Activity - > Am I mistaken that the host shouldn’t be configured on the WAN interface?...

TCB13 , 5 months ago

Am I mistaken that the host shouldn’t be configured on the WAN interface? Can I solve this by passing the pci device to the VM, and what’s the best practice here?

Passing the PCI network card / device to the VM would make things more secure as the host won’t be configured / touching the network card exposed to the WAN. Nevertheless passing the card to the VM would make things less flexible and it isn’t required.

I think there’s something wrong with your setup. One of my machines has a br0 and a setup like yours. 10-enp5s0.network is the physical “WAN” interface:


<span style="color:#323232;">root@host10:/etc/systemd/network# cat 10-enp5s0.network
</span><span style="color:#323232;">[Match]
</span><span style="color:#323232;">Name=enp5s0
</span><span style="color:#323232;">
</span><span style="color:#323232;">[Network]
</span><span style="color:#323232;">Bridge=br0 # -> note that we're just saying that enp5s0 belongs to the bridge, no IPs are assigned here.
</span>


<span style="color:#323232;">root@host10:/etc/systemd/network# cat 11-br0.netdev
</span><span style="color:#323232;">[NetDev]
</span><span style="color:#323232;">Name=br0
</span><span style="color:#323232;">Kind=bridge
</span>


<span style="color:#323232;">root@host10:/etc/systemd/network# cat 11-br0.network
</span><span style="color:#323232;">[Match]
</span><span style="color:#323232;">Name=br0
</span><span style="color:#323232;">
</span><span style="color:#323232;">[Network]
</span><span style="color:#323232;">DHCP=ipv4 # -> In my case I'm also requesting an IP for my host but this isn't required. If I set it to "no" it will also work.
</span>

Now, I have a profile for “bridged” containers:


<span style="color:#323232;">root@host10:/etc/systemd/network# lxc profile show bridged
</span><span style="color:#323232;">config:
</span><span style="color:#323232;"> (...)
</span><span style="color:#323232;">description: Bridged Networking Profile
</span><span style="color:#323232;">devices:
</span><span style="color:#323232;">  eth0:
</span><span style="color:#323232;">    name: eth0
</span><span style="color:#323232;">    nictype: bridged
</span><span style="color:#323232;">    parent: br0
</span><span style="color:#323232;">    type: nic
</span><span style="color:#323232;">(...)
</span>

And one of my VMs with this profile:


<span style="color:#323232;">root@host10:/etc/systemd/network# lxc config show havm
</span><span style="color:#323232;">architecture: x86_64
</span><span style="color:#323232;">config:
</span><span style="color:#323232;">  image.description: HAVM
</span><span style="color:#323232;">  image.os: Debian
</span><span style="color:#323232;">(...)
</span><span style="color:#323232;">profiles:
</span><span style="color:#323232;">- bridged
</span><span style="color:#323232;">(...)
</span>

Inside the VM the network is configured like this:


<span style="color:#323232;">root@havm:~# cat /etc/systemd/network/10-eth0.network
</span><span style="color:#323232;">[Match]
</span><span style="color:#323232;">Name=eth0
</span><span style="color:#323232;">
</span><span style="color:#323232;">[Link]
</span><span style="color:#323232;">RequiredForOnline=yes
</span><span style="color:#323232;">
</span><span style="color:#323232;">[Network]
</span><span style="color:#323232;">DHCP=ipv4
</span>

Can you check if your config is done like this? If so it should work.