Install LXC + Panel on Ubuntu 13.04 w/NAT
Sometimes OpenVZ is more than I want on a dedicated server. Sometimes I want a new kernel. LXC is container based “virtualization” that provides a native performance alongside the host operating system, much like OpenVZ does. Additionally, sometimes I want to separate the environment which houses my individual services but I don’t necessarily need a bunch of IPs. I might have ZNC in one, a web server in another, nothing that particularly conflicts, I just prefer the service isolation. This is how I achieve the result that I desire.
Here is a look at the web based administration panel that you will be working with.
On a fresh installation of Ubuntu 13.04, run the following command:
apt-get update && apt-get -y upgrade && apt-get -y install lxc
After this finishes, it’s time to install LXC Web Panel.
wget http://lxc-webpanel.github.io/tools/install.sh -O – | bash
Once this installs, visit http://[your IP or hostname]:5000 and login with the credentials below.
Obviously you are going to want to change that inside the panel. While I enjoy writing, I am going to intentionally leave out how to create a new LXC container inside this web interface. I’ll give you a hint, it involves “Create CT.”
LXC Web Panel is going to create a new container for you with an internal IP address. Use the following guide:
[one] – Port to forward to the container.
[two] – Your primary network interface. Usually eth0 or eth1.
[three] – The IP of the container.
[four] – The port you want to send the traffic to on the container.
To replace the correct parts of the following iptables command:
iptables -t nat -A PREROUTING -m tcp -p tcp –dport [one] -j DNAT -i [two] –to-destination [three]:[four]
For example, if my LXC container is 10.0.1.3 and I want to forward web requests, on port 80, to the container, I would use the following:
iptables -t nat -A PREROUTING -m tcp -p tcp –dport 80 -j DNAT -i eth0 –to-destination 10.0.1.3:80
Now here’s the fun part. How do we control the container via command line? Here’s the most useful ones for basic functionality.
lxc-attach —-name [container name]
lxc-start —-name [container name]
lxc-stop —-name [container name]
Questions? Things that should be added? Feel free to add it in the comments!