```
|
||||
|
||||
### Port Forwarding and NAT
|
||||
|
||||
Port forwarding is used to forward traffic from one IP:port to another, similar to NAT on Cisco devices.
|
||||
|
||||
#### 1. **Basic Port Forwarding with `iptables`**
|
||||
|
||||
```bash
|
||||
# Forward traffic from 192.168.1.10:81 to 10.0.0.1:80
|
||||
sudo iptables -t nat -A PREROUTING -d 192.168.1.10 -p tcp --dport 81 -j DNAT --to-destination 10.0.0.1:80
|
||||
|
||||
# Allow forwarding
|
||||
sudo iptables -A FORWARD -p tcp -d 10.0.0.1 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
|
||||
|
||||
# Masquerade outgoing packets
|
||||
sudo iptables -t nat -A POSTROUTING -j MASQUERADE
|
||||
```
|
||||
|
||||
### Example Setup: Port Forwarding for LXC Containers
|
||||
|
||||
Let's put this all together with an example where you forward ports to LXC containers running Apache.
|
||||
|
||||
1. **Set Up the Bridge**:
|
||||
|
||||
```bash
|
||||
# Create a bridge
|
||||
sudo ip link add name br0 type bridge
|
||||
sudo ip addr add 192.168.1.1/24 dev br0
|
||||
sudo ip link set br0 up
|
||||
```
|
||||
|
||||
2. **Configure LXC Containers**:
|
||||
- Ensure LXC containers are connected to `br0`.
|
||||
- Assign IP addresses within the `192.168.1.0/24` range to the containers.
|
||||
|
||||
3. **Port Forwarding Rules**:
|
||||
|
||||
```bash
|
||||
# Forward traffic to container 1 (192.168.1.10:80)
|
||||
sudo iptables -t nat -A PREROUTING -d 192.168.1.1 -p tcp --dport 81 -j DNAT --to-destination 192.168.1.10:80
|
||||
|
||||
# Forward traffic to container 2 (192.168.1.11:80)
|
||||
sudo iptables -t nat -A PREROUTING -d 192.168.1.1 -p tcp --dport 82 -j DNAT --to-destination 192.168.1.11:80
|
||||
|
||||
# Allow forwarding
|
||||
sudo iptables -A FORWARD -p tcp -d 192.168.1.10 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
|
||||
sudo iptables -A FORWARD -p tcp -d 192.168.1.11 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
|
||||
|
||||
# Masquerade outgoing packets
|
||||
sudo iptables -t nat -A POSTROUTING -j MASQUERADE
|
||||
```
|
||||
|
||||
### Summary
|
||||
|
||||
By understanding these core Linux networking concepts and commands, you can leverage your Cisco networking knowledge to effectively manage and configure Linux-based networks. This foundation will help you handle more advanced scenarios, like managing LXC containers and implementing complex port forwarding and NAT setups.
|
||||
Reference in New Issue
Block a user