squeeze container on a wheezy host

Notes on putting a Debian squeeze Linux Container on a Debian Wheezy host.

The requirement; the Squeeze system in the container runs a TCP/IP application that should be accessible only by the host.



Create a bridge between a dummy network interface and the network interface used by the container.

Load dummy module (with numdummies=1) at startup. 
# echo dummy >> /etc/modules


Install the Linux ethernet bridge utilities. 
# apt-get install bridge-utils


Add stanzas that create an inhost bridge that contains a dummy to /etc/network/interfaces 
auto dummy0
  iface dummy0 inet static

auto etherisland
  iface etherisland inet static
  address 172.16.17.18
  netmask 255.255.255.128
  bridge_ports dummy0
  bridge_stp  off
  bridge_waitport 0
  bridge_fd 0


Load one dummy interface and restart networking. 
# modprobe dummy
# /etc/init.d/networking restart




Install lxc and prerequisites. 
# apt-get install lxc
which also installs debootstrap libcap2-bin and libpam-cap.

Mount control groups hierarchy now and at boot. 
# mount /sys/fs/cgroup/
# echo "cgroup /sys/fs/cgroup  cgroup  defaults  0  0" >> /etc/fstab


Check your kernel for lxc support. 
# lxc-checkconfig


Get the squeeze template. 
# wget https://raw.githubusercontent.com/ipduh/lxc-squeeze/master/lxc-squeeze -O /usr/share/lxc/templates/lxc-squeeze


Allow execution to all. 
# chmod 755 /usr/share/lxc/templates/lxc-squeeze


Create the Squeeze Container. 
# lxc-create -n squeezie -t squeeze


Start the container in the background. 
# lxc-start -n squeezie -d


Console into the squeezie container. 
# lxc-console -n squeezie

Type <Ctrl+a q> to exit the console, <Ctrl+a Ctrl+a> to enter Ctrl+a itself

Debian GNU/Linux 6.0 squeezie tty1

squeezie login: root
Password: 
Linux squeezie 3.2.0-4-amd64 #1 SMP Debian 3.2.63-2 x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.

root@squeezie:~#
The password set by the template is squeezie.
Alternatively, you may ssh to squeezie from the host.

Change the root password 
root@squeezie:~# passwd
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully


Give Temporary Internet Connectivity to the Squeeze Container. 
root@squeezie:~# route add default gw 172.16.17.18
and in the host 
# echo 1 > /proc/sys/net/ipv4/ip_forward
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE -s 172.16.17.0/25
To disable the Internet Connectivity reset your Firewall e.g. 
# /etc/bif


Forward the application's TCP ports e.g. for port 80 and port 443. 
# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 172.16.17.16:80
# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to 172.16.17.16:443




Squeeze LXC on Wheezy

Labels: , , ,