The requirement; the Squeeze system in the container runs a TCP/IP application that should be accessible only by the host.
Create a bridge between a dummy network interface and the network interface used by the container.
Load dummy module (with numdummies=1) at startup.
# echo dummy >> /etc/modules
Install the Linux ethernet bridge utilities.
# apt-get install bridge-utils
Add stanzas that create an inhost bridge that contains a dummy to /etc/network/interfaces
auto dummy0 iface dummy0 inet static auto etherisland iface etherisland inet static address 172.16.17.18 netmask 255.255.255.128 bridge_ports dummy0 bridge_stp off bridge_waitport 0 bridge_fd 0
Load one dummy interface and restart networking.
# modprobe dummy # /etc/init.d/networking restart
Install lxc and prerequisites.
# apt-get install lxcwhich also installs debootstrap libcap2-bin and libpam-cap.
Mount control groups hierarchy now and at boot.
# mount /sys/fs/cgroup/ # echo "cgroup /sys/fs/cgroup cgroup defaults 0 0" >> /etc/fstab
Check your kernel for lxc support.
# lxc-checkconfig
Get the squeeze template.
# wget https://raw.githubusercontent.com/ipduh/lxc-squeeze/master/lxc-squeeze -O /usr/share/lxc/templates/lxc-squeeze
Allow execution to all.
# chmod 755 /usr/share/lxc/templates/lxc-squeeze
Create the Squeeze Container.
# lxc-create -n squeezie -t squeeze
Start the container in the background.
# lxc-start -n squeezie -d
Console into the squeezie container.
# lxc-console -n squeezie Type <Ctrl+a q> to exit the console, <Ctrl+a Ctrl+a> to enter Ctrl+a itself Debian GNU/Linux 6.0 squeezie tty1 squeezie login: root Password: Linux squeezie 3.2.0-4-amd64 #1 SMP Debian 3.2.63-2 x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. root@squeezie:~#The password set by the template is squeezie.
Alternatively, you may ssh to squeezie from the host.
Change the root password
root@squeezie:~# passwd Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
Give Temporary Internet Connectivity to the Squeeze Container.
root@squeezie:~# route add default gw 172.16.17.18and in the host
# echo 1 > /proc/sys/net/ipv4/ip_forward # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE -s 172.16.17.0/25To disable the Internet Connectivity reset your Firewall e.g.
# /etc/bif
Forward the application's TCP ports e.g. for port 80 and port 443.
# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 172.16.17.16:80 # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to 172.16.17.16:443
Squeeze LXC on Wheezy
