old
/
syscom-dev-environment
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
syscom-dev-environment/outsider
History
Max Erenberg 4ab391e886 Add instructions for standalone bridge 2021-06-07 02:29:10 +00:00
..
README.md Add instructions for standalone bridge 2021-06-07 02:29:10 +00:00
main.yml trigger network handler before next task 2021-04-30 00:14:07 +00:00

README.md

Outsider container

So this container's a bit special - it represents a host which is not on the UW network. The motivation is to test software which have different privilege settings for people outside of the local network, e.g. Postfix.

The easiest way to do this, in my opinion, is to simply create a new bridge with a different subnet. Add the following to your /etc/network/interfaces:

auto lxcbr2
iface lxcbr2 inet static
    bridge_ports none
    bridge_fd 0
    bridge_maxwait 0
    address 192.168.101.1/24
    up iptables -t nat -C POSTROUTING -s 192.168.101.0/24 ! -o lxcbr2 -j MASQUERADE 2>/dev/null || \
       iptables -t nat -A POSTROUTING -s 192.168.101.0/24 ! -o lxcbr2 -j MASQUERADE
    down iptables -t nat -D POSTROUTING -s 192.168.101.0/24 ! -o lxcbr2 -j MASQUERADE 2>/dev/null || true

Then:

ifup lxcbr2

Installation

Once you have created the container, edit the following line in /var/lib/lxc/outsider/config:

lxc.net.0.link = lxcbr2

As usual, create the container, start it, and install python3. Now detach and run the playbook:

ansible-playbook main.yml